To speed the delivery of IT-enabled services to the business, enterprises are transforming data centers into pools of dynamically allocatable compute, storage and networking resources, referred to as the software-defined data center (SDDC).
The primary goal of the SDDC is agility and speed by enabling IT-enabled services to be quickly, and transparently, provisioned, moved and scaled across network segments, across data centers, and potentially, into the cloud independent of the physical infrastructure underneath.
Speaking at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference in Las Vegas, Neil MacDonald, vice president and distinguished analyst at Gartner, said that security, like the rest of data center infrastructure, needs to become software defined. For software defined security, the primary goal must be to ensure that the appropriate security controls automatically remain in place, regardless of where an application moves, whether on-premises or to public clouds.
“Information security infrastructure is too rigid and static to support the rapidly changing needs of digital business, or to provide effective protection in a rapidly changing threat environment,” says MacDonald. “Enterprises must evolve information security to support increasingly dynamic and adaptive data centers.”
Securing Software-Defined Data Centers
The vision of a SDDC is one where all IT infrastructure is virtualized and delivered as a service - and where the management model for these services is abstracted from being managed one box at a time to a policy-based, system-wide view.
For many organizations, the first phases of a transformation to a SDDC will involve software-defined network (SDN). SDN and information security services must integrate and communicate with the network controller. To enable this, enterprises should ensure that the next generation of information security services explicitly integrate with, communicate with, and understand SDN.
Evolving Into Software-Defined Security
Beyond integration with SDN, information security itself will evolve to become software-defined, where the management model for security services is abstracted from being managed one box at a time to a policy-based, network-wide view. This enables security policies to be broadly, and logically, defined and these policies to be enforced without individual security appliances having to be reprogrammed.
“Looking beyond the hype around ‘software-defined,’ enterprises must evolve information security to support increasingly dynamic and adaptive data centers,” says MacDonald. “Even if the enterprise's virtualized data center doesn’t adopt SDN, changes in security will be needed as applications become more mobile and move to public cloud.”
Longer term, adaptive security infrastructure will become driven by models defined in software - "software-defined security"(SDSec) - providing increased protection from emerging threats, and faster support of changing business and regulatory requirements.
“It is inevitable that your organization will want to purchase externally provisioned services and applications, as well as cloud-based infrastructure,” says McDonald. “Prices will continue to drop as functionality increases. Information security must be prepared to enable this shift. If you do not require security vendors to support this vision now, it will be harder to do so over time.”