Virtualization and Cloud executives share their predictions for 2013. Read them in this VMblog.com series exclusive.
Contributed article by Renuka Nadkarni, head of product management at NetCitadel
Software Defined Security (SDS) - The Next Big Virtual Datacenter and Cloud Disruption
2012 saw a wave of "software-defined" technologies emerge
across compute, network and storage areas of the datacenter. However, one area
that lags far behind in this new era of Software Defined Data Centers is
security. Security is still stuck in the stone ages with manual, error-prone
processes that are unaware of virtual and cloud contexts. This significantly
slows enterprise adoption of virtualization and cloud environments, especially
when it comes to high governance workloads.
I predict that 2013
will be the year that Software Defined Security (SDS) emerges to address the
security bottlenecks that are slowing the pace of migration to virtualized and
cloud workloads for the enterprise. This
will be the start of a dramatic shift in network security.
Here are three things I predict will happen in 2013 in the
cloud and virtual data center spaces:
Security controls will become intelligent and context-aware
The last hurdle to achieving a
fully automated data center is the configuration of security controls. In the
midst of the virtual security evolution, I closely witnessed enterprises
struggle with balancing security with the need for IT agility. Traditionally,
workload placement decisions were determined by availability of compute,
network and storage resources in pre-defined security zones. Today, workloads
are highly mobile and applications are split across physical, virtual and cloud
compute zones. Manual security changes and the inability to keep up with the
frequency of changes in dynamic compute environments lead to human errors increasing
the risk of security breaches. This will force the need for security controls
to be more intelligent, dynamic and context-aware to keep up with the
constantly changing dynamic enterprise environment.
Security processes will adapt to the new business needs
While VI/Cloud teams can deploy
workloads on-demand, security teams often require weeks for network security
provisioning. Virtualizing security controls alleviated this problem to some
extent. However, in an enterprise with entrenched processes, requirements for separation
of duties and organizational silos, disruptive technologies are frequently met
with resistance. The advent of virtualized security appliances, such as VMware vShield,
not only highlighted this trend, but further deepened the divide between the
network security and VI/Cloud teams. It may look like network security teams
will be subsumed within the VI/Cloud teams, but I believe that the VI/Cloud and
network security teams will find common ground by using Software Defined
Security solutions that enable them to adapt existing processes to meet the
changing pace of business. This will enable seamless provisioning while still meeting
compliance and governance requirements.
Software Defined Security will disrupt the existing security model
In 2013, a new security paradigm
will emerge, called Software Defined Security, where the data plane (security
enforcement points) is separated from the control plane (security controller)
allowing network security infrastructure to adapt to constantly changing
dynamic virtual and cloud environments. Successful implementations of SDS will
work with existing security devices to adapt to the challenges introduced by trends
such as virtualization and cloud initiatives, and BYOD - and will address
evolving threats. This separation is similar to the changes that are already
being driven by SDN initiatives in the networking space where intelligence is
being centralized in network controllers.
2013 will be an exciting year, one in which we
see Software Defined Security shake up IT security as enterprises look to
conquer the final barriers to offering true self-service and automated IT-as-a-Service.
About the Author
Renuka Nadkarni is the Head of Product Management for
NetCitadel, a stealth-mode security start-up based in Silicon Valley with a
core team of experts from companies such as Google, Juniper, VMware and Level3.
With more than 14 years
of experience building product lines from pre-release to more than $100+
million in revenue, Renuka has a strong track record of bringing new products
to market. Prior to joining NetCitadel, she led network security initiatives at
VMware, including the vShield product line. Previously she held various
positions at VMware, Websense, Nevis and Cisco, and is an expert in
virtualization and cloud security, content security, NAC, intrusion protection,
VPN and firewall products.