Connect with us

Hi, what are you looking for?


Network Security

Security’s Last Refuge of Scoundrels: Infrastructure Upgrades

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

For the past 30 years, the entire computing industry has lived through well-understood upgrade cycles. Over time, applications became more powerful and in turn consumed more and more processing power and bandwidth. There is no better historical example than the “WinTel” partnership, where new processing power would be rapidly matched by new operating systems, new applications, forcing IT buyers to acquire new gear to get the latest and greatest computers.

But the world has now changed. We are evolving to agile, cloud-based computing models—where resources can be consumed on-demand and as-needed. This puts pressure on the decision between buying infrastructure versus renting compute and network cycles. This same decision model completely impacts security, which increasingly must work across both data center and cloud environments.

We the Containers

Infrastructure SecurityNot only do security managers need to contend with on-premise vs. public cloud computing decisions, they now need to support the microservices and container movement, pioneered by companies like Docker and Mesosphere. Container technologies change the role of infrastructure in the application cycle, making the latter dramatically more temporal and efficient. Security must be equally fast and agile.

As computing becomes more dynamic and distributed, it has to adapt. Traditional data center and cloud security was part of the infrastructure itself (e.g., firewalls, IDS, and network-segmentation approaches like ACLs, VLANs, security groups, and host-based security). Security was written and managed in the language of the network. However, when a container spins up for 3-5 minutes – or even seconds – does it make sense to spend days and weeks reconfiguring the network to secure it?

While the application once competed for the infrastructure, the infrastructure must now compete for the application. The same is true for security. Security must compete for the application.

Ask not what your infrastructure can do for your security, but what security can do for your infrastructure

Advertisement. Scroll to continue reading.

It is both naïve and wrong to ignore the role infrastructure plays in protecting data. Trusted networks trump untrusted networks. However, should security be a reason to upgrade networks or stay with proprietary compute architectures? What tradeoffs occur when tying your security so tightly to your infrastructure?

Simply upgrading the network is not the answer to agile computing, particularly in situations where hybrid infrastructures are in use and businesses may or may not control the infrastructure layer. Security professionals must ask themselves:

● How do you keep up with the speed of change when your infrastructure only turns over every two to five years?

● What happens when you do not own the infrastructure?

● How do you work in heterogeneous environments, across different infrastructures?

We must all hang together or assuredly we shall all hang separately

The biggest challenge network security faces in the data center is the lack of context of the data it is protecting. Without visibility into the computing layer itself—with the processes, services, and communications occurring on the atomic unit of an application, the workload—it is difficult to understand when threats occur and how much data center attack surface really is exposed to bad actors.

Infrastructure security must work in concert with more application and data center technologies and processes. Indeed, coordination among these elements can provide a higher level of visibility and trust to applications. Rather than think of a single perimeter, think of a range of perimeters, potentially coordinating with each other— a collection of intelligence assets that work in concert like an Air Force, Army, and Navy. There are different levels of sophistication involved in different kinds of breaches. Defense must work at different layers.

Security is unlikely to be the argument for upgrading infrastructure. But infrastructure must work with other security systems in the environment that actually protects the data itself.

Author’s note: Since the political season has started early here in America, I thought I would borrow a page from the political sloganeering world.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...