• Like

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Simplifying Security Management in the Virtual Data Center

  • 576 views
Published

As enterprise data centers evolve to private and hybrid clouds, orchestration and automation are key to unleashing business agility. …

As enterprise data centers evolve to private and hybrid clouds, orchestration and automation are key to unleashing business agility.
But for most organizations, managing security and application connectivity involves manual, time-consuming processes that are error-prone and slow down the business. Complex application connectivity requirements, bloated firewall policies, poor processes and lack of communication between application developers, network and security teams create business disruptions and expose organizations to risk.

Join AlgoSec and guest Forrester Research to learn how organizations can automate security operations in the data center to manage security at the speed of business. By attending you will learn:

* How the concept of Zero Trust enables the business and minimizes risk
* Why management is the new backplane and security policy orchestration is critical in virtual environments
* How to ensure security policy accuracy throughout data center migration and consolidation projects
* How to securely deploy, maintain and decommission connectivity for data center applications

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
576
On SlideShare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The AlgoSec Suite is made up of 3 separate yet tightly integrated products.BusinessFlow provides an application-centric approach to managing the security policy. It discovers and maintains visibility of application connectivity requirements so you canProcess connectivity changes for applications faster and more accuratelySecurely remove access for decommissioned applicationsUnderstand the impact your network security infrastructure has on business applications, and vice-versaBusinessFlow automatically translates vague application connectivity needs into concrete firewall rules that the network teams can implement. Application owners can request connectivity in their language (E.g. connect the webserver to the database) and BusinessFlow discovers what (if any) devices and rules needs to change.Firewall Analyzer connects and understands your security infrastructure, including firewalls from all the leading vendors, routers, switches and web proxies. Firewall Analyzer pulls configurations from these devices and gives you complete visibility and control of your policy to automate and streamline daily firewall operations such as –Troubleshooting (E.g. Which firewall(s) and rule(s) are blocking traffic from point A to point B)AuditingBaseline configuration complianceRisky rule analysis and much moreThe third and final component of the suite is FireFlow, which automates the security change process. FireFlow adds network and firewall intelligence to the change process, and complements ticketing systems such as Remedy and ServiceNow, so you can process changes 2x-4x faster and with greater accuracy.Capabilities include automatically discovering devices and rules that need to change and automatically closing changes which “already work” – as many as 30% of requests! Optimal design of new rules and object minimize policy clutter, and automatic validation of correct implementation eliminates re-opening of tickets.FireFlow also guarantees continuous compliance by proactively simulating and checking every change before it is implements. With this approach, organizations ensure they are compliant at all times and do not have to resort to periodic “house cleaning” projects in time for an audit.

Transcript

  • 1. How to Accelerate and Simplify Security Management in the Virtual Data Center
  • 2. Meet our Presenters Rick Holland Nimmy Reichenberg Principal Analyst Forrester Research Inc. @rickhholland VP of Marketing and Strategy AlgoSec Nimrod.reichenberg@algosec.com 2
  • 3. The Security Management Balancing Act Prevent Cyber Attacks Enable Business Applications Firewall Breaches Data Center Automation 5% Vulnerabilities Resource Server Security Minutes Security Access Agility Minutes Storage 95% Misconfiguration Time to Provision Days/Weeks
  • 4. Source: The State of Network Security 2013
  • 5. Data Center Scenarios Data Center Migration/Consolidation Migrating Applications to the Cloud Ongoing Datacenter Operations Challenges Challenges Challenges • Reconstructing the security policy for the new data center • Ensuring required connectivity between migrated servers • Ensuring connectivity between onsite and cloud application components • Removing access no longer needed for decomissioned legacy servers • Ensuring faster service delivery and improved availability • Streamlining security policy change management • Application-centric risk and compliance management Confidential
  • 6. What Customers are Saying AlgoSec helped us reduce 80% of the time required to migrate the security of our applications as part of our data center consolidation project Watch Video - Bruno Rolleau, Network Security Architect, Sanofi Confidential
  • 7. Simplifying Security Management in the Virtual Datacenter Rick Holland, Principal Analyst Tuesday October 22, 2013 @rickhholland
  • 8. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 8
  • 9. IT budget allocation 40% of the 2013 enterprise IT Enterprises make significant investments in hardware and infrastructure budget went to hardware and infrastructure, on average. Base: 878 enterprise IT hardware decision-makers © 2013 Forrester Research, Inc. Reproduction Prohibited 9
  • 10. Hardware & infrastructure budget Budget % The datacenter and servers account for 67% of the hardware and infrastructure budget 16% Systems management 17% Storage 18% 23% 26% Data center networking equipment Servers and server operating systems Data center and IT facilities Base: 842 enterprise IT hardware decision-makers © 2013 Forrester Research, Inc. Reproduction Prohibited 10
  • 11. Profit, margin, revenue Firms are looking to reduce expenses while enabling the business
  • 12. Consolidation reduces expenses 63% plan data center consolidation “Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?” High priority Critical priority Maintain or implement broad use of server virtualization 52% 52% Consolidate IT infrastructure via… Automate the management of virtualized servers to … 25% 25% 48% 20% Purchase or upgrade disaster recovery and business… 42% Consolidate IT infrastructure via data center… 42% 21% Develop a comprehensive cloud strategy for IT… 41% 21% Build an internal private cloud operated by IT Use public cloud platform(s) (IaaS and/or PaaS) at a… 24% 36% 33% 19% 16% Base: 1,083 enterprise IT hardware decision-makers Source: Forrsights Hardware Survey, Q3 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 12
  • 13. Virtualization enables the business “Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?” Respondents who selected “High priority” or “Critical priority” High priority Critical priority Maintain or implement broad use of server virtualization 52% 52% Consolidate IT infrastructure via… Automate the management of virtualized servers to … 25% 25% 48% 20% Purchase or upgrade disaster recovery and business… 42% Consolidate IT infrastructure via data center… 42% 21% Develop a comprehensive cloud strategy for IT… 41% 21% Build an internal private cloud operated by IT Use public cloud platform(s) (IaaS and/or PaaS) at a… 24% 36% 33% 19% 16% Base: 1,083 enterprise IT hardware decision-makers Source: Forrsights Hardware Survey, Q3 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 13
  • 14. And security pros are concerned “How concerned are you with the risk that the following initiatives or technologies could introduce in your firm?” Respondents who selected “4” or “5 – Very concerned” 2013 (N = 955) 2012 (N = 1,124) 43% Application virtualization Desktop virtualization Virtualization in the data center (e.g., storage, server) 23% 38% 19% 45% 26% Base: North American and European enterprise IT security decision-makers Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 14
  • 15. No shortage of virtualization concerns “How concerned is your firm with the following for virtual environments?” Respondents who selected “4” or “5 – Very concerned” 2013 (N = 576) 2012 (N = 586) Complexity of virtual environment Attacks against virtualization infrastructure including hypervisor 54% 43% 53% 30% Configuration management within the virtual environment Insider threat resulting from lack of separation of duties for privileged users Limited visibility into virtual environment 55% 40% Maintaining compliance within the virtual environment Virtual environments in general 56% 42% 38% 38% 33% 53% 51% 49% Base: North American and European enterprise IT security decision-makers Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 15
  • 16. Average Length of Time to Process Application Connectivity Change 1 week+ 7% 3-7 days 11% 1-2 days 13% up to 1 day 14% 1-3 hours 23% 4-8 hours 18% 8-12 hours 14% Source: Examining the Impact of Security Management on the Business 2013
  • 17. What do these trends mean for security professionals? Virtualization should be a top priority for your security organization If you lack visibility, you cannot understand the risk implications of the virtual data center You must understand how your applications communicate You need an operationally effective means to do this © 2013 Forrester Research, Inc. Reproduction Prohibited 17
  • 18. Time for a new strategy Get with the program
  • 19. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 19
  • 20. Which one goes to the Internet? UNTRUSTED TRUSTED
  • 21. Zero Trust UNTRUSTED UNTRUSTED
  • 22. Concepts of zero trust All resources are accessed in a secure manner regardless of location. Access control is on a “need-to-know” basis and is strictly enforced. Verify and never trust. Visibility: Inspect and log all traffic. The network is designed from the inside out.
  • 23. Visibility: inspect and log all traffic Enterprises struggle with visibility inside the traditional data center Visibility into the resources within the virtual data center is even more of a challenge Can you see into application communications within your virtual environment? What about intra-vm communications? © 2013 Forrester Research, Inc. Reproduction Prohibited 26
  • 24. The network is designed from the inside out Visibility is required to design networks We need a data centric approach, and data exists within applications If you don’t understand how applications communicate how can you securely enable them We are strategic when we design networks around critical data within applications © 2013 Forrester Research, Inc. Reproduction Prohibited 27
  • 25. Zero Trust › Understanding applications (data) is the foundation of Zero Trust network design. › Architecting Zero Trust networks is ideal when consolidating data centers and virtualizing applications. › But the traditional approaches to enabling applications and segmenting networks aren’t effective and don’t scale. © 2013 Forrester Research, Inc. Reproduction Prohibited 28
  • 26. Confidential
  • 27. Confidential
  • 28. Confidential
  • 29. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 32
  • 30. Its all about operations Understand that if operational requirements are too great, solution WON’T be maximized © 2013 Forrester Research, Inc. Reproduction Prohibited 33
  • 31. What inhibits this? Self imposed operational friction › Bad for the business and bad operations • Complex application communication requirements • Bloated firewall rule sets • Lack of tools • Immature process and oversight • Poor communication between information security, application owners and network operations © 2013 Forrester Research, Inc. Reproduction Prohibited 34
  • 32. You need a solution that reduces friction What to look for in a solution Application discovery function Function that speeds the discovery of application communications Self service Ability for application owners to request provisioning/deprovisioning of applications Integrations No point solutions here, look for offerings that integrate into your firewall and change management solutions Virtualization capable Must be able to enable automation within the virtual data center. Solution must be scalable enough to address nuances of virtual environment. © 2013 Forrester Research, Inc. Reproduction Prohibited 35
  • 33. Technology is only one aspect › We cannot forget about the other areas › Foster relationships › Look for technologies solutions that facilitate oversight, people and process activities © 2013 Forrester Research, Inc. Reproduction Prohibited Oversight Process People Technology 36
  • 34. Looking ahead › If you can’t securely enable applications within your own data center, how can you expect to be successful in the cloud? © 2013 Forrester Research, Inc. Reproduction Prohibited 37
  • 35. Thank you Rick Holland rholland@forrester.com Twitter: @rickhholland
  • 36. The AlgoSec Suite Application Owners Network Operations Security AlgoSec Security Management Suite BusinessFlow Firewall Analyzer Business Application Connectivity Mgmt Business Applications FireFlow Security Policy Change Automation Security Policy Analysis & Audit Security Infrastructure Confidential
  • 37. Business Impact gility lignment • Faster security provisioning of business applications • Accelerated data center migrations • Automated firewall operations • Effectively react to network and application changes • Process changes up to 4x faster daptability • Streamline communication between teams • Enable true accountability and governance Benefits Accurate configuration ensures • Business continuity • Stronger security posture • Continuous Compliance ssurance Confidential
  • 38. Q&A and Next Steps The Case & Criteria for ApplicationCentric Security Policy Management www.algosec.com/application Simplifying Security Management in the Virtual Data Center www.algosec.com/datacenter Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval
  • 39. Managing Security at the Speed of Business www.AlgoSec.com Connect with AlgoSec on: