Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Security’s Last Refuge of Scoundrels: Infrastructure Upgrades

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

For the past 30 years, the entire computing industry has lived through well-understood upgrade cycles. Over time, applications became more powerful and in turn consumed more and more processing power and bandwidth. There is no better historical example than the “WinTel” partnership, where new processing power would be rapidly matched by new operating systems, new applications, forcing IT buyers to acquire new gear to get the latest and greatest computers.

But the world has now changed. We are evolving to agile, cloud-based computing models—where resources can be consumed on-demand and as-needed. This puts pressure on the decision between buying infrastructure versus renting compute and network cycles. This same decision model completely impacts security, which increasingly must work across both data center and cloud environments.

We the Containers

Infrastructure SecurityNot only do security managers need to contend with on-premise vs. public cloud computing decisions, they now need to support the microservices and container movement, pioneered by companies like Docker and Mesosphere. Container technologies change the role of infrastructure in the application cycle, making the latter dramatically more temporal and efficient. Security must be equally fast and agile.

As computing becomes more dynamic and distributed, it has to adapt. Traditional data center and cloud security was part of the infrastructure itself (e.g., firewalls, IDS, and network-segmentation approaches like ACLs, VLANs, security groups, and host-based security). Security was written and managed in the language of the network. However, when a container spins up for 3-5 minutes – or even seconds – does it make sense to spend days and weeks reconfiguring the network to secure it?

While the application once competed for the infrastructure, the infrastructure must now compete for the application. The same is true for security. Security must compete for the application.

Ask not what your infrastructure can do for your security, but what security can do for your infrastructure

It is both naïve and wrong to ignore the role infrastructure plays in protecting data. Trusted networks trump untrusted networks. However, should security be a reason to upgrade networks or stay with proprietary compute architectures? What tradeoffs occur when tying your security so tightly to your infrastructure?

Simply upgrading the network is not the answer to agile computing, particularly in situations where hybrid infrastructures are in use and businesses may or may not control the infrastructure layer. Security professionals must ask themselves:

● How do you keep up with the speed of change when your infrastructure only turns over every two to five years?

● What happens when you do not own the infrastructure?

● How do you work in heterogeneous environments, across different infrastructures?

We must all hang together or assuredly we shall all hang separately

The biggest challenge network security faces in the data center is the lack of context of the data it is protecting. Without visibility into the computing layer itself—with the processes, services, and communications occurring on the atomic unit of an application, the workload—it is difficult to understand when threats occur and how much data center attack surface really is exposed to bad actors.

Infrastructure security must work in concert with more application and data center technologies and processes. Indeed, coordination among these elements can provide a higher level of visibility and trust to applications. Rather than think of a single perimeter, think of a range of perimeters, potentially coordinating with each other— a collection of intelligence assets that work in concert like an Air Force, Army, and Navy. There are different levels of sophistication involved in different kinds of breaches. Defense must work at different layers.

Security is unlikely to be the argument for upgrading infrastructure. But infrastructure must work with other security systems in the environment that actually protects the data itself.

Author’s note: Since the political season has started early here in America, I thought I would borrow a page from the political sloganeering world.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).