This article by Zeus Kerravala was originally published on Network World.
Adaptive security is becoming more important as breaches appear to become inevitable.
Earlier this year, I wrote a post discussing why security needs to be adaptive. The high-profile breaches of big-name firms like Target and Bank of America, not to mention the Office of Personnel Management, have acted as a wake-up call to businesses. No matter how much money and how many people are thrown at securing the perimeter, it will not stop 100% of malicious traffic from penetrating the enterprise.
Solving the security challenge continues to confound IT professionals as well. In the 2015 Network Purchase Intention Study, run jointly by ZK Research and Tech Target, we asked over 1,000 respondents globally, "What are your company’s top 3 priorities for next 12 months?" To no surprise, security came back as the No. 1 response. Another question we asked was, "What IT products are taking up more time than in previous years?" Again, security was overwhelmingly the No. 1 response. So security is a top initiative for IT, but it’s taking more and more time. Something has to change if the acceleration of breaches the industry has seen over the past few years is going to reverse course (disclosure: I am an employee of ZK Research).
This was the thesis behind my post on adaptive security. The constantly changing nature of the technology infrastructure makes traditional approaches to security archaic and outdated. In a sense, security takes a "fight fire with fire" approach. But if the IT environment is distributed and constantly changing, how can one ever hope to protect the businesses if security is static in nature?
The other challenge that IT and business leaders need to come to terms with is that no matter how much budget and people that enterprises invest in security, breaches are going to occur. So the question to ask isn't whether a breach will occur. The question should be: What are you going to do about it when it does?
Adaptive security solves both of these challenges as it evolves and changes with the IT environment. With traditional security, an increase in attack surfaces means more technology to buy and a higher level of security. With adaptive security, the security tool automatically changes to match the increased number of attack surfaces. If a breach does occur, the area where it occurs is cut off from the rest of the infrastructure, minimizing the blast radius where current security tools would have been blind to the attack.
Illumio, previously highlighted in this post by Tim Greene, takes a unique approach to adaptive security by binding security policies to the workload instead of the network. As the workload evolves and changes roles, Illumio changes with it to keep the designated security intact.
Obviously, the concept of adaptive security is still evolving, but Illumio has a number of key capabilities that enable security to be adaptive. These are as follows:
- Security and associated policies can be baked into the workload during the development process and the launch of applications. As the workload evolves throughout the application development process, the security changes with it.
- Since the security is bound to the workload, it becomes location-independent. This means unified security policies are possible across all data centers, public clouds, and hybrid environments.
- Illumio acts as the central brain that keeps track of all the workload changes across the IT environment to keep security intact as the computing environment changes. In a way, it’s like having an additional member on the security team, but one that never sleeps.
I'm certainly not advocating doing anything radical like removing the perimeter security or IDS/IPS systems. However, I do believe that if security teams are to ever gain ground on modern hackers, there needs to be some willingness to augment traditional security measures and go deeper into the data center and cloud with something that's in line with the evolving security landscape.