Compliance and the cloud

What do you do when suddenly there are a lot more blue cars than you expected? And what about the other organizations wondering who's scanning their networks from a rogue host through their MPLS routers? For any organization concerned about the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, or peripheral component interconnect data and network-control requirements, it's quite a mess.

Who sorts out requirements for labeling before an MPLS network is provisioned? Often no one, as it turns out. A carrier may provide a basic configuration that works, but an uninformed customer may unwittingly buy a low-end MPLS service with fast traffic handling but no isolation from the carrier's other customers. The carrier assumes that the client knows it's a semiprivate connection and will run a site-to-site VPN. Instead, the uninformed client opens the whole network to the cloud.

It's not that organizations shouldn't play with big kids' toys, but they need to be aware of their complexity. Traffic problems are not unique to MPLS, but its presentation and function make it easy to mistake for a VPN. A toaster oven is not the same thing as a modular food-heating unit, and a pair of MPLS routers are not plug-and-play access points.