This page contains a Flash digital edition of a book.
NEWSFILE


8


Security must evolve to cope with Private Cloud infrastructures


Security must evolve to support organizations’ transition from virtualized data centers to private cloud computing infrastructures, according to Gartner, Inc. While the fundamental principles of information security remain the same, the way by which organizations provision and deliver security services must change. Gartner predicts that by 2015, 40 percent of the security controls used within enterprise data centers will be virtualized, up from less than 5 percent in 2010.


“For most organizations, virtualization will provide the foundation and the steppingstone for the evolution to private cloud computing,” said Thomas Bittman, vice president and distinguished analyst at Gartner. “However, the need for security must not be overlooked or ‘bolted on’ later during the transition to private cloud computing.” Mr. Bittman explained that whether securing physical data centers, virtualized data centers or private clouds, the fundamental tenets of information security - ensuring the confidentiality, integrity, authenticity, access, and audit of our information and workloads - don’t change. There will however, be significant changes required in how security is delivered. Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are


decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources. “Policies tied to physical attributes, such as the server, Internet Protocol (IP) address, Media Access Control (MAC) address or where physical host separation is used to provide isolation, break down with private cloud computing,” said Neil MacDonald, vice president and Gartner Fellow. “For many organizations, the virtualization of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud.”


To support secure private cloud computing, security must include the following characteristics. It must be an integral, but separately configurable part of the private cloud fabric, designed as a set of on- demand, elastic and programmable services, configured by policies tied to logical attributes to create adaptive trust zones capable of separating multiple tenants. These are, Mr. MacDonald explained, the six necessary attributes of private cloud security infrastructure: A Set of On-Demand and Elastic Services


Rather than security being delivered as a set of siloed security product offerings embodied within physical appliances, it needs to be delivered as a set of services available ‘on demand’ to protect workloads and information when and where they are needed. These services need to be


integrated into the private cloud provisioning and management processes, and be made available to any type of workload - server or desktop. As workloads are provisioned, moved, modified, cloned and ultimately retired, the appropriate security policy would be associated with the workload throughout its life cycle.


Programmable Infrastructure The security infrastructure that supplies the security services must become ‘programmable’ - meaning that the services are exposed for programmatic access.


By definition, private and public cloud-computing infrastructure is consumable using Internet-based standards. In the case of programmable security infrastructure, the services are typically exposed using RESTful (Open representational state transfer] APIs, which are programming language and framework independent.


By exposing security services via APIs, the security policy enforcement point infrastructure becomes programmable from policy administration and policy decision points. This shift will enable information security professionals to focus their attention on managing policies, not programming infrastructure.


Policies That Are Based on Logical, Not Physical, Attributes and Are Capable of Incorporating Runtime Context Into Real-Time Security


WIN 2010 WWW.SNSEUROPE.COM


For regular, detailed industry news, subscribe to our weekly email newsletters via the SNS Europe website: www.snseurope.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44