Network Security Part 3: What are Parallel Networks and How are They Used?

In this post I’m going to show by example how parallel networking works. Before I do, let me just make one point: Cradlepoint didn't invent parallel networking or another way of protecting data: “air-gapped” networks.

(The concept behind air-gapped networks is simple in theory, but difficult in practice—especially for  multinational corporations with thousands of retail locations: Use a computer that never receives files from or send files to the Internet. Ideally, this means a computer that’s not directly connected to the Internet, but has some secure way of sharing files with others. Experts such as Bruce Schneier of the Schneier on Security blog suggest that organizations such as classified military networks, nuclear power plant controls, medical equipment, avionics, and so on should use these networks. According to Schneier, Osama Bin Laden used one.”)

Cradlepoint got involved in parallel networking because two or three years ago a few large retailers approached us and said that they wanted to use our networking solution to provide connectivity for a specific application.  What started as a trickle became a flood as dozens and dozens of the leading retailers followed suit. These companies now use Cradlepoint to create independent networks that are completely separate from the corporate network.   (For more information of Monolithic Networks, see my Part 1 and Part 2 blog entries.)

Parallel Networking

For example, the largest big box retailer in the nation for home improvement realized that one of the easiest ways for systems to be hacked is from the inside. So it decided to completely separate its employee network from its secure point-of-sale network. It installed a Cradlepoint router and 4G network connections to establish a completely separate employee network.  It uses this network for company email, cloud-based H.R. applications, corporate training videos, and so on. There is no way for hackers to use the employee network to pivot into the POS network because there is no physical connection between the two.
 
Another example of parallel networking comes from a company that wanted to provide public WiFi but didn't want it to be on the same secure network as its point-of-sale devices. So it set up a separate Cradlepoint router using a 4G LTE connection specifically to serve the needs of customer WiFi.

An Iconic East Coast chain of full-service breakfast restaurants decided that rather than take everything else off of the secure point-of-sale network, it would take the point-of-sale devices off of the secured corporate network and attached them directly into Cradlepoint routers going up to 4G.  The POS devices are the only connections on this specific, parallel network.

Another of our larger customers sells and rents DVD movies out of red kiosks.  The company installed Cradlepoint routers in its kiosk to establish completely separate network connections.  The company has said that PCI compliance is their top concern—even more so that having DVDs in their kiosks.  This company is so heavily dependent on credit cards that it would shut down within weeks if it couldn't process these transactions.  Creating a parallel network demonstrates very strong PCI compliance.

One of the largest banks in the nation recently completed a roll-out of third-party digital signage in every one of its branch locations. Since it didn’t want the junior graphics designer to have to access the same network used for financial transactions, it installed Cradlepoint routers to establish a separate network just for managing and maintaining the digital signage.

Parallel networking is also being used to support the growing trend toward a “store-in-a-store.” Walk into any Wal-Mart, for instance, and you can’t help noticing how many other brands have set up little stores inside the Wal-Mart. By using Cradlepoint to establish parallel networks, these mini-stores can conduct business without encroaching on Wal-Mart’s network. These networks connect everything from kiosks that make greeting cards to pop-up tax preparation stations to outdoor recreational licensing machines.

For years, customers have been able to walk into a Wal-Mart, access an online state government system, and purchase hunting and fishing licenses.  The problem for Wal-Mart was that it had to trust the security of the state government system. Wal-Mart decided instead to work with state agencies to implement Cradlepoint-powered parallel networks to be used solely for processing the sale of these licenses.

The list of how companies are using parallel networks to improve security goes on and on. We’ve recently trademarked the term “BYON: Bring Your Own Network” to reflect that trend among retailers to require third-party vendors to provide their own networks as a condition of doing business.  Whether they are used to manage HVAC systems, energy management systems, or cameras and security systems, parallel networks enable companies with multiple remote locations to take full advantage of all the money-saving and customer-pleasing services they want—without putting the security of their financial and customer information at risk.

Retailers with multiple applications at multiple locations are asking questions like, "How can I take the non-essential or the non-secure applications off of my secure network? How can I simplify my network so that it's easier to monitor, easier to lock down, and easier to prevent hackers from crossing over from one application to another like they did at Target?” Using Cradlepoint to create parallel networks is a good answer.

Cradlepoint Network Security Series:

Part 1: Is Your Company Depending on a Monolithic Network?
Part 2: How a Monolithic Network Opened the Door to Target Data
Part 3: What are Parallel Networks and How are they Used?