You may be looking at hyperconverged infrastructure (HCI) to increase the ROI on your data center, facilitate agile service provisioning, and scale seamlessly as your needs grow. When it comes to securing HCI, however, are you willing to sacrifice 35 percent of the central processing unit (CPU) capacity to run legacy security agents — hindering performance and virtualization density? Would you tolerate a solution that requires tedious manual effort to integrate with your HCI?
Securing hyperconverged infrastructure is a giant leap forward from securing legacy data center infrastructures, as the latter involves reducing systems to a single dimension while the former was multi-dimensional. Hyperconverged infrastructures are an enabler for software-defined data centers (SDDC), and securing these types of infrastructures involves a policy-based approach that intertwines security with applications instead of applying traditional network-based security.
The Collapse of Traditional Three-Tier Infrastructure
Traditional data centers involved separate compute, storage, and networking, but HCI has collapsed this three-tier infrastructure into a single foundation that also incorporates virtualization, management, and data services. Ultimately, this not only simplifies the journey to a hybrid cloud model, but also the administrative tasks of IT departments.
Because the underlying technology of HCI can be effective regardless of industry verticals, its adoption is expected to reduce costs and improve operational efficiency for any business or organization. This all-in-one design also leaves behind the network-based security model, embracing application-based security policies that let workloads work with each other across network segments.
Traditional large infrastructures relied on firewalls to protect users and workloads from compromise or contamination; this formula does not work for HCI. Quite simply, the traditional approach is not scalable with the addition of extra endpoints, and it leads to performance issues and bottlenecks as the topography increases.
Moving to a hyperconverged infrastructure requires organizations to rethink the way they store and secure their data. New security controls that are application-aware are needed.
With performance and agility driving HCI adoption, legacy security solutions will inhibit instead of enable digital transformation, which is why organizations need to understand the hosting environment and the entire HCI infrastructure when choosing a security solution. For instance, security that can support automated provisioning and scale at the same speed as the IT infrastructure is mandatory if newly spanned workloads are to be instantly protected.
Application-aware security for HCI ensures that security policies are enforced automatically across any network configuration based on the workload’s role and not its location within the infrastructure — as would happen with traditional infrastructures.
Legacy hardware-centric infrastructures that require full-scale agents running on each endpoint inflict major performance penalties. This runs in complete opposition to HCI’s central value proposition of agility and performance. The modern data center that’s built on HCI needs to enable centralized security controls while deploying light security agents — or no agents at all — that don’t hamper the performance of virtual workloads.
Adding an extra abstraction layer on top of physical resources redefines the way security should integrate with hyperconverged infrastructures. While this requires that organizations create new security practices, it doesn’t make past knowledge about data security obsolete. Perimeter firewalls and network segregation are just two examples of security practices that can cross over into HCI, but security and IT departments will need to focus more on application security than on hardware.
Key HCI Security Components
The key consideration when factoring in security for HCI is the security solution’s ability to tightly integrate with the infrastructure without hurting the performance of applications running in virtual workloads. Otherwise, poor performance will deter organizations from adopting HCI and from fully leveraging its performance and scalability benefits.
Since everything in hyperconverged infrastructures is built around agility and fast deployment, security should follow the same mantra. Consolidating security controls into a single console not only offers complete visibility across the entire infrastructure, but also enables seamless deployment and policy enforcement across all environments — in one fell swoop.
Perhaps the most important aspect of HCI security is that the prevention, detection, and remediation capabilities of the security offering are not affected in any way. In fact, by fully leveraging the tight integration with hypervisors that control the hardware resources allocated to virtual workloads, new security layers that sit below the guest operating system can offer unparalleled visibility into threats. This can be particularly useful when defending against new or unknown vulnerabilities that aim to compromise virtual workloads.
Ultimately, the role of security for HCI is to enable organizations to fully embrace digitalization, agility, and automation — allowing them to focus on growth.