The concept of Federation is typically used in Global deployments. Essentially, it means the interconnection of two or more geographically separate data centers. The easiest way to understand Federation is to think of a deployment in North America with another in Europe. Each market has its own command center servicing the needs of each region. Language and culture may be different but the broad response protocols, function, and overall mission of the security team will be very similar. Although network connectivity between continents is typically okay, as load increases and demands for systems resources grow, the inherent network latency may begin to degrade the performance of the application. Additionally, different privacy laws between markets (i.e. GDPR – General Data Protection Regulation) require organizations to keep data physically within the regions in which they operate and not to store this data in other regions.
Both these characteristics require organizations to run independent installations of the application within each region. This creates “operational islands” that are disconnected from one other, increasing the cost to maintain, decreasing economies of scale, and reducing overall system resilience.
Federation is designed to address these challenges. A Federated system allows individual systems to be deployed within each market (i.e. North America, Europe, etc) and for users to seamlessly access other regions without the need to launch separate applications. Behind the scenes all the connection and data are local; the application is designed so that if a user in North America needs to provide operational support to a center in Europe, they can.
Multi-tiered, globally federated SureView deployment across 2 regions
The simplest way to describe it is to think of an organization with a North American and European presence. The European SOC signs off for the night and in doing so, clicks a button that hands over security to the North American SOC for the next eight hours. If an event arises in that time, the North American team pick up their events just like their own. They have the expertise to deal with it but, if necessary, they also have the contacts to inform key stakeholders in Europe. In the morning the situation is reversed. It’s that simple.
