Why 'Goldilocks Zone' Of Data Center Security Makes Sense
VMware's networking CTO Martin Casado and security strategist Tom Corn make their case for using virtualization to embed security controls into the very fabric of the data center.
networking, and storage. Ubiquitous coverage can now be achieved, eliminating security choke points and providing a single, coherent view and consistent enforcement of policy. Security controls become distributed services, whose policies are focused only on the applications they protect, simplifying the policy management challenge
In a traditional data center, the lack of context results in asset-centric policy, rather than application-centric policy. We lack the right "handles" to bridge the gap between the intent of our policies and their physical implementation. We're continuously validating the location of critical services and the placement of controls intended to protect them.
In the Goldilocks Zone, IT controls can be both application and identity aware, so we can manage policy in an application-centric manner. A simple driver embedded in every guest virtual machine provides a mechanism for exposing key information available to the guest's operating system, providing advanced context. The network controller's explicit definition of the relationships, traffic control policies, and network control placement provides unequaled context.
The impact of isolation
In a traditional data center, host-based controls have little isolation, and are therefore difficult to protect. On the network side, we have an open infrastructure -- a hyper-connected computing base where virtually every host is connected to every other host, allowing lateral movement of threats.
In the Goldilocks Zone things look different. On the endpoint, the hypervisor provides a deployment location that maintains separation between the controls and the resources they're protecting. Essential countermeasures are kept out of the kill zone and do not run the risk of being "compromised by colocation." A combination of static and dynamic integrity checks further protect the driver by ensuring that it hasn't been overwritten or compromised.
On the network, we have the ability to establish virtual data centers around critical applications and compliance scopes, and to use micro-segmentation. We can also programmatically use the infrastructure to mitigate compromised machines, contain them, or both.
By providing a leverage point that provides context, isolation, and ubiquity, you get a transformational change in security. You move from a hyper-connected network to a least-privilege "zero-trust" model without impeding the flexibility of the infrastructure. You also dramatically improve visibility and context. In turn, the infrastructure can be utilized to isolate threats and protect critical applications and data.
A software-defined virtualization approach offers an opportunity to build secure, highly defensible infrastructure. Security vendors can transform their products by taking advantage of the rich context, isolation, and ubiquity. Security practitioners can expand their thinking from "How to secure this layer?" to, "How can we use this new layer to secure our most critical assets?" We finally have the opportunity make security an intrinsic part of infrastructure itself -- built-in rather than bolted on.
Cyber criminals wielding advanced persistent threats have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)
Tom Corn is vice president of security strategy at VMware. Martin Casado, VMware CTO of networking, has worked as a specialist in network security for US intelligence agencies.
About the Author
You May Also Like