What Is Network Policy?

Benefits of network policy

A network that runs on policies can be automated more easily and therefore respond more quickly to changing needs. Many common tasks, such as adding devices and users and inserting new applications and services, can now be easily accomplished. Well-defined policies can benefit a network in the following ways:

• Align the network with business needs
• Provide consistent services across the entire infrastructure
• Bring agility through greater automation
• Make performance dependable and verifiable

An even bigger advantage to enterprises is the security gains from policy. By granularly defining policies that give users and devices the least amount of access to resources that they need to do their jobs, you can better protect sensitive data. Violations can be caught and mitigated quickly. Such zero-trust security measures reduce risk, contain threats, stop lateral movement of malware, and help verify regulatory compliance.

A network that follows well-defined policies capably fills business needs that it is designed to support. Think of network policies as objectives or goals. Without clear objectives, your network can't be set up to deliver optimally, and without goals, its performance can't be measured.

Policies don't exist in a vacuum. All network devices, users, and applications should be governed by those policies.

• Users - Effective policies need to recognize all types of users. Clearly, an admin user should have different rights and be able to do a wider array of tasks on the network than a guest user. Likewise, a financial user needs access to business-critical financial data, while a security guard does not.
• User and IoT devices - Access privileges provided to devices form key policies, especially as IoT expands. A policy could enable people to perform more tasks and access more types of information than a connected temperature sensor or printer. In fact, policies should expressly prohibit a moisture sensor from accessing a financial database.
• Applications - Not all applications are equal, and policies should reflect that. Bandwidth is always limited, so polices should prioritize traffic from business-critical applications over traffic from social media, for example.
• Data Type - Similarly, not all data types are of equal importance. Critical financial data demands a more restrictive policy. Video traffic may demand a specific quality-of-service (QoS) policy to help optimize performance levels.
• Location - Location can be an important policy attribute. As telecommuting becomes more widespread, users' locations may affect their security profiles and what applications and data they can access. For example, a user may access a human resources data base from the privacy of their home office, but not while working from a public coffee shop.

Since network policies specify how the network must function in different circumstances, there is no set list of policies. A network's policies depend on what's necessary to achieve business objectives. Some of the more common policies that all businesses need to consider are:

Despite the acknowledged importance of setting and adhering to policies, most corporate networks do not have effective policy strategies in place. The reasons most often cited are:

Of course, you can't implement policies without knowing what policies to implement. This is particularly true for larger networks that have evolved over time and whose administrators may not have a complete grasp of business needs and how the network is responding to them. Here are the steps for implementing policies that work:

1. Identify - Figure out who and what is on the network. Users may have brought their own devices, and departments may have plugged in IoT devices without administrator knowledge. Without an inventory of devices, and their security postures (locations, operating systems, latest software patches and updates, etc.), it's difficult to set policies that govern their uses and places in the network.
2. Visualize - Understand how users and devices communicate. If you're starting from scratch, you can preplan, but you don't always have that luxury.
3. Define - Once you have a solid idea of how your network is being used, you can start to define policies that will permit, deny, or modify those flows.
4. Model - After visualizing and defining your policies but before putting them in place, do a "dry run" to determine what effects the policies will have on users, traffic, and performance.
5. Activate - Here, you activate network devices to enforce policies as per the functions they perform.
6. Extend - Sometimes, activating policies in just one network isn't enough. In this age of connectedness, consistent policies must permeate all networks within the enterprise – campus, branch, WAN, and data center, as well as the ecosystem, such as ITSM. Extending policies would make all networks collaborate to fulfill business intent.
7. Assure - It's not enough to define, model, and activate policies. You need to help ensure that they're being followed and getting the job done. Here, you analyze the network and evaluate whether it is enforcing the policies and identify any fine-tuning you may need to do.

All the tasks listed above for discovering, defining, authoring, and activating policies are certainly not easy to perform. Network controllers that follow the industry's intent-based networking (IBN) framework are best suited for those jobs. They take business intent as input, translate it into policies, and make sure the policies are being applied appropriately and delivering the desired results.