Digital transformation is by its very definition redefining how data centres are designed and services managed and deployed. In fact, much like the long-maligned ‘perimeter’ security model many once datacentre-centric workloads are evaporating and re-forming as more agile and elastic cloud-based operational models.
The DevOps movement has achieved many great things, in our opinion one of its greatest being an organisational transformation that in addition to helping development and operations teams come together has in so doing re-aligned these teams front and centre with business objectives. Now that’s the very essence of transformation!
As we approach Europe’s foremost cybersecurity industry event Infosecurity Europe 5-7 Jun at Olympia London, we couldn’t help but pose the very profound question “Time to transform data centre security?”.
Security Outpaced by DevOps
At the very heart of the matter is the fact that in this brave new digitally-transformed and software-defined world, security is quite simply being left behind (or worse still left out altogether). In the time it takes to say “log correlation!” or “forensic analysis!” your DevOps teams have just provisioned three new virtual-machines and five container pods, whilst migrating two bare-metal workloads to public cloud. The old way of security, so called negative security, collecting as much data as possible and combing it to hopefully find the bad stuff is immensely wasteful in terms of time and resources and just cannot scale or react quickly enough for ‘here right now but gone in 60 seconds’ post-transformational workloads.
Zero-Trust & DevSecOps
So the journey to transforming data centre security basically boils down to two key asks. Firstly, embed the security function in DevOps (aka DevSecOps) thereby re-aligning security with business objectives and the new way of developing, provisioning, configuring, monitoring and managing business applications. Secondly, adopt an entirely different and agile model for securing the data centre, a model which prioritises the detail of what’s permitted over hunting for bad, aka “zero-trust” or positive security models. It doesn’t mean ignoring the bad stuff altogether, but conceptually bad becomes exception handling rather than raison d’être.
There’s nothing especially new about zero-trust, Open Group’s Jericho Forum has been encouraging ‘de-perimeterisation’ for many years and Google adopted a zero-trust model for their ‘internal’ IT services several years ago after detailed study of alternatives. What has changed in recent years though are the snowballing challenges of data centre complexity and urgency to transform.
If you’d like to learn how Guardicore’s Centra can help your organisation transform data centre security, with seamless cross-platform hybrid-cloud workload visibility, process-level segmentation and zero-trust security then drop by stand B220 at Infosecurity Europe.