Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Top Five Things to Consider For Your Data Center Security Spend

No matter which way you slice and dice the numbers, the data center is typically one of the most costly items within an enterprise IT budget. The costs are high not only from a CapEx perspective but also from the day to day operations of keeping servers up and running.

No matter which way you slice and dice the numbers, the data center is typically one of the most costly items within an enterprise IT budget. The costs are high not only from a CapEx perspective but also from the day to day operations of keeping servers up and running.

When faced with the daunting costs of a data center, it can be easy to allocate for security only as an afterthought, or to only assign a small percentage of the IT budget to security. But, choosing the right network security solution is “budget smart”, and can actually increase the productivity and efficiency of the data center in the long run. Here are the top five things to consider:

1) Choose a network security solution that is agile

As background, let’s revisit the limitations of traditional security within a nimble, dynamic, virtualized data center environment. Within a virtualized data center environment, a virtual machine can be provisioned in minutes. In order to enable security features, the traffic flows within the virtual environment need to be traffic engineered to the right firewall. Security policies then need to be approved and manually provisioned within the firewall via a change control process. This process – approval of policy changes to accommodate a new application and making the right changes on the right firewall — can take weeks if not months. Security therefore becomes the biggest barrier for enterprises in keeping up with the demands of the business.

As you prioritize your data center security budget, your network security solution needs to not only deliver the fundamentals of safe application enablement and threat protection but must support automation and orchestration, and must track virtualized workloads for consistent policy protection. This will then help increase the efficiency of your data center in the long run.

2) Prioritize physical over virtualized hardware

Prioritize physical network security appliances over virtualized network security appliances? But wait, you say. In the section above, I said it is important for the network security solution in the data center to be nimble and address the dynamic nature of virtualization and cloud. Therefore, doesn’t that mean enterprises need to be purchasing more virtualized firewalls instead?

The answer is no. While your network security solution needs to embrace the dynamic nature of virtualization and cloud, it most likely will be delivered via physical firewalls except when there are applications of different trust levels within a virtualized server. For this specific use case, (i.e. when applications of different trust levels reside within a virtualized server), East-West traffic inspection is most effectively delivered with a virtualized firewall.

Advertisement. Scroll to continue reading.

3) Be specific about the problems you want to solve

There are three fundamental network security use cases in the data center- safe application enablement, threat protection and network segmentation. The safe application enablement use case is fundamental; it is, after all, the primary objective of the data center. But, with threat protection, the focus should extend to modern attacks that are propagating via legitimate users in the network. Finally, the network segmentation use case will address compliance, containment and limit data exfiltration.

Assuming that there is additional budget for the data center after the above use cases are addressed, then it would be wise to address the challenge of distributed enterprise access—anytime, anywhere access to the data center using a variety of different devices and access types. BYOD and mobility (as described in my last SecurityWeek column) are ultimately data center challenges because they enable users to access corporate data from their personal devices wherever they are.

4) Don’t forget management, reporting and logging

Hand-in-hand with the actual network security spend should be equivalent spending on the management of these systems, and a real-time monitoring system that provides full visibility into what’s happening in your network. The configuration of virtual workloads and network security today are rigidly distinct functions, administered by independent IT administrators. Therefore, when selecting a network security management system, look for one that integrates with data center management and workflows, yet provides the ability to maintain independent security policy creation in the security IT administrator’s hands. In addition, the SIEM or big data monitoring system selected in the data center needs to be able to understand and incorporate security data.

5) Training your team

Part of the data center IT budget should also be allocated to training. Training will be necessary on new network security products and new software releases on those products. In addition, building a rapid response team that is prepared to tackle a potential breach in the network is critical. Only regular, consistent training can accomplish this.

According to Infonetics Research and their Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, enterprises participating in this survey spent an average of $14.6 million on data center security products in 2012, and expect to spend nearly $17 million in 2013. The goal to strive for as you budget for your data center network security spend will be to hit all of the five considerations above, while staying within this $17M budget.

Written By

Danelle is a seasoned product and solutions marketing leader with expertise in bringing disruptive security, cloud and AI technologies to market. She has more than 20 years of experience building and scaling GTM teams and positioning companies for growth — from early stage startups to IPO. Prior to Infoblox, Danelle held multiple Chief Marketing Officer roles, including Ordr, Blue Hexagon (acquired by Qualys) and SafeBreach where she helped define and build a new market category. She was also VP strategy and marketing at Adallom (acquired by Microsoft) and played a key role in Palo Alto Networks growth through IPO as a leader in solutions marketing. Earlier in her career, she held senior product management roles at Cisco, overseeing security, networking and VoIP products. She was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. patents. She has an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.