8 steps to ensure businesses’ security strategy mirrors dynamic computing environments
Your security strategy should mirror the dynamic and distributed nature of to-day’s infrastructure and applications, and the discussed steps help design an adaptive approach that can improve your security position and make security a business enabler. (Image: www.3dctour.com)
The dynamic computing environment makes it a must for businesses to adopt a flexible and adaptive approach to security and we need to acknowledge that the speed of business and IT has overtaken information security.
On the one hand, data centers have become increasingly dynamic, accommodating rapid applica-tion changes and on-the-fly deployments that span private and public clouds, while on the other hand, security has remained relatively static, leaving the insides of the data center vulnerable to attack.
Security policies are tied to network parameters like IP addresses, ports, subnets, and zones, making things more difficult as security is highly manual, potentially error-prone, lacking visibil-ity inside the perimeter, and inflexible to changes.
The following steps pertain to strategies that help businesses make their security more adaptive to the demands of rapidly changing computing environments:
1. Anticipate workload changes, additions, and movements
Enterprises need security built around the context of application workloads (their properties, en-vironments, and relationships) rather than the underlying infrastructure. Thus, security must au-tomatically provision just-in-time policies based on application changes such as the launching of new workloads, application migrations, and environment changes.
2. Audit your applications’ interactions
A graphical view of multi-tier applications based on traffic flows between the individual work-loads that make up the applications will ensure more visibility into the east-west traffic, with which topology view can provide a complete picture of north-south and east-west interactions, chatty workloads, and connection requests from external entities that are not authorised. Also, if the application topology map is interactive, security teams can drill down for details on the spe-cific context of a workload and its relationships with other workloads, helping security teams design accurate and well-informed security policies based on application needs.
3. Assume that attacks are inevitable
Enterprises need security inside their data centers that can lock down interactions between work-loads to permitted communication paths and prevent unauthorised connection requests. Attackers who may have made it past the perimeter and compromised one server — and perhaps made away with sensitive data in the process — can thus be prevented from attacking other servers.
4. Future-proof your application deployments
Security strategies that can be made consistent across private data centre and public clouds will converge security applications in private with that of security for applications in the cloud given that the expected application behaviour and its security needs don’t change based on where it runs.
5. Choose security technology that is independent of the infrastructure
It is important to develop a context-aware security strategy that can protect application work-loads with no dependencies on the underlying network or computing environment, given today’s computing environments where virtual servers can be launched on demand anywhere and appli-cations can be deployed or changed at will. Moreover, with data centers running a heterogeneous mix of bare-metal servers, virtual servers, or even Linux containers, security that is agnostic to the computing environment can help provide a consistent security strategy that’s easy to deploy, easy to maintain, and less prone to errors.
6. Eliminate the use of internal firewalls and traffic steering
Today, security is about dynamic context that can adapt to workloads from the underlying net-work parameters and allows changes to occur without affecting security policies. In a context-aware system, security policies can be specified using natural-language syntax instead of IP ad-dresses where to enforce policies at the level of individual workloads provides more granular control to administrators.
7. Use simple, on-demand encryption of data in motion
Encryption of data in motion is a necessity in distributed computing environments where appli-cation workloads need to communicate across both public and private networks. Here, the best way out is adaptive security solutions that can provide policy-driven IPsec without the need for additional software or hardware. This allows security administrators to set up on-demand encryp-tion of data in motion between application workloads running anywhere.
8. Develop strategies to integrate security with devops practices
Adaptive security architectures providing integration with automation and orchestration tools to roll out security changes as part of the continuous delivery process are the need of the hour. This strategy allows security and devops teams to build security into the application right from work-load inception and to maintain it all the way to workload decommission.