Home / Blogs

Building a Secure Global Network

Choose Partners, Data, Protocols carefully. Diversity is important

Recently, the DNS has come under an extensive attack. The so-called “DNSpionage” campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected.

When organizations and nations set out to build secure global networks, policy makers, technicians and architects often focus on operational aspects, such as performance, network coverage and routing, and technical support procedures. Public and private sector procurements for global public assets may add other requirements. For example, in 2011, the Australian[1] government banned Chinese telecom vendor Huawei from the country’s $38 billion National Broadband Network (NBN) tender. Huawei has made headlines recently also.

Too often, companies touting secure networks focus on the security of the data at rest, or of the data in transit, and believe that this is the most important thing to secure. Other factors may be even more important to consider. For example, is the data traveling on a network whose integrity is not questionable? Is the data stored on equipment from reputable vendors? Is there the ability to look into your supply chain to determine if the data is on equipment from vendors who are either of questionable heritage, or whose integrity has been doubted.

Our extensive experience building and managing secure global networks shows that focusing primarily on operational parameters may miss several critical aspects in the supply chain, including:

  • The security profile and footprint of each vendor and their downstream supply chain;
  • The origin and type of hardware and software used by each provider;
  • The protocols used to secure data inside a provider’s network;
  • Contractual and audit commitments to vet each vendor’s downstream supply chain
  • Procurement diversity: How diversified is each component of the infrastructure - including software, hardware, operating systems, and upstream providers; and
  • Business Continuity Plans: The reassurance that these organizations have a comprehensive plan which includes business continuity practices to mitigate a catastrophic (zero day) failure. Certifications such as ISO 27001 and 22301 (or equivalent) are useful mitigations.

It is also important to make this an ongoing risk management discussion. Providers make changes to their infrastructures and products that should influence your own assessment of the risk you are managing, and have comprehensive strategies in place to mitigate these risks. It is essential to conduct regular audits of your understanding of what your vendors have and continue to do so.

In short:

  • Secure your data internally AND externally (careful how/where you store data).
  • Secure your data in transit (encrypt data in transit).
  • Choose providers with a security profile equivalent to your own (high integrity providers).
  • Build diversity (no single point of failure).
  • Practice risk management (audit and enforcement).

Proper consideration of these factors, balanced with recognition of any specific contractual requirements, and you will be on your way to building a secure global network.

[1] Afilias is the technology provider for Australia’s .AU domain, and conforms to relevant requirements.

By Ram Mohan, Chief Operating Officer at Afilias

Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API