Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Top Five Things to Consider For Your Data Center Security Spend

No matter which way you slice and dice the numbers, the data center is typically one of the most costly items within an enterprise IT budget. The costs are high not only from a CapEx perspective but also from the day to day operations of keeping servers up and running.

No matter which way you slice and dice the numbers, the data center is typically one of the most costly items within an enterprise IT budget. The costs are high not only from a CapEx perspective but also from the day to day operations of keeping servers up and running.

When faced with the daunting costs of a data center, it can be easy to allocate for security only as an afterthought, or to only assign a small percentage of the IT budget to security. But, choosing the right network security solution is “budget smart”, and can actually increase the productivity and efficiency of the data center in the long run. Here are the top five things to consider:

1) Choose a network security solution that is agile

As background, let’s revisit the limitations of traditional security within a nimble, dynamic, virtualized data center environment. Within a virtualized data center environment, a virtual machine can be provisioned in minutes. In order to enable security features, the traffic flows within the virtual environment need to be traffic engineered to the right firewall. Security policies then need to be approved and manually provisioned within the firewall via a change control process. This process – approval of policy changes to accommodate a new application and making the right changes on the right firewall — can take weeks if not months. Security therefore becomes the biggest barrier for enterprises in keeping up with the demands of the business.

As you prioritize your data center security budget, your network security solution needs to not only deliver the fundamentals of safe application enablement and threat protection but must support automation and orchestration, and must track virtualized workloads for consistent policy protection. This will then help increase the efficiency of your data center in the long run.

2) Prioritize physical over virtualized hardware

Prioritize physical network security appliances over virtualized network security appliances? But wait, you say. In the section above, I said it is important for the network security solution in the data center to be nimble and address the dynamic nature of virtualization and cloud. Therefore, doesn’t that mean enterprises need to be purchasing more virtualized firewalls instead?

The answer is no. While your network security solution needs to embrace the dynamic nature of virtualization and cloud, it most likely will be delivered via physical firewalls except when there are applications of different trust levels within a virtualized server. For this specific use case, (i.e. when applications of different trust levels reside within a virtualized server), East-West traffic inspection is most effectively delivered with a virtualized firewall.

Advertisement. Scroll to continue reading.

3) Be specific about the problems you want to solve

There are three fundamental network security use cases in the data center- safe application enablement, threat protection and network segmentation. The safe application enablement use case is fundamental; it is, after all, the primary objective of the data center. But, with threat protection, the focus should extend to modern attacks that are propagating via legitimate users in the network. Finally, the network segmentation use case will address compliance, containment and limit data exfiltration.

Assuming that there is additional budget for the data center after the above use cases are addressed, then it would be wise to address the challenge of distributed enterprise access—anytime, anywhere access to the data center using a variety of different devices and access types. BYOD and mobility (as described in my last SecurityWeek column) are ultimately data center challenges because they enable users to access corporate data from their personal devices wherever they are.

4) Don’t forget management, reporting and logging

Hand-in-hand with the actual network security spend should be equivalent spending on the management of these systems, and a real-time monitoring system that provides full visibility into what’s happening in your network. The configuration of virtual workloads and network security today are rigidly distinct functions, administered by independent IT administrators. Therefore, when selecting a network security management system, look for one that integrates with data center management and workflows, yet provides the ability to maintain independent security policy creation in the security IT administrator’s hands. In addition, the SIEM or big data monitoring system selected in the data center needs to be able to understand and incorporate security data.

5) Training your team

Part of the data center IT budget should also be allocated to training. Training will be necessary on new network security products and new software releases on those products. In addition, building a rapid response team that is prepared to tackle a potential breach in the network is critical. Only regular, consistent training can accomplish this.

According to Infonetics Research and their Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, enterprises participating in this survey spent an average of $14.6 million on data center security products in 2012, and expect to spend nearly $17 million in 2013. The goal to strive for as you budget for your data center network security spend will be to hit all of the five considerations above, while staying within this $17M budget.

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet