Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Security’s Last Refuge of Scoundrels: Infrastructure Upgrades

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

Patriotism is the last refuge of a scoundrel.” —Samuel Johnson

For the past 30 years, the entire computing industry has lived through well-understood upgrade cycles. Over time, applications became more powerful and in turn consumed more and more processing power and bandwidth. There is no better historical example than the “WinTel” partnership, where new processing power would be rapidly matched by new operating systems, new applications, forcing IT buyers to acquire new gear to get the latest and greatest computers.

But the world has now changed. We are evolving to agile, cloud-based computing models—where resources can be consumed on-demand and as-needed. This puts pressure on the decision between buying infrastructure versus renting compute and network cycles. This same decision model completely impacts security, which increasingly must work across both data center and cloud environments.

We the Containers

Infrastructure SecurityNot only do security managers need to contend with on-premise vs. public cloud computing decisions, they now need to support the microservices and container movement, pioneered by companies like Docker and Mesosphere. Container technologies change the role of infrastructure in the application cycle, making the latter dramatically more temporal and efficient. Security must be equally fast and agile.

As computing becomes more dynamic and distributed, it has to adapt. Traditional data center and cloud security was part of the infrastructure itself (e.g., firewalls, IDS, and network-segmentation approaches like ACLs, VLANs, security groups, and host-based security). Security was written and managed in the language of the network. However, when a container spins up for 3-5 minutes – or even seconds – does it make sense to spend days and weeks reconfiguring the network to secure it?

While the application once competed for the infrastructure, the infrastructure must now compete for the application. The same is true for security. Security must compete for the application.

Advertisement. Scroll to continue reading.

Ask not what your infrastructure can do for your security, but what security can do for your infrastructure

It is both naïve and wrong to ignore the role infrastructure plays in protecting data. Trusted networks trump untrusted networks. However, should security be a reason to upgrade networks or stay with proprietary compute architectures? What tradeoffs occur when tying your security so tightly to your infrastructure?

Simply upgrading the network is not the answer to agile computing, particularly in situations where hybrid infrastructures are in use and businesses may or may not control the infrastructure layer. Security professionals must ask themselves:

● How do you keep up with the speed of change when your infrastructure only turns over every two to five years?

● What happens when you do not own the infrastructure?

● How do you work in heterogeneous environments, across different infrastructures?

We must all hang together or assuredly we shall all hang separately

The biggest challenge network security faces in the data center is the lack of context of the data it is protecting. Without visibility into the computing layer itself—with the processes, services, and communications occurring on the atomic unit of an application, the workload—it is difficult to understand when threats occur and how much data center attack surface really is exposed to bad actors.

Infrastructure security must work in concert with more application and data center technologies and processes. Indeed, coordination among these elements can provide a higher level of visibility and trust to applications. Rather than think of a single perimeter, think of a range of perimeters, potentially coordinating with each other— a collection of intelligence assets that work in concert like an Air Force, Army, and Navy. There are different levels of sophistication involved in different kinds of breaches. Defense must work at different layers.

Security is unlikely to be the argument for upgrading infrastructure. But infrastructure must work with other security systems in the environment that actually protects the data itself.

Author’s note: Since the political season has started early here in America, I thought I would borrow a page from the political sloganeering world.

Written By

Alan has been a successful entre­pre­neur, technology executive, and board member for over 25 years for a range of iconic companies, including DCVC-backed Illumio, Nicira (acquired by VMware), Airespace (acquired by Cisco), Cisco (where he led the $25 billion enterprise marketing and solutions orga­ni­za­tion), General Growth Properties, and IBM. He has authored over 200 articles, undertaken over 1,000 press interviews, and delivered over 100 keynotes at industry conferences. He received a bachelor’s degree in English from SUNY Buffalo, a master’s degree in English from the University of Vermont, a master’s degree in inter­na­tional affairs and economics from the American University School of Inter­na­tional Service, and an MBA from New York University.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.