Simplifying Security Management in the Virtual Data Center
-
Upload
algosec -
Category
Technology
-
view
703 -
download
0
Transcript of Simplifying Security Management in the Virtual Data Center
How to Accelerate and Simplify Security Management in the Virtual Data Center
2
Nimmy ReichenbergVP of Marketing and [email protected]
Meet our Presenters
2
Rick HollandPrincipal AnalystForrester Research Inc.@rickhholland
Firewall Breaches Data Center Automation
5% Vulnerabilities
95% Misconfiguration
The Security Management Balancing Act
3Security
Agility
Prevent Cyber Attacks
Enable Business Applications
Resource Time to Provision
Server Minutes
Storage Minutes
Security Access Days/Weeks
: 2013Source The State of Network Security
Data Center Scenarios
Confidential 5
Data Center Migration/Consolidation
Challenges
• Reconstructing the security policy for the new data center
• Ensuring required connectivity between migrated servers
Migrating Applications to the Cloud
Challenges
• Ensuring connectivity between onsite and cloud application components
• Removing access no longer needed for decomissioned legacy servers
Ongoing Datacenter Operations
Challenges
• Ensuring faster service delivery and improved availability
• Streamlining security policy change management
• Application-centric risk and compliance management
What Customers are Saying
Confidential 6
AlgoSec helped us reduce 80% of the time required to migrate the security of our applications as part of our data center consolidation project
- Bruno Rolleau, Network Security Architect, Sanofi
Watch Video
Simplifying Security Management in the Virtual Datacenter
Rick Holland, Principal Analyst
Tuesday October 22, 2013
@rickhholland
© 2013 Forrester Research, Inc. Reproduction Prohibited 8
Agenda
›The virtual datacenter is coming
›Prepare for it & implement a Zero Trust network
›How to overcome operational friction
© 2013 Forrester Research, Inc. Reproduction Prohibited 9
IT budget allocation
Enterprises make significant investments in hardware and infrastructure40% of the 2013 enterprise IT
budget went to hardware and infrastructure, on average.
Base: 878 enterprise IT hardware decision-makers
© 2013 Forrester Research, Inc. Reproduction Prohibited 10
Hardware & infrastructure budget
The datacenter and servers account for 67% of the hardware and infrastructure budget
Series1
26%
23%
18%
17%
16%
Budget %
Systems man-agement
Storage
Data center network-ing equipment
Servers and server operating systems
Data center and IT facilities
Base: 842 enterprise IT hardware decision-makers
Profit, margin, revenue
Firms are looking to reduce expenses while enabling the business
© 2013 Forrester Research, Inc. Reproduction Prohibited 12
Consolidation reduces expenses
Source: Forrsights Hardware Survey, Q3 2013
63% plan data center consolidation
Use public cloud platform(s) (IaaS and/or PaaS) at a service provider
Build an internal private cloud operated by IT
Develop a comprehensive cloud strategy for IT infrastructure
Consolidate IT infrastructure via data center consolidation
Purchase or upgrade disaster recovery and business continuity capabilities
Automate the management of virtualized servers to gain flexibility and resiliency
Consolidate IT infrastructure via server, storage, network virtualization and consolidation
Maintain or implement broad use of server virtualization
33%
36%
41%
42%
42%
48%
52%
52%
16%
19%
21%
21%
24%
20%
25%
25%High priority Critical priority
Base: 1,083 enterprise IT hardware decision-makers
“Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?”
© 2013 Forrester Research, Inc. Reproduction Prohibited 13
Source: Forrsights Hardware Survey, Q3 2013
Virtualization enables the business
Use public cloud platform(s) (IaaS and/or PaaS) at a service provider
Build an internal private cloud operated by IT
Develop a comprehensive cloud strategy for IT infrastructure
Consolidate IT infrastructure via data center consolidation
Purchase or upgrade disaster recovery and business continuity capabilities
Automate the management of virtualized servers to gain flexibility and resiliency
Consolidate IT infrastructure via server, storage, network virtualization and consolidation
Maintain or implement broad use of server virtualization
33%
36%
41%
42%
42%
48%
52%
52%
16%
19%
21%
21%
24%
20%
25%
25%
High priority Critical priority
Base: 1,083 enterprise IT hardware decision-makers
“Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?”
Respondents who selected “High priority” or “Critical priority”
© 2013 Forrester Research, Inc. Reproduction Prohibited 14
Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012
And security pros are concerned
Virtualization in the data center (e.g., storage, server)
Desktop virtualization
Application virtualization
26%
19%
23%
45%
38%
43%
2013 (N = 955) 2012 (N = 1,124)
“How concerned are you with the risk that the following initiatives or technologies could introduce in your firm?”
Respondents who selected “4” or “5 – Very concerned”
Base: North American and European enterprise IT security decision-makers
© 2013 Forrester Research, Inc. Reproduction Prohibited 15
Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012
No shortage of virtualization concerns
Limited visibility into virtual environment
Insider threat resulting from lack of separation of duties for privileged users
Configuration management within the virtual environment
Virtual environments in general
Maintaining compliance within the virtual environment
Attacks against virtualization infrastructure including hypervisor
Complexity of virtual environment
33%
38%
38%
30%
43%
40%
42%
49%
51%
53%
53%
54%
55%
56%
2013 (N = 576) 2012 (N = 586)
“How concerned is your firm with the following for virtual environments?”Respondents who selected “4” or “5 – Very concerned”
Base: North American and European enterprise IT security decision-makers
Average Length of Time to Process Application Connectivity Change
1-3 hours23%
4-8 hours18%
8-12 hours13%
up to 1 day14%
1-2 days13%
3-7 days11%
1 week+7%
: Source Examining the Impact of Security Management on the 2013Business
© 2013 Forrester Research, Inc. Reproduction Prohibited 17
What do these trends mean for security professionals?
Virtualization should be a top priority for your security organization
If you lack visibility, you cannot understand the risk implications of the virtual data center
You must understand how your applications communicate
You need an operationally effective means to do this
Time for a new strategy
Get with the program
© 2013 Forrester Research, Inc. Reproduction Prohibited 19
Agenda
›The virtual datacenter is coming
›Prepare for it & implement a Zero Trust network
›How to overcome operational friction
USE ZERO TRUST PRINCIPLES TO PROTECT YOUR
VIRTUAL ENVIRONMENT
TRUST BUT VERIFY
TRUST BUT VERIFY
Which one goes to the Internet?
UNTRUSTED TRUSTED
Zero Trust
UNTRUSTED UNTRUSTED
Concepts of zero trustAll resources are accessed in a secure
manner regardless of location.
Access control is on a “need-to-know” basis and is strictly enforced.
Verify and never trust.
Visibility: Inspect and log all traffic.
The network is designed from the inside out.
© 2013 Forrester Research, Inc. Reproduction Prohibited 26
Visibility: inspect and log all traffic
Enterprises struggle with visibility inside the traditional data center
Visibility into the resources within the virtual data center is even more of a challenge
Can you see into application communications within your virtual environment?
What about intra-vm communications?
© 2013 Forrester Research, Inc. Reproduction Prohibited 27
The network is designed from the inside out
Visibility is required to design networks
We need a data centric approach, and data exists within applications
If you don’t understand how applications communicate how can you securely enable them
We are strategic when we design networks around critical data within applications
© 2013 Forrester Research, Inc. Reproduction Prohibited 28
Zero Trust
› Understanding applications (data) is the foundation of Zero Trust network design.
› Architecting Zero Trust networks is ideal when consolidating data centers and virtualizing applications.
› But the traditional approaches to enabling applications and segmenting networks aren’t effective and don’t scale.
Confidential 29
Confidential 30
Confidential 31
© 2013 Forrester Research, Inc. Reproduction Prohibited 32
Agenda
›The virtual datacenter is coming
›Prepare for it & implement a Zero Trust network
›How to overcome operational friction
© 2013 Forrester Research, Inc. Reproduction Prohibited 33
Its all about operations
Understand that if operational requirements are too great, solution WON’T be maximized
© 2013 Forrester Research, Inc. Reproduction Prohibited 34
What inhibits this? Self imposed operational friction
› Bad for the business and bad operations• Complex application communication requirements
• Bloated firewall rule sets
• Lack of tools
• Immature process and oversight
• Poor communication between information security, application owners and network operations
© 2013 Forrester Research, Inc. Reproduction Prohibited 35
You need a solution that reduces friction
Application discovery function Function that speeds the discovery of application communications
Self service Ability for application owners to request provisioning/deprovisioning of applications
Integrations No point solutions here, look for offerings that integrate into your firewall and change management solutions
Virtualization capable Must be able to enable automation within the virtual data center. Solution must be scalable enough to address nuances of virtual environment.
What to look for in a solution
© 2013 Forrester Research, Inc. Reproduction Prohibited 36
Technology is only one aspect
› We cannot forget about the other areas
› Foster relationships
› Look for technologies solutions that facilitate oversight, people and process activities
Oversight
People ProcessTechnology
Oversight
People ProcessTechnology
© 2013 Forrester Research, Inc. Reproduction Prohibited 37
Looking ahead› If you can’t securely
enable applications within your own data center, how can you expect to be successful in the cloud?
Firewall Analyzer
Security Policy Analysis & Audit
FireFlow
Security Policy Change Automation
BusinessFlow
Business Application Connectivity Mgmt
Business Applications
Security Infrastructure
The AlgoSec Suite
Confidential 39
Application Owners
AlgoSec Security Management Suite
SecurityNetwork Operations
• Faster security provisioningof business applications
• Accelerated data centermigrations
• Automated firewall operations
gility• Streamline communication
between teams• Enable true accountability
and governance
lignment
Accurate configuration ensures• Business continuity• Stronger security posture• Continuous Compliance
ssurance
• Effectively react to network and application changes
• Process changes up to 4x faster
daptability
Benefits
Business Impact
Confidential 40
Q&A and Next Steps
The Case & Criteria for Application-Centric Security Policy Management www.algosec.com/application
Simplifying Security Management in the Virtual Data Centerwww.algosec.com/datacenter
Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval
41
Connect with AlgoSec on:
www.AlgoSec.com
Managing Security at the Speed of Business