Virtualization Technology News and Information
NetCitadel 2013 Predictions: Software Defined Security (SDS) - The Next Big Virtual Datacenter and Cloud Disruption

VMblog Predictions

Virtualization and Cloud executives share their predictions for 2013.  Read them in this series exclusive.

Contributed article by Renuka Nadkarni, head of product management at NetCitadel

Software Defined Security (SDS) - The Next Big Virtual Datacenter and Cloud Disruption

2012 saw a wave of "software-defined" technologies emerge across compute, network and storage areas of the datacenter. However, one area that lags far behind in this new era of Software Defined Data Centers is security. Security is still stuck in the stone ages with manual, error-prone processes that are unaware of virtual and cloud contexts. This significantly slows enterprise adoption of virtualization and cloud environments, especially when it comes to high governance workloads.

I predict that 2013 will be the year that Software Defined Security (SDS) emerges to address the security bottlenecks that are slowing the pace of migration to virtualized and cloud workloads for the enterprise.  This will be the start of a dramatic shift in network security.

Here are three things I predict will happen in 2013 in the cloud and virtual data center spaces:

Security controls will become intelligent and context-aware

The last hurdle to achieving a fully automated data center is the configuration of security controls. In the midst of the virtual security evolution, I closely witnessed enterprises struggle with balancing security with the need for IT agility. Traditionally, workload placement decisions were determined by availability of compute, network and storage resources in pre-defined security zones. Today, workloads are highly mobile and applications are split across physical, virtual and cloud compute zones. Manual security changes and the inability to keep up with the frequency of changes in dynamic compute environments lead to human errors increasing the risk of security breaches. This will force the need for security controls to be more intelligent, dynamic and context-aware to keep up with the constantly changing dynamic enterprise environment.

Security processes will adapt to the new business needs

While VI/Cloud teams can deploy workloads on-demand, security teams often require weeks for network security provisioning. Virtualizing security controls alleviated this problem to some extent. However, in an enterprise with entrenched processes, requirements for separation of duties and organizational silos, disruptive technologies are frequently met with resistance. The advent of virtualized security appliances, such as VMware vShield, not only highlighted this trend, but further deepened the divide between the network security and VI/Cloud teams. It may look like network security teams will be subsumed within the VI/Cloud teams, but I believe that the VI/Cloud and network security teams will find common ground by using Software Defined Security solutions that enable them to adapt existing processes to meet the changing pace of business. This will enable seamless provisioning while still meeting compliance and governance requirements.

Software Defined Security will disrupt the existing security model

In 2013, a new security paradigm will emerge, called Software Defined Security, where the data plane (security enforcement points) is separated from the control plane (security controller) allowing network security infrastructure to adapt to constantly changing dynamic virtual and cloud environments. Successful implementations of SDS will work with existing security devices to adapt to the challenges introduced by trends such as virtualization and cloud initiatives, and BYOD - and will address evolving threats. This separation is similar to the changes that are already being driven by SDN initiatives in the networking space where intelligence is being centralized in network controllers.

2013 will be an exciting year, one in which we see Software Defined Security shake up IT security as enterprises look to conquer the final barriers to offering true self-service and automated IT-as-a-Service.


About the Author

Renuka Nadkarni is the Head of Product Management for NetCitadel, a stealth-mode security start-up based in Silicon Valley with a core team of experts from companies such as Google, Juniper, VMware and Level3. With more than 14 years of experience building product lines from pre-release to more than $100+ million in revenue, Renuka has a strong track record of bringing new products to market. Prior to joining NetCitadel, she led network security initiatives at VMware, including the vShield product line. Previously she held various positions at VMware, Websense, Nevis and Cisco, and is an expert in virtualization and cloud security, content security, NAC, intrusion protection, VPN and firewall products.
Published Wednesday, December 05, 2012 6:30 AM by David Marshall
Comments - Virtualization Technology News and Information for Everyone - (Author's Link) - January 15, 2013 7:00 AM

First, I'd like to personally thank everyone for being a valued member and reader of VMblog! Once again, with the help of each of you, VMblog has been able to remain one of the oldest and most successful virtualization and cloud news sites on the Web

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2012>