According to a recent survey (PDF) of 240 information security professionals around the globe, network operations and applications owners to determine how security management affects organizations’ agility with regards to connectivity of critical applications in the modern data center. Something that struck me right away from the findings was that while many organizations are planning to migrate critical business applications from physical infrastructure to private, public or hybrid clouds, more than two-thirds of organizations encounter application connectivity disruptions or outages during data center migration projects.
Considering cloud migrations are a rising trend, this is a concerning issue. There is so much complexity baked into applications that comprise of numerous servers, networking and storage components as well as security infrastructure that spinning up a new application or making an update is fraught with risk. Many organizations today lack the necessary visibility of their application connectivity requirements and the underlying security policies. And when conducting a data center migration, these challenges are magnified. Before you make your move to the cloud, here are a few things to consider:
The Move to the Cloud is a Business Decision, but Security Management Goes Hand-in-Hand
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications as we’re in an application-driven business environment. If a critical application is down or performing at a non-peak level, the business will suffer. At a technical level, it’s understanding that most firewall changes are driven by business application connectivity needs and understanding the impact to these applications and to the network by making sure that you can associate all firewall change requests to the appropriate application.
Consider the Risk of Decommissioned Applications
When decommissioning applications or servers in the data center, many IT professionals have to manually identify firewall rules to change and if left in place, many unnecessary access rules are left creating security risk. Oftentimes, organizations simply leave those access rules in place because they don’t have the comfort level to remove those rules for fear of causing an outage. While you certainly don’t want to break the connectivity for a critical application, you also should have a plan to remove that unneeded access because more access leaves gaps for bad guys to exploit. Use your firewall rules (hopefully there is decent firewall rule documentation) to identify network components and applications that may be related to effectively remove unneeded access, without impacting the business.
Prioritize Network Vulnerabilities the Way You Want
Organizations want to prioritize network vulnerabilities by business application. Nearly half of respondents in the survey wanted to view risk by the business application. With this type of visibility, security teams can more effectively communicate with business owners and enable them to “own the risk”.
Reduce Complexity
Complexity is a killer of security and agility. Today’s enterprise network has more business applications with complex, multi-tier architectures, multiple components, and intricate, underlying communication patterns that are driving network security policies. An individual “communication” may need to cross several policy enforcement points, while individual rules, in turn, support multiple distinct applications. This complexity typically involves hundreds, or even thousands of rules, with many potential interdependencies, configured across tens to hundreds of devices, which equally supports as many business-critical applications. The sheer complexity of any given network can lead to a lot of mistakes, especially when it comes to multiple firewalls with complex rule sets. Simplifying security management processes through automation and an application-centric approach is a must.
These are just a few security management considerations to take in while you continue in your plans to move critical business applications to the cloud. There are many valid reasons for moving to the cloud, but you must remember the implications of poor security management and how improvements here can not only ensure tighter security, but also a data center that is more agile and supportive of the business.
