The Secrets of the Supernets

Sun's CTO reveals the company's latest thinking on network security By Greg Papadopoulos

Business is a balancing act, a high wire between risk and reward. The same is true of technology, especially where business systems are concerned. The trade-off today is between the benefits of open interaction on the Internet and the downside risk of a security breach. That's a serious downside--though not so serious as to keep even the most conservative banks, brokers, and credit-card companies off the Net. It does, however, demand constant vigilance.

Here, another kind of balance comes into play--between complexity and ease of use.

Right now, complexity appears to have the upper hand. Many companies, in fact, spend more money maintaining their internal computing infrastructures than they do developing products. Clearly, that needs to change, but it's not hard to see why it happens. These days, people who work together don't necessarily reside in the same hemisphere, let alone the same building--and half the time they may not be working in an office at all. They may be on the road, accessing corporate data through a mobile phone, pager, or some other handheld device. Traditional notions of placing confidential data behind firewalls just don't cut it anymore. You might just as well try to dig a moat around your entire organization.

The challenge for technologists, then, is to continually come up with new security solutions to fit the changing ways we all work today--and do our best to keep those solutions simple.

Which brings me to one of the more interesting concepts currently being developed in our laboratories: a new method of communications tunneling we call Supernetworking. What it does, in layman's terms, is add a new layer of abstraction to a layered model of computer networking, making it easy to encrypt both the transmission and storage of data.

Communications tunneling is already used in today's virtual private networks, but mainly on a network-to-network basis. Other uses are possible, but remain costly and complicated.

The beauty of Supernetworking lies in how easy it is to manage.

I won't go into the technical details; suffice it to say, the Supernet layer sits directly above the network layer and includes its own addressing structure and security services. This makes it possible to create multiple trust domains within any Supernet with ease. Supernets of any size can be created or disbanded with a few simple commands. Even individual participants can be added or removed without having to redo the whole setup, which fits nicely with the way most organizations work.

All of this has some pretty profound implications. If only you are able to read the data, no matter where it's stored or transmitted, then you don't need to maintain an expensive IT infrastructure. In fact, there would be no excuse for it--you would be taking resources away from your core business, which in all likelihood has little or nothing to do with computers or networks.

Think about where we were with electricity at the turn of the century. Companies that wanted it often had to set up their own generators and build their own distribution networks. Now we just tap into a public utility, into the ubiquitous power grid. We don't think about where the power comes from or how it gets to us--except on the West Coast, where it has been taken for granted a bit too long--and we would never think to ask whether it adheres to a standard that works with our appliances. It just does.

Computing power should come to us the same way--through a services grid. And it will.

Already, companies large and small are realizing that everything from email to enterprise resource planning can be cost-effectively outsourced to a service provider--the Internet equivalent of a public utility, many with data centers that include their own backup power generators, by the way.

With end-to-end security, Supernetworking will simply make that strategy more appealing, tipping the balance even further from risk to reward and from complexity to ease of use.

«Return to feature story