Multi-cloud Strategies Making DDI and DNS Cumbersome to Manage

As multi-cloud strategies gain traction, companies are finding that managing the DDI and DNS foundations of their network services is becoming increasingly complex, leading to operational challenges and inefficiencies.

Paul Wilcox, Infoblox’s VP for Asia-Pacific Japan, told TechRepublic that centralizing management across these different environments could help organizations better coordinate their security, network, and cloud teams. This strategy can also help to detect cyber threats earlier and discover problematic exposures, such as zombie servers.

DNS: An overlooked aspect of IT infrastructure and cybersecurity risk

DDI is shorthand for Domain Name System, Dynamic Host Configuration Protocol, and IP Address Management. According to Infoblox, which offers DDI solutions to 13,000 customers, DDI “comprises the foundation of core network services that enables all communications over an IP-based network.”

DDI is an often overlooked aspect of IT infrastructure, according to Infoblox, and it is becoming increasingly important for enabling secure, efficient, and manageable networks in modern computing environments — including in the early detection and prevention of cyber threats.

Network sprawl, DNS management complexity has grown with cloud

The shift to decentralized, multi-cloud environments, the proliferation of IoT devices, and the overall complexity of modern IT infrastructure have made it more challenging for organizations to effectively manage their DDI services, according to Wilcox.

“The CIO of a Japanese company recently summed it up when he said to me that, with the move to decentralized workplaces and away from on premise compute, the challenges for NetOps and SecOps, and for that matter, DevOps, in most organizations are becoming increasingly complex,” Wilcox said.

“The complexity is going through the roof, and as a consequence we’re not really responding to incidents very quickly; we’re really trying to find a needle in a needle stack. It’s becoming much more difficult for SecOps organizations to define the root cause of many problems.”

Multi-cloud complexity makes DDI management more difficult

Most enterprises are now using two or more cloud service providers. Wilcox noted that with each new environment, managing critical network services becomes more complex and error-prone. Maintaining visibility and control over all DDI services also grows more challenging.

Massive growth in IP-addressed IoT devices

The pervasive expansion of IP-addressed IoT devices — such as the cameras, projectors, or screens that are internet-connected in modern offices — is another challenge for organizations. Managing and securing these devices is becoming “very problematic,” Wilcox said.

NetOps, SecOps, and CloudOps are often siloed in organizations

Operational silo between NetOps, CloudOps, and SecOps teams and manual processes can cause problems. Wilcox said one global bank saw their entire system go down — with US $100 million lost — after a typo was made by the network team in a manual process for changing DNS entries and IP addresses.

SEE: Digital fragmentation is causing problems for organizations, says Boomi

DDI management platforms are fragmented across environments

As organizations expand into multiple clouds, they’ve had to use a combination of DDI tools across environments. These tools have included free services to Infoblox’s separate on-prem and cloud products, as well as native solutions like AWS Route 53, Azure DNS, and Google Cloud DNS.

Fragmented DDI management makes problems harder to distinguish

Other significant issues in the DDI space include IP conflicts, which can lead to network and application outages. There’s also the “prolific” problem of zombie servers — often left unpatched and not updated — hanging DNS records that pose vulnerabilities, and poor utilization of allocated IP addresses.

Poor DNS and IP address management is a cyber security risk

The cybersecurity implications of DNS management are often underappreciated, Wilcox said.

“I’ve been working in cyber security for probably 15 to 20 years,” he explained. “One of the things that escaped me in my previous lives was just how relevant and important DNS and IP address management was to cyber security, how early in the kill chain it was and how important it was to stop some of those threats at the earliest possible junction.”

SEE: Infoblox details mega-threat from organized global cyber criminals

He added: “Most of the cyber security solutions that I’ve been involved with happened once the bushfire had already started. So what we’re talking about here is definitely a shift, we sort of say a shift left here, which is probably a misappropriation of the term, but we are essentially getting to that problem much, much earlier in the cycle.”

80% of network traffic comes from malware and threat actors

Wilcox said that, while “he didn’t believe it until I saw it,” almost all organizations who have used Infoblox’s cybersecurity platform have seen an 80% reduction in network traffic. This indicates a massive portion of that traffic involved malware or a threat actor.

DNS security exposures are a “gaping door” for threat actors

Managing and securing DNS and IP address usage can reduce an organization’s attack surface. For example, organizations often have lame DNS delegations and other security exposures where DNS records are giving authoritative responsibilities to IP addresses they don’t manage.

“That makes for an extraordinarily large security vulnerability for most organizations,” Wilcox said. “If you’re doing that, then you absolutely have gaping doors open for most threat actors to get in and do whatever they like.”

Organizations are willing to take a universal approach to DDI management

Wilcox recommends organizations consider bringing together DDI management under a system that can manage DDI across disparate environments and teams. Infloblox recently launched a centralized SaaS system it has dubbed “Universal DDI,” which aims to address this gap that has existed among vendors.

Scott Morris, managing director of Infoblox in Australia and New Zealand, said during a conference call that a universal approach could help larger organizations attack their technical debt problem and improve their visibility across assets and vulnerabilities, which have been caused by multiple iterations of on prem and cloud implementations.

“We’re now seeing more senior security, governance, risk and compliance, and CloudOps and SecOps people that are seeing the gaps in their organization,” he explained. “Every single CIO, CISO, cloud ops person that comes to one of our events says we are struggling to understand and see what assets are.

“When you really look at the visibility, the integration, automation, and then the shift from really taking what’s been fundamentally a passive tool in the form of DNS, DHCP, and IPAM, and creating that into a proactive security mechanism is a game changer in my opinion.”