Tom Corn at VMworld.

Image: Conner Forrest/TechRepublic

If you want to know what’s wrong with modern IT security, it might be better to look back in time then to look to the future.

Tom Corn, senior vice president of security products for VMware, said that problems with IT security are analogous to older defense trends we’ve seen in the history of warfare, but the battlefield has changed, making our common strategies ineffective.

As part of a breakout session that Corn led at the company’s VMworld conference, he explained the aspects of this changing battlefield and why he believes that the software-defined data center (SDDC) is the answer.

Corn began by outlining some of the common financial trends seen in battle. The arms race has both sides going back and forth with increased investments in weapons and defenses trying to out-do their competitors. The diminishing returns strategy sees combatants continually investing in a particular area until it eventually becomes less and less effective, relative to that investment.

Finally, there is the battlefield change and misalignment. In this trend, no matter the investment, the effectiveness of defense will fall due to changes in the battlefield and an eventual misalignment with what it’s protecting based on this new battlefield. This is the trend that Corn said we are seeing in security. Our strategies don’t align with what we are trying to protect because the IT security battlefield has changed.

For example, think of the walled cities you commonly associate with the feudal system and kings and queens. When the feudal system fell and standing armies began to get more mobile, the walls were less effective. Another example is the aerial warfare in World War I, which made investments in trench warfare defense obsolete.

The traditional data center, Corn said, is a walled city. In our city, though, we don’t have people and buildings, we have servers, applications, and networking tools. Currently, our fundamental policies aren’t about servers, however, they are about people—such as who has access to what. Corn’s argument was that we need more security at the infrastructure layer.

A modern attack has four steps: Intrusion, propagation, extraction, and exfiltration. Intrusion is the only part of the attack that happens outside of our walled city, yet it is the most addressed aspect of the problem. Of the billions of dollars spent on security, Corn said, IT is spending 80% to stop infiltration, while far too little is spent on addressing the three steps of the attack that are happening within the city—propagation, extraction, and exfiltration.

So, if this solution is so simple, the question becomes why haven’t we done it yet?

“Because it’s extraordinarily difficult to do that,” Corn said.

Primarily, it’s difficult for architectural reasons because of three key aspects of a modern data center:

  1. Hyper-connected compute base
  2. Distributed policies
  3. Context/isolation tradeoff

We have commingled multi-tier apps on common infrastructure and we aren’t addressing them properly. The answer, Corn said, is actually surprisingly simple.

“Build a different data center for each of your applications,” Corn said.

Obviously, we can’t go build physical data centers for each app, but Corn contends that we can create virtual ones by utilizing virtual networks, software containers, and virtual machines. The SDDC provides what we need to alter our approach to security, Corn said.

One of the keys is exposing structural context to policy management. Additionally, the SDDC aligns investment to risk as it helps align controls to each other and to what they were put in place to protect, so you can have more control over security. It also compartmentalizes the environment, so a breach of one thing isn’t a breach of other things.

As noted from the first day of the 2015 VMworld conference, VMware is taking steps to scale out the SDDC, so it makes sense that Corn would be pushing it as a security solution in the data center. But, there are other specific tools that he said VMware is in the process of developing that will be available next year.

Distributed network encryption is one tool they are working on to make encryption a checkbox within micro segmentation. Secondly, VMware is working on an advanced endpoint security tool called Project Goldilocks, which is a module that exists in the kernel layer that lets you run trusted code and monitor critical data. Finally, the company will be leveraging orchestration and security management to provide better security posture management and automated workflow through a project that is codenamed DEFCON.

Also see

View original post here – 

The software-defined data center: Security is a battlefield