In today’s dynamic and virtualized application environments, traditional security models are no longer an effective means of protecting networks. The introduction of software-defined architectures has forced organizations to rethink how they utilize and deploy technologies to protect their applications and data in these environments.
Two of the key benefits of software-defined IT are agility and elasticity. Agility enables businesses to quickly change applications and services available on the network to easily adapt and adjust their services to stay competitive in the internet era.
At the same time, elasticity allows organizations to scale applications up and down to meet demands as conditions change. For example, when the holiday season approaches, e-commerce businesses ratchet up resources to meet heightened customer activity and maintain a responsive shopping page. Different regions and industries have different requirements, and applications need to scale based on regional and time-sensitive criteria.
But to truly capitalize on these benefits requires a new kind of security.
Traditional Security is a Chocolate-Covered Cherry
The traditional network security model consists of firewalls at the perimeter of the network acting as a gatekeeper to prevent any inappropriate communications from entering the core network infrastructure and its vulnerable applications. The problem with this design is that security is the hard chocolate shell around the soft gooey cherry center of the network. Once the outer shell has been penetrated, all the applications and data are exposed to the malicious hacker.
Networks have evolved to become more complex, requiring additional security solutions and technologies for greater protection. Access control lists and application layer security technologies like web application firewalls were introduced, but the network architecture was still hardware-based and static in nature.
Dynamic Applications Require Dynamic Security Policies
Software-defined architectures, such as software-defined networking, cloud, and virtualization, and network functions virtualization in the carrier space, leverage the flexibility of software-based functions on common off the shelf hardware. The hardware becomes a generic platform that can be purposed for any function at any given time.
The agility and elasticity that the software-defined models deliver prove to be a challenge for accepted security practices. When applications and services change rapidly and often, the security profile for that function must change as well. The burden of constantly changing security policies and applying them to the agile infrastructure is challenging, at best.
Elasticity means that application servers are brought into service as demand for the application fluctuates. It is not enough to make the application available within the hostile network environment full of hackers, malicious users, and countless security vulnerabilities. Instead, security components must be placed in front of the application to protect it from these threats. The policies for the application and the user communities accessing it must be configured for maximum protection.
It is not easy to incorporate the security solutions into the software-defined architectures where orchestration and automation enable these changes to occur dynamically and automatically within minutes or hours. Manual identification and adjustments to security policies must be made often, hindering the benefits of the software-defined world and its ultimate business benefits.
When the IT architecture is flexible and dynamic, it also means that the security solutions, their policies, and the implementation of them must be flexible and dynamic. Applications and data will not be secure until technologies advance to automate and orchestrate the security solutions as an integral part of the software-defined models.
The evolution of software-defined virtualized environments requires the integration of security solutions that interact holistically and across different technologies. Only when security policies are considered to be part of the software-defined architectures will businesses be able to reap the full benefits of the agility and elasticity that they expect.
Frank Yue (News - Alert) is the Director Application Delivery Solutions for Radware. In this role, Yue is responsible for evangelizing technologies and trends around Radware�s ADC (News - Alert) solutions and products. He writes blogs, produces solution architectures, and speaks at conferences and events around the world about application networking technologies. Prior to joining Radware, Yue was at F5 Networks (News - Alert), delivering their global messaging for service providers. Yue has also covered deep packet inspection, high performance networking, and security technologies. Yue is a scuba diving instructor and background actor when he is not discussing technology.
Edited by Stefania Viscusi