
Virtualization and Cloud executives share their predictions for 2013. Read them in this VMblog.com series exclusive.
Contributed article by Tamar Newberger, VP of Marketing, Catbird
If you knew what I knew, you'd want SDS
20 years ago, in my tiny Greenwich Village apartment, I was faced daily with the most excruciating
of decisions: what do I keep and what do I throw away? I've read the book;
should it linger on the one bookcase? I haven't worn that sweater in over a
year; should it occupy valuable closet real estate? He hasn't called; should
his number remain in my Filofax?
But I knew I couldn't toss my bills, receipts, statements
and tax returns etc, lest I needed the
various warranties, proof and audit-protection they represented. I stored these
valuable documents carefully in my one file cabinet and, when that overflowed,
in a trunk. And when that, too, was full
I just stacked them in boxes until the clutter overwhelmed my space.
So, when my bank announced I could pay my bills online, with
software-based receipts as proof-of-payment, I jumped at the opportunity. It
was scary at first - how did I know the money would arrive at my credit card
company and be appropriately applied to my account - but the potential benefits
were too great to ignore and I took the plunge. Success! I evangelized it to my
friends and family, who still could not
part with their checkbook and stamps. I even set it up for a few of them to
kick off their own software-defined bill payment nirvana. Then, nirvana moved
to a whole new level when my bills themselves could be electronically delivered
and stored - eliminating the need for any hardcopy altogether. Heck, my bank
even helped me reduce my archival clutter by making past statements available
online for electronic filing, allowing me to chuck those old physical files
with abandon. I found my coffee table again and had a small party.
It all seems so sensible and simple now- and yet, many
people still receive paper bills in the mail and continue to mail in their
payments via checkbooks and stamps. It's familiar. It worked well-enough then, tho imperfectly. Sure, sometimes checks got lost (in contrast
to the electronic transfer my bank does) Sure, sometimes it was hard to find a
copy of the bill with the proof of purchase or the inaccurate charge (unlike
the immaculately filed and easily searchable software copies I store.) Sure, there were no backup copies in case
these records were lost (unlike the software copies I have on my hard drive
routinely backed-up.) Sure, they had to buy more physical cabinetry to house
the growing files (unlike my software-based archives which sit on my plentiful
drive.) Sure, they needed to be at their desk - or wherever their mail
accumulates - to pay their bills, or carry them along with them (unlike my
ability to pay bills whenever, wherever I want via my computer.) It always
worked well-enough!
Such is the analogy I lay out for you when it comes to
another area where the physical is being replaced by the virtual: security for the
data center. 2012 was the year of the software-defined data center. Compute was
virtualized. Storage was virtualized. The network was virtualized (to the tune
of $1 billion, representing what VMware
paid for Nicira). And yet, one critical data center function remained moribound
in the era of paper checks and stamps: security. Not any longer. 2013 will be
the year of software-defined security.
Why do we need this? Physical security is what we have known
for years and has always worked well-enough (though that's disputable.) But in
the era of the software-defined data center, physical security is a
dinosaur. First of all, what is
perimeter security when there is no perimeter? When a server is a file that can
be put on a USB stick and walked out the door, you know the old security model
can't work. When a network is no longer a physical wire but instead a virtual
concept on a backplane, you know the physical sniffer is useless. When servers
can be created with a push of a button, you know the old physical belt and suspenders
of phone calls, paper trails and whatnot to properly configure and manage the
new asset are anachronistic. And when there is a new entity entirely, such as a
hypervisor, which was never before contemplated by physical security devices,
you know it's time for a new model.
So, what is Software-Defined Security? It's radical. It is entirely
software. No hardware at all. It is security completely decoupled from the
physical server or network it's protecting. (Take that, ASIC-based firewalls.)
It's scalable and elastic -use only what you need when you need it. (Take that,
capital budget invested in honking, one-size $100K security hardware appliances.)
It's architected for software-defined data centers to see into software-defined
servers and networks and protect software-defined assets (Take that, hardware-based
network security appliances sitting on a physical wire where no network traffic
actually travels anymore.) It can orchestrate multiple security controls (think
firewall, vulnerability monitoring, IDS) with many potential input streams
(network, hypervisor, management data) for unprecedented intelligence, leading
to better alerting, forensics and prevention (take that, single-control point
solutions.) It lives inside the
software-defined data center, inside the software-defined network, protecting
assets with a type of accuracy reserved only for those with access to the
inside information of the hypervisor itself.
It's also fully- automated, meaning that security policy and technical controls are
applied at machine provision time and that these controls adapt to machine
configuration changes on the fly.
It turns security policy into a mechanism that is bound to
logical, as opposed to physical, groups of assets - independent of where these
assets reside at any given moment. This is a very profound concept in a
software-defined data center, where machine mobility, spin up and shut down and
general transience can dog a CISO hoping to ensure the security and compliance
of her entire domain. In a software- defined data center, the software-defined
security police can answer in the affirmative to the question "Do you know
where your children are?" - and tell you exactly what they are doing, for how
long they have been doing it, and force them to stop it if they don't like it.
Take that, Snapchat.
And, not unlike my bank making past statements available to
me so that I could eliminate my clutter: while it was born of the
software-defined data center, software-defined security will protect physical
data centers as well.
Think of how this could help almost any organization. Basic
infrastructure security is done more reliably, with better agility and with
significantly less expense. Compliance enforcement is dramatically improved as
most major compliance standards (PCI, HIPAA, you name it) require the
orchestration of multiple controls. Application delivery can be done securely,
with automatically correct configuration. Advanced threat mitigation is done
instantaneously as a result of being detected on the inside. The list goes on, but at least it's a digital
list so as not to add clutter.
Much will be written in 2013 about the promise of
Software-Defined Security. The incumbent security hardware vendors are
threatened. The hypervisor vendors understand the promise. The most savvy CIOs
will evaluate this new idea carefully, talk to the clueful analysts, listen to
their colleagues who have already successfully integrated it into their
environments and make their own decisions.
And I? I
will put my money on Software-Defined
Security this year - I've saved so much in stamps!
###
About the Author
Tamar Newberger is the VP of Marketing at Catbird, one of the leading companies
in security and compliance for virtualized infrastructure.