The conventional network perimeter has disappeared. However, the new architectures enable you to control security at the virtual machine or through cloud infrastructures.
Virtualization and cloud computing have substantially transformed enterprise IT over the past few years, yet security architectures and components have largely remained the same. The concept of conventional perimeter security, which was a valid architecture in the past, is now ineffective in a number of areas.
The sensitive corporate data and network infrastructures of today have several entry points. Some of these are controlled and owned by the enterprise. Service providers manage others. Using the security tools of today, the ability to control end-to-end security is next to impossible.
To address this issue, two schools of thought are emerging. One suggests moving perimeter security all the way back to the virtual machine level, where data flows and policies are enforced and monitored, all under the control of a centralized management system. Alternatively, certain vendors are coming up with ways to offer complete transparency, passing control of Network Security Software back to cloud customers. So which solution is appropriate for you?
Before cloud computing and virtualization became mainstream, IT security was a much simpler task. The firewall acted as the sole traffic cop by permitting internet users to access only to a defined set of services that lived on the externally facing network or a segmented demilitarized zone. This safeguarded internal resources by virtually blocking anything from an un trusted internet from getting into the corporate network. The company privately owned or leased its WAN links, managing all servers and remote data in house. Plus, most importantly, it stored its data either on dedicated back end storage networks or locally on servers.
But once cloud computing and virtualization took off, suddenly, you had network components that the third party used to manage. Moreover, data could be stored in the cloud, in-house, or virtually anywhere else you wanted it. These advancements were great for redundancy and utility, but they caused every kind of data security problems.
There is one solution to the IT security perimeter problem, and that is simply to move the perimeter back to the virtual machine level. For instance, a startup called vArmour recently came out of stealth mode and is actively looking to do just that by strengthening what is transparent in the cloud. For IaaS offerings, the new perimeter is the virtual machine. In fact, it is the first transparent line of defense that the customer can manage. By placing probes on every VM, data flows can be monitored, denied, or flagged if suspicious behavior is detected. This methodology allows your service provider to continue to secure and manage the infrastructure as it sees fit while ensuring your applications and data are protected.
Another approach is to hand infrastructure security control back to the customer. Essentially, this is the concept that the NSX architecture of VMware and the Inter Cloud architecture of Cisco are looking to achieve. Imagine a time when security postures from your private data center can be pushed out or copied to any number of hybrid cloud providers. From a security perspective, there will be no more recreating the wheel or duplicating rules. Best of all, you will actually get to control and see your cloud infrastructure just as if it were your privately-owned equipment.
The bottom line is, both solutions target the problem of an eroding security perimeter that cloud computing and virtualization have chipped away at over the last few years. While IT security cannot be decoupled from the underlying network infrastructure, it could be reclaimed or pushed back using one of these competing architectures.