Software-defined security (SDSec) is one of the hot new trends in the last few years. That is why we considered appropriate to write a few words about the technology and its realistic development on the local market and in specific on the local cloud market.
According to Gartner in 2014, SDSec was one of the 10 most exciting technologies in the field of information security (Gartner Newsroom). Gartner views this technology not as entire removal of HW components from the security aspects, but as the trend that the value and intelligence of the security projects will move into the software layer.
What is actually SDSec? Mostly it is defined as a security model in which the information security in a computing environment is implemented, controlled and managed by security software, not hardware. The top five benefits perceived from SDSec are Simplicity, Automation, Scalability and Flexibility, Cost Effectiveness, Improved Functionality.
However, the most interesting aspect of the SDSec trend is its primary goal to ensure that the appropriate security controls automatically remain in place, regardless of where an application moves, whether on-premises or to public clouds. It means in less complex words a functionality that will allow to any service of the customer to ensure the application of all their security policies within a cloud environment as well.
For most companies the SDSec is part of a more global trend to ensure creation of a software-defined data center (SDDC). The first step usually goes via the introduction of a software-defined network (SDN) within the organization thus achieving the freedom to automate and manage the network itself with no dependence to the hardware core.
In its essence within the SDSec the security is abstracted away from physical constructs such as stateful port firewalls and replaced by a set of flexible controls. Abstraction is the foundation for establishing common security models that can be deployed repeatedly and freely. Concerns about operator errors are diminished, as SDSec can ensure that no asset can be created without being automatically put into a security trust zone.
SDSec dramatically improves also the visibility of network activity. Network administrators and security personnel can detect anomalous behavior that would be blind to them with physical devices.
Eliminating dependencies means security can be deployed on a scale appropriate to each host hypervisor. Because this is software only, security policy is flexible and extremely scalable and can extend across clusters and data centers It also means that security is available “on-demand”.
That means the security architecture requires security controllers that are API-equipped, so applications can dynamically provision appropriate security capabilities. That is, as an application rolls out virtual machines (VMs) and configures traffic paths. It needs to be able to associate the virtual components with the appropriate security capabilities, whether IDS; IPS; security information management, or SIM; security information and event management, or SIEM; or the like. As with any other SDN component, a security controller needs to be multiuser so network engineers can support security configurations for multiple customers.
Leading analysts, CIOs and CSOs agree that adopting a SDSec architecture is necessary to ensure that security and compliance does not slow down and burden the movement to cloud infrastructure, but rather complements and accelerates the value it delivers to the customer.
This need requires on-demand orchestration of security controls through layers of automation. Such environments must offer automatic scalability and the ability to function anywhere, independent from the underlying infrastructure. API enablement at multiple levels is a must, serving as the basis of a software-defined security architecture.
The five principles of software-defined security—abstraction, automation, orchestration, automatic scalability, and API enablement—can go far to ensure the success of security and compliance support for enterprise transformation to cloud-oriented technology delivery.
For more information on the deployment of the different SDSec models within a cloud environment, please contact us or read more at onecloud.bg