Consider the access control list.

For decades, ACLs have been the foundation — and often the extent — of network policy management. They define, for example, which IP addresses are allowed to talk to which workloads.

"These rule sets have just migrated blindly through revisions of the network," says Sean Doherty, Symantec's vice president of technology partnerships and alliances. "Our CIO customers — many of them see networking as the most legacy part of their organization."

As network virtualization takes hold in the data center, Symantec sees its opportunity in the realm of policy and orchestration. The company's Symantec Operations Director orchestrates security policy and automation for the DCS product line, and is integrated with VMware's NSX virtualization platform. Just as NSX automates network provisioning, Symantec hopes to sell customers on automating policy-based security provisioning.

That kind of service may be a major new segment of the data center security market as virtualization takes hold. Just this week, Intel Security launched a similar integration with NSX, allowing the Intel Security Controller to automatically provision its security tools at the hypervisor level.

Like Intel, Symantec has not yet extended the DCS service to Cisco's Application-Centric Infrastructure (ACI), the main NSX competitor. But Symantec CIO Sheila Jordan is "pushing for us to provide that level of support" for ACI, says Doherty. "We are a significant customer for Cisco," he adds. Symantec in a statement says it has no committed timeline for the ACI integration.

VMware has ramped up its marketing efforts around microsegmentation, a workload segregation feature that the company increasingly describes in security terms. "Every breach, from Target to Home Depot and Anthem, the attackers once they were inside the data center, they had free reign," Chris King, vice president of marketing for VMware's networking and security unit, told SDxCentral recently. "The way you cut that thread is microsegmentation."

Microsegmentation introduces a new ball of thread, though, in the form of workload-level access policies — every workload can spin up with its own dynamic version of the old access control list. "That's not possible without policy-driven orchestration — it's verging on physically impossible," Symantec's Doherty says.

"As we see this movement toward software-defined everything, a big idea is orchestration," says Deb Banerjee, Symantec's chief architect of data center security . "Security automation is a separate silo today, but we're soon going to need orchestration of orchestrations — the silos are going to come together."

It's a business play that's only in the nascent stages for Symantec, which made its bones in the 80s and 90s as an anti-virus goliath. But Doherty and Banerjee believe that within five years, the software-defined data center will be standard.

"Adoption is going to come very quickly in a lot of spaces," says Doherty. "It will come a lot faster than a lot of people are messaging, because people are frightened."