Security is the one critical SDx Infrastructure attribute that is the biggest “work-in-progress” right now. SDx Infrastructure Security is designed to address the needs of next-generation environments, which are highly interconnected, distributed, mobile and virtualized.
Mirroring the SDx Infrastructure that it protects, SDx Infrastructure Security is a more flexible way to design, deploy, and manage security. By delivering the security functionality in software, it can be much more dynamic, adaptive and intuitive in its efforts to detect, contain and remediate the attacks that threaten our collective safety and economic prosperity.
The industry is making progress on the security front, but if innovation doesn’t get ahead of the hackers, we will likely see roadblocks to rolling out new SDx applications that could add value in personal finance, public utilities, health and fitness because of the fear that SDx Infrastructure cannot protect against and contain new attacks.
This Report will focus on three areas where Security is pressing and fast evolving to address the needs and requirements of the SDx Infrastructure:
- Cloud and Data Center – PaaS and IaaS services are changing the boundaries of both enterprise networks and the enterprise Data Center. Additionally, increased use of SaaS services, such as Dropbox, Box, SalesForce, Googlefor Work, and Microsoft 365, create more challenges for confidential data protection and policy compliance. As more and more enterprise data is accessed, used and stored in thecloud, IT has less and less control; organizations need to be able to confidently extend their operations into the cloud, without giving up management and control that can unduly increase their risks.
- Enterprise Networks (Extended Campus and Branch)– Proliferation of device types and increased device and worker mobility stretch the ability of security teams worldwide to lock-down enterprise networks. When workers can work anywhere and do work everywhere, the perimeters and boundaries of the enterprise network become porous.
- IoT– Increasingly consumer and industrial devices are being networked, allowing new entry points into the network that can compromise the integrity and availability to critical services. For enterprises that operate in the consumer, retail, manufacturing, logistics and energy and utilities verticals, IoT is both a boon and a challenge to security teams.
SDx Infrastructure Security Attributes
SDx Infrastructure Security has some common attributes that, not surprisingly, mirror the attributes of the SDx Infrastructure:
- Software-centric – the solutions should be delivered via a virtual machine image, as a software package on general purpose, industry-standard hardware, or as a service in the cloud. This provides deployment flexibility and allows the security solutions to live wherever the SDx Infrastructure is – whether on the local network, in an enterprise private cloud or in a public cloud.
- Virtualized and Cloud-Aware–the security needs to integrate and secure highly virtualized environments, as well as physical and cloud infrastructures. Since most of SDx Infrastructure is virtualized and resides in cloud architectures, SDx Infrastructure Security solutions have to be able identify and secure exposure points and potential vulnerabilities in these virtualized/cloud infrastructures.
- Policy-Driven – the solutions need to ensure consistent policy enforcement for all SDx applications and geographically disparate deployments. SDx Infrastructure Security solutions must have the ability to automatically incorporate changes to the environment in their logic and enforcement—security automation via policy is necessary to ensure that globally security is applied in a compliant manner.
- Context-Driven– SDx Infrastructure Security will have to deliver advanced threat protection, incorporating machine learning and anomaly detection capabilities that can understand the relevance of changes in the environment and can adapt to the risks.
- Centralized Managementand Visibility–it is critical that security solutions need to provide unified visibility and control over all the physical, virtual and cloud environments. This makes it easy to quickly provision, move and scale security to extend capabilities throughout the distributed environment.
Cloud and Data Center Security Benefits
SDx Infrastructure Security solutions should provide greater visibility, scalability and flexibility, as well as improved functionality through the use of innovative software approaches. The benefits of an effective SDx Infrastructure Security solution are:
- Enhanced Security
- Comprehensive security, covering both applications and data across enterprise networks and Data Centers, public, private and hybrid clouds, as well as protecting the virtualized infrastructure itself.
- Protection of employees and enterprise devices (laptops and mobile), regardless of whether they are in or outside the corporate network.
- Sophisticated algorithms that use machine learning and new techniques to detect threats throughout the SDx Infrastructure.
- Improved analytics and orchestration to provide global control and visibility across all elements of the SDx Infrastructure.
- Reduced Capital Expenditures:
- The use of commodity servers reduces hardware costs; by delivering security services in software, organizations are no longer forced to rely on specialized hardware to run network functions.
- Reduced Operational Expenditures:
- Software enables organizations to quickly and easily move and scale functionality to address the changing needs of SDx applications.
- Overall, virtualized functions provide greater flexibility and less complexity in management; organizations can quickly and easily templat-ize deployments to make it simple to move or redeploy functionality across the organization.
- Accelerated Roll Out:
- Can be easily installed and provisioned to enable an organization to quickly deploy security when, and where it is needed.
- The ability to run virtual security services on top of physical infrastructure means organizations do not need to incur the time or costs of having to forklift upgrade their existing systems to add new services.