In a previous blog, I elicited crowd-sourced feedback on the approaches being used to secure the insides of enterprise data centers and public cloud deployments. First, let me thank everyone who spoke to us or emailed their feedback. We also gathered feedback and insights from security leaders and IT practitioners who visited our booth at last month’s RSA Conference.
We heard your responses loud and clear, and agree that there aren’t very many simple answers to this question. As promised, and in the spirit of “sharing is caring,” here’s a summary of what you told us. Many network and security teams are:
- Only segmenting their enterprise applications when absolutely necessary. This is due in part to the complexity (read: hassle) and time required to set up the necessary VLANs and security zones using existing network security appliances and other devices (e.g., routers and switches). But with cyberattacks becoming a matter of “when, rather than if” and the number of breaches occurring lately, enterprises are realizing that segmenting only what’s necessary simply isn’t enough.
- Manually configuring in-depth access control lists (ACLs) on their switches and routers. This is an intensive and demanding process involving entire departments of people aligning together to maintain these controls. It’s also time consuming—it can take 3 to 5 weeks to fully implement security change controls for a network.
- Relying on their public cloud provider’s security offerings. As expected, this approach generates a separate, divergent security strategy from the one being used in their private (on-premises) data center. Some enterprises are using virtualized network security technologies within their public cloud environments. One person we talked to lamented the approach with the analogy of forcing a square peg into a round hole.
- Layering on more security measures to make their network perimeters stronger. One InfoSec professional rattled off all of the technologies and devices his company recently invested in for threat intelligence feeds and supplemental controls to his existing perimeter firewalls. Unfortunately, he wasn’t able to articulate how all of those devices would work together to share knowledge or context and stop the spread of an attack once it is inside his data center.
Even Security Teams Fall Prey To Human Nature
It’s human nature to keep doing things the same way. We hold the fork in the same hand for every meal, and we get dressed each morning using the same routine. Security practitioners are human, too, so it’s no surprise that they’d tend to stick with what they know. This leads to the practice of placing more “boxes” at the perimeter to address security concerns and resorting to networking techniques to steer traffic all over the data center.
Security policies continue to be written using IP addresses, ports, protocols, subnets, security zones, and VLANs. At the end of the day, there are vast amounts of opportunities for security leaders and practitioners to secure the inside of their data center and cloud infrastructures.
Today’s network perimeters have too many holes in them, with so many different communications running across every port and protocol imaginable—with a majority going over HTTP port 80. It’s just a matter of time before a perimeter gets breached and an attacker can find his/her way onto a vulnerable system. It doesn’t matter if the intrusion is due to gaps caused by too many conflicting or redundant firewall rules, misconfigured equipment, or an inadequately secured server. Once inside, attackers have fewer obstructions in their path. They can use the compromised server as a launching point to spread deeper into the network or throughout the relatively unguarded data center or cloud.
The good news is you can easily adapt how you secure data without affecting your other routines.
Enter Adaptive Security
Imagine a security platform inside of your data center or cloud that is adaptive and dynamically changes security policies in lock step with your enterprise applications. Adaptive security that:
- Reduces your exposure to attacks
- Provides security and control no matter where your servers or VMs are running
- Won’t interfere with the VLANs or ACLs you’ve spent countless hours configuring
- Works alongside any existing technology or devices you’ve already invested in
- Enables you to maintain your layered approach for security
You don’t have to imagine what this would look like any longer. Adaptive security is now.
Remember to keep sharing your best practices and security techniques with other industry colleagues, because with collective knowledge – everybody wins.