How to Accelerate and Simplify Security
Management in the Virtual Data Center
Meet our Presenters

Rick Holland

Nimmy Reichenberg

Principal Analyst
Forrester Research Inc.
@rickhholland

VP of Marke...
The Security Management Balancing Act
Prevent Cyber
Attacks

Enable Business
Applications

Firewall Breaches

Data Center ...
Source: The State of Network Security 2013
Data Center Scenarios
Data Center
Migration/Consolidation

Migrating Applications
to the Cloud

Ongoing Datacenter
Operati...
What Customers are Saying
AlgoSec helped us reduce
80% of the time required to
migrate the security of our
applications as...
Simplifying Security
Management in the Virtual
Datacenter
Rick Holland, Principal Analyst

Tuesday October 22, 2013
@rickh...
Agenda

› The virtual datacenter is coming
› Prepare for it & implement a Zero
Trust network

› How to overcome operationa...
IT budget allocation

40% of the 2013 enterprise IT

Enterprises make
significant
investments in
hardware and
infrastructu...
Hardware & infrastructure budget
Budget %

The datacenter and
servers account for
67% of the hardware
and infrastructure
b...
Profit, margin, revenue
Firms are looking to
reduce expenses
while enabling the
business
Consolidation reduces expenses
63% plan data center consolidation
“Which of the following initiatives are likely to be you...
Virtualization enables the business
“Which of the following initiatives are likely to be your firm’s/organization’s top
ha...
And security pros are concerned
“How concerned are you with the risk that the following initiatives or technologies could ...
No shortage of virtualization concerns
“How concerned is your firm with the following for virtual environments?”
Responden...
Average Length of Time to Process Application
Connectivity Change
1 week+
7%
3-7 days
11%

1-2 days
13%

up to 1 day
14%

...
What do these trends mean for security
professionals?
Virtualization should be a top priority for your security
organizati...
Time for a new strategy
Get with the program
Agenda

› The virtual datacenter is coming
› Prepare for it & implement a Zero
Trust network

› How to overcome operationa...
Which one goes to the Internet?

UNTRUSTED

TRUSTED
Zero Trust

UNTRUSTED

UNTRUSTED
Concepts of zero trust
All resources are accessed in a secure
manner regardless of location.
Access control is on a “need-...
Visibility: inspect and log all traffic
Enterprises struggle with visibility inside the
traditional data center
Visibility...
The network is designed from the inside
out
Visibility is required to design networks

We need a data centric approach, an...
Zero Trust

› Understanding applications (data) is the
foundation of Zero Trust network design.

› Architecting Zero Trust...
Confidential
Confidential
Confidential
Agenda

› The virtual datacenter is coming
› Prepare for it & implement a Zero
Trust network

› How to overcome operationa...
Its all about operations

Understand that if operational
requirements are too great, solution
WON’T be maximized
© 2013 Fo...
What inhibits this?
Self imposed operational friction

› Bad for the business and bad operations
• Complex application com...
You need a solution that reduces friction
What to look for in a solution

Application discovery function

Function that sp...
Technology is only one aspect

› We cannot forget

about the other areas

› Foster relationships
› Look for technologies
s...
Looking ahead

› If you can’t securely
enable applications within
your own data center, how
can you expect to be
successfu...
Thank you
Rick Holland
rholland@forrester.com
Twitter: @rickhholland
The AlgoSec Suite
Application Owners

Network Operations

Security

AlgoSec Security Management Suite

BusinessFlow

Firew...
Business Impact
gility

lignment

• Faster security provisioning
of business applications
• Accelerated data center
migrat...
Q&A and Next Steps
The Case & Criteria for ApplicationCentric Security Policy Management
www.algosec.com/application

Simp...
Managing Security at the Speed of Business
www.AlgoSec.com

Connect with AlgoSec on:
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
Upcoming SlideShare
Loading in...5
×

Simplifying Security Management in the Virtual Data Center

707

Published on

As enterprise data centers evolve to private and hybrid clouds, orchestration and automation are key to unleashing business agility.
But for most organizations, managing security and application connectivity involves manual, time-consuming processes that are error-prone and slow down the business. Complex application connectivity requirements, bloated firewall policies, poor processes and lack of communication between application developers, network and security teams create business disruptions and expose organizations to risk.

Join AlgoSec and guest Forrester Research to learn how organizations can automate security operations in the data center to manage security at the speed of business. By attending you will learn:

* How the concept of Zero Trust enables the business and minimizes risk
* Why management is the new backplane and security policy orchestration is critical in virtual environments
* How to ensure security policy accuracy throughout data center migration and consolidation projects
* How to securely deploy, maintain and decommission connectivity for data center applications

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
707
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The AlgoSec Suite is made up of 3 separate yet tightly integrated products.BusinessFlow provides an application-centric approach to managing the security policy. It discovers and maintains visibility of application connectivity requirements so you canProcess connectivity changes for applications faster and more accuratelySecurely remove access for decommissioned applicationsUnderstand the impact your network security infrastructure has on business applications, and vice-versaBusinessFlow automatically translates vague application connectivity needs into concrete firewall rules that the network teams can implement. Application owners can request connectivity in their language (E.g. connect the webserver to the database) and BusinessFlow discovers what (if any) devices and rules needs to change.Firewall Analyzer connects and understands your security infrastructure, including firewalls from all the leading vendors, routers, switches and web proxies. Firewall Analyzer pulls configurations from these devices and gives you complete visibility and control of your policy to automate and streamline daily firewall operations such as –Troubleshooting (E.g. Which firewall(s) and rule(s) are blocking traffic from point A to point B)AuditingBaseline configuration complianceRisky rule analysis and much moreThe third and final component of the suite is FireFlow, which automates the security change process. FireFlow adds network and firewall intelligence to the change process, and complements ticketing systems such as Remedy and ServiceNow, so you can process changes 2x-4x faster and with greater accuracy.Capabilities include automatically discovering devices and rules that need to change and automatically closing changes which “already work” – as many as 30% of requests! Optimal design of new rules and object minimize policy clutter, and automatic validation of correct implementation eliminates re-opening of tickets.FireFlow also guarantees continuous compliance by proactively simulating and checking every change before it is implements. With this approach, organizations ensure they are compliant at all times and do not have to resort to periodic “house cleaning” projects in time for an audit.
  • Simplifying Security Management in the Virtual Data Center

    1. 1. How to Accelerate and Simplify Security Management in the Virtual Data Center
    2. 2. Meet our Presenters Rick Holland Nimmy Reichenberg Principal Analyst Forrester Research Inc. @rickhholland VP of Marketing and Strategy AlgoSec Nimrod.reichenberg@algosec.com 2
    3. 3. The Security Management Balancing Act Prevent Cyber Attacks Enable Business Applications Firewall Breaches Data Center Automation 5% Vulnerabilities Resource Server Security Minutes Security Access Agility Minutes Storage 95% Misconfiguration Time to Provision Days/Weeks
    4. 4. Source: The State of Network Security 2013
    5. 5. Data Center Scenarios Data Center Migration/Consolidation Migrating Applications to the Cloud Ongoing Datacenter Operations Challenges Challenges Challenges • Reconstructing the security policy for the new data center • Ensuring required connectivity between migrated servers • Ensuring connectivity between onsite and cloud application components • Removing access no longer needed for decomissioned legacy servers • Ensuring faster service delivery and improved availability • Streamlining security policy change management • Application-centric risk and compliance management Confidential
    6. 6. What Customers are Saying AlgoSec helped us reduce 80% of the time required to migrate the security of our applications as part of our data center consolidation project Watch Video - Bruno Rolleau, Network Security Architect, Sanofi Confidential
    7. 7. Simplifying Security Management in the Virtual Datacenter Rick Holland, Principal Analyst Tuesday October 22, 2013 @rickhholland
    8. 8. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 8
    9. 9. IT budget allocation 40% of the 2013 enterprise IT Enterprises make significant investments in hardware and infrastructure budget went to hardware and infrastructure, on average. Base: 878 enterprise IT hardware decision-makers © 2013 Forrester Research, Inc. Reproduction Prohibited 9
    10. 10. Hardware & infrastructure budget Budget % The datacenter and servers account for 67% of the hardware and infrastructure budget 16% Systems management 17% Storage 18% 23% 26% Data center networking equipment Servers and server operating systems Data center and IT facilities Base: 842 enterprise IT hardware decision-makers © 2013 Forrester Research, Inc. Reproduction Prohibited 10
    11. 11. Profit, margin, revenue Firms are looking to reduce expenses while enabling the business
    12. 12. Consolidation reduces expenses 63% plan data center consolidation “Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?” High priority Critical priority Maintain or implement broad use of server virtualization 52% 52% Consolidate IT infrastructure via… Automate the management of virtualized servers to … 25% 25% 48% 20% Purchase or upgrade disaster recovery and business… 42% Consolidate IT infrastructure via data center… 42% 21% Develop a comprehensive cloud strategy for IT… 41% 21% Build an internal private cloud operated by IT Use public cloud platform(s) (IaaS and/or PaaS) at a… 24% 36% 33% 19% 16% Base: 1,083 enterprise IT hardware decision-makers Source: Forrsights Hardware Survey, Q3 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 12
    13. 13. Virtualization enables the business “Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?” Respondents who selected “High priority” or “Critical priority” High priority Critical priority Maintain or implement broad use of server virtualization 52% 52% Consolidate IT infrastructure via… Automate the management of virtualized servers to … 25% 25% 48% 20% Purchase or upgrade disaster recovery and business… 42% Consolidate IT infrastructure via data center… 42% 21% Develop a comprehensive cloud strategy for IT… 41% 21% Build an internal private cloud operated by IT Use public cloud platform(s) (IaaS and/or PaaS) at a… 24% 36% 33% 19% 16% Base: 1,083 enterprise IT hardware decision-makers Source: Forrsights Hardware Survey, Q3 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 13
    14. 14. And security pros are concerned “How concerned are you with the risk that the following initiatives or technologies could introduce in your firm?” Respondents who selected “4” or “5 – Very concerned” 2013 (N = 955) 2012 (N = 1,124) 43% Application virtualization Desktop virtualization Virtualization in the data center (e.g., storage, server) 23% 38% 19% 45% 26% Base: North American and European enterprise IT security decision-makers Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 14
    15. 15. No shortage of virtualization concerns “How concerned is your firm with the following for virtual environments?” Respondents who selected “4” or “5 – Very concerned” 2013 (N = 576) 2012 (N = 586) Complexity of virtual environment Attacks against virtualization infrastructure including hypervisor 54% 43% 53% 30% Configuration management within the virtual environment Insider threat resulting from lack of separation of duties for privileged users Limited visibility into virtual environment 55% 40% Maintaining compliance within the virtual environment Virtual environments in general 56% 42% 38% 38% 33% 53% 51% 49% Base: North American and European enterprise IT security decision-makers Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 15
    16. 16. Average Length of Time to Process Application Connectivity Change 1 week+ 7% 3-7 days 11% 1-2 days 13% up to 1 day 14% 1-3 hours 23% 4-8 hours 18% 8-12 hours 14% Source: Examining the Impact of Security Management on the Business 2013
    17. 17. What do these trends mean for security professionals? Virtualization should be a top priority for your security organization If you lack visibility, you cannot understand the risk implications of the virtual data center You must understand how your applications communicate You need an operationally effective means to do this © 2013 Forrester Research, Inc. Reproduction Prohibited 17
    18. 18. Time for a new strategy Get with the program
    19. 19. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 19
    20. 20. Which one goes to the Internet? UNTRUSTED TRUSTED
    21. 21. Zero Trust UNTRUSTED UNTRUSTED
    22. 22. Concepts of zero trust All resources are accessed in a secure manner regardless of location. Access control is on a “need-to-know” basis and is strictly enforced. Verify and never trust. Visibility: Inspect and log all traffic. The network is designed from the inside out.
    23. 23. Visibility: inspect and log all traffic Enterprises struggle with visibility inside the traditional data center Visibility into the resources within the virtual data center is even more of a challenge Can you see into application communications within your virtual environment? What about intra-vm communications? © 2013 Forrester Research, Inc. Reproduction Prohibited 26
    24. 24. The network is designed from the inside out Visibility is required to design networks We need a data centric approach, and data exists within applications If you don’t understand how applications communicate how can you securely enable them We are strategic when we design networks around critical data within applications © 2013 Forrester Research, Inc. Reproduction Prohibited 27
    25. 25. Zero Trust › Understanding applications (data) is the foundation of Zero Trust network design. › Architecting Zero Trust networks is ideal when consolidating data centers and virtualizing applications. › But the traditional approaches to enabling applications and segmenting networks aren’t effective and don’t scale. © 2013 Forrester Research, Inc. Reproduction Prohibited 28
    26. 26. Confidential
    27. 27. Confidential
    28. 28. Confidential
    29. 29. Agenda › The virtual datacenter is coming › Prepare for it & implement a Zero Trust network › How to overcome operational friction © 2013 Forrester Research, Inc. Reproduction Prohibited 32
    30. 30. Its all about operations Understand that if operational requirements are too great, solution WON’T be maximized © 2013 Forrester Research, Inc. Reproduction Prohibited 33
    31. 31. What inhibits this? Self imposed operational friction › Bad for the business and bad operations • Complex application communication requirements • Bloated firewall rule sets • Lack of tools • Immature process and oversight • Poor communication between information security, application owners and network operations © 2013 Forrester Research, Inc. Reproduction Prohibited 34
    32. 32. You need a solution that reduces friction What to look for in a solution Application discovery function Function that speeds the discovery of application communications Self service Ability for application owners to request provisioning/deprovisioning of applications Integrations No point solutions here, look for offerings that integrate into your firewall and change management solutions Virtualization capable Must be able to enable automation within the virtual data center. Solution must be scalable enough to address nuances of virtual environment. © 2013 Forrester Research, Inc. Reproduction Prohibited 35
    33. 33. Technology is only one aspect › We cannot forget about the other areas › Foster relationships › Look for technologies solutions that facilitate oversight, people and process activities © 2013 Forrester Research, Inc. Reproduction Prohibited Oversight Process People Technology 36
    34. 34. Looking ahead › If you can’t securely enable applications within your own data center, how can you expect to be successful in the cloud? © 2013 Forrester Research, Inc. Reproduction Prohibited 37
    35. 35. Thank you Rick Holland rholland@forrester.com Twitter: @rickhholland
    36. 36. The AlgoSec Suite Application Owners Network Operations Security AlgoSec Security Management Suite BusinessFlow Firewall Analyzer Business Application Connectivity Mgmt Business Applications FireFlow Security Policy Change Automation Security Policy Analysis & Audit Security Infrastructure Confidential
    37. 37. Business Impact gility lignment • Faster security provisioning of business applications • Accelerated data center migrations • Automated firewall operations • Effectively react to network and application changes • Process changes up to 4x faster daptability • Streamline communication between teams • Enable true accountability and governance Benefits Accurate configuration ensures • Business continuity • Stronger security posture • Continuous Compliance ssurance Confidential
    38. 38. Q&A and Next Steps The Case & Criteria for ApplicationCentric Security Policy Management www.algosec.com/application Simplifying Security Management in the Virtual Data Center www.algosec.com/datacenter Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval
    39. 39. Managing Security at the Speed of Business www.AlgoSec.com Connect with AlgoSec on:
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×