Cradlepoint got its start six years ago by providing redundancy for companies with multiple remote locations. A good example is how, after Hurricane Katrina, one of the largest insurance companies in the nation bought 18,000 of our devices and installed them in every single one of their branch offices. By utilizing Cradlepoint to provide a cellular network-based failover solution to back up their primary Internet connection, the company took a big step forward toward protecting its business continuity.
Providing this kind of network redundancy continues to be a big driver of our business. But the fact is when you have that single connection or even a redundant connection going into a single router, you still have what we call a “monolithic network.” Many companies are using that one single network connection (with or without failover) to provide networking to all of the various services at their remote locations. These services can range from secure point-of-sale devices, to less-secure services like customer WiFi, to services that involve third parties. This last category can include anything from HVAC (heating and air conditioning controls), to energy management to digital signage, or to employee networks.
One of the issues that comes up when you have a monolithic network is that you need to have some very sharp security people in your IT department to be able to segment the network to accommodate all of these services—and to keep each network segment secure. When you hear words like VLAN and network segmentation, they refer to the practice of going into these monolithic networks and trying to carve them up and partition them in ways that maintain this security.
Here at Cradlepoint, we make it easier for network managers to create that kind of segmentation. We offer a combination of SSIDs, Ethernet ports, and VLANs tied to specific LANs. Even so, it can be very difficult to ensure that the segmentation is secure. It requires very careful up-front configuration and a great deal of meticulous, ongoing monitoring, maintenance, and configuration management. Even then, problems can arise. The recent Target breach is a case in point.
In my next blog, I’ll talk about how hackers took advantage of the problem of maintaining secure network segmentation to attack Target.