Virtualization Technology News and Information
Catbird 2013 Predictions: If you knew what I knew, you'd want SDS

VMblog Predictions

Virtualization and Cloud executives share their predictions for 2013.  Read them in this series exclusive.

Contributed article by Tamar Newberger, VP of Marketing, Catbird

If you knew what I knew, you'd want SDS

20 years ago, in my tiny Greenwich Village apartment,  I was faced daily with the most excruciating of decisions: what do I keep and what do I throw away? I've read the book; should it linger on the one bookcase? I haven't worn that sweater in over a year; should it occupy valuable closet real estate? He hasn't called; should his number remain in my Filofax?

But I knew I couldn't toss my bills, receipts, statements and  tax returns etc, lest I needed the various warranties, proof and audit-protection they represented. I stored these valuable documents carefully in my one file cabinet and, when that overflowed, in a trunk.  And when that, too, was full I just stacked them in boxes until the clutter overwhelmed my space.

So, when my bank announced I could pay my bills online, with software-based receipts as proof-of-payment, I jumped at the opportunity. It was scary at first - how did I know the money would arrive at my credit card company and be appropriately applied to my account - but the potential benefits were too great to ignore and I took the plunge. Success! I evangelized it to my friends and family,  who still could not part with their checkbook and stamps. I even set it up for a few of them to kick off their own software-defined bill payment nirvana. Then, nirvana moved to a whole new level when my bills themselves could be electronically delivered and stored - eliminating the need for any hardcopy altogether. Heck, my bank even helped me reduce my archival clutter by making past statements available online for electronic filing, allowing me to chuck those old physical files with abandon. I found my coffee table again and had a small party.

It all seems so sensible and simple now- and yet, many people still receive paper bills in the mail and continue to mail in their payments via checkbooks and stamps. It's familiar.  It worked  well-enough then, tho imperfectly.  Sure, sometimes checks got lost (in contrast to the electronic transfer my bank does) Sure, sometimes it was hard to find a copy of the bill with the proof of purchase or the inaccurate charge (unlike the immaculately filed and easily searchable software copies I store.)  Sure, there were no backup copies in case these records were lost (unlike the software copies I have on my hard drive routinely backed-up.) Sure, they had to buy more physical cabinetry to house the growing files (unlike my software-based archives which sit on my plentiful drive.) Sure, they needed to be at their desk - or wherever their mail accumulates - to pay their bills, or carry them along with them (unlike my ability to pay bills whenever, wherever I want via my computer.) It always worked well-enough!

Such is the analogy I lay out for you when it comes to another area where the physical is being replaced by the virtual: security for the data center. 2012 was the year of the software-defined data center. Compute was virtualized. Storage was virtualized. The network was virtualized (to the tune of  $1 billion, representing what VMware paid for Nicira). And yet, one critical data center function remained moribound in the era of paper checks and stamps: security. Not any longer. 2013 will be the year of software-defined security.

Why do we need this? Physical security is what we have known for years and has always worked well-enough (though that's disputable.) But in the era of the software-defined data center, physical security is a dinosaur.  First of all, what is perimeter security when there is no perimeter? When a server is a file that can be put on a USB stick and walked out the door, you know the old security model can't work. When a network is no longer a physical wire but instead a virtual concept on a backplane, you know the physical sniffer is useless. When servers can be created with a push of a button, you know the old physical belt and suspenders of phone calls, paper trails and whatnot to properly configure and manage the new asset are anachronistic. And when there is a new entity entirely, such as a hypervisor, which was never before contemplated by physical security devices, you know it's time for a new model.

So, what is Software-Defined Security? It's radical. It is entirely software. No hardware at all. It is security completely decoupled from the physical server or network it's protecting. (Take that, ASIC-based firewalls.) It's scalable and elastic -use only what you need when you need it. (Take that, capital budget invested in honking, one-size $100K security hardware appliances.) It's architected for software-defined data centers to see into software-defined servers and networks and protect software-defined assets (Take that, hardware-based network security appliances sitting on a physical wire where no network traffic actually travels anymore.) It can orchestrate multiple security controls (think firewall, vulnerability monitoring, IDS) with many potential input streams (network, hypervisor, management data) for unprecedented intelligence, leading to better alerting, forensics and prevention (take that, single-control point solutions.)  It lives inside the software-defined data center, inside the software-defined network, protecting assets with a type of accuracy reserved only for those with access to the inside information of the hypervisor itself.

It's also fully- automated, meaning  that security policy and technical controls are applied at machine provision time and that these controls adapt to machine configuration changes on the fly.

It turns security policy into a mechanism that is bound to logical, as opposed to physical, groups of assets - independent of where these assets reside at any given moment. This is a very profound concept in a software-defined data center, where machine mobility, spin up and shut down and general transience can dog a CISO hoping to ensure the security and compliance of her entire domain. In a software- defined data center, the software-defined security police can answer in the affirmative to the question "Do you know where your children are?" - and tell you exactly what they are doing, for how long they have been doing it, and force them to stop it if they don't like it. Take that, Snapchat.

And, not unlike my bank making past statements available to me so that I could eliminate my clutter: while it was born of the software-defined data center, software-defined security will protect physical data centers as well.

Think of how this could help almost any organization. Basic infrastructure security is done more reliably, with better agility and with significantly less expense. Compliance enforcement is dramatically improved as most major compliance standards (PCI, HIPAA, you name it) require the orchestration of multiple controls. Application delivery can be done securely, with automatically correct configuration. Advanced threat mitigation is done instantaneously as a result of being detected on the inside.  The list goes on, but at least it's a digital list so as not to add clutter.

Much will be written in 2013 about the promise of Software-Defined Security. The incumbent security hardware vendors are threatened. The hypervisor vendors understand the promise. The most savvy CIOs will evaluate this new idea carefully, talk to the clueful analysts, listen to their colleagues who have already successfully integrated it into their environments and make their own decisions.

And I?  I will  put my money on Software-Defined Security this year - I've saved so much in stamps!


About the Author

Tamar Newberger is the VP of Marketing at Catbird, one of the leading companies in security and compliance for virtualized infrastructure.

Published Wednesday, January 02, 2013 8:48 AM by David Marshall
Comments - Virtualization Technology News and Information for Everyone - (Author's Link) - January 15, 2013 6:59 AM

First, I'd like to personally thank everyone for being a valued member and reader of VMblog! Once again, with the help of each of you, VMblog has been able to remain one of the oldest and most successful virtualization and cloud news sites on the Web

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2013>