by Neil MacDonald | May 15, 2010 | Comments Off
In previous posts, I talked about the need for information security to become more adaptive – adaptive to changes in the threat environment and adaptive to changes in the business and regulatory environment. This is the subject of my ongoing research project on Adaptive Security Infrastructure as a Gartner Fellow.
I’ve also discussed how the move to virtualization and cloud computing forces security policy to move “up the stack” to policies defined on higher level attributes and context – such as the application being run, the identity/group/role of the entity making the request and the content being handled.
Most of today’s security infrastructure is static — enforcing policies defined in advance in environments where IT infrastructure and business relationships are relatively static. This will simply not scale to effectively support an environment that is highly dynamic, multisourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owned and provisioned systems.
I see some progress in addressing these requirements from the security vendors, Different security vendors playing in different security silos add agility by coming at the problem from different angles. For example, some are adding “application-awareness”, some are adding “identity-awareness” and others are adding “content-awareness”.
The most visionary are adding all three – and more.
I’ll argue all of these are part of the broader shift to make security infrastructure more context-aware and adaptive. And, we are just getting started. There’s more to context-aware security than just adding identity, application and content awareness. For clients. I discuss the evolution of this concept in detail in this research note that was just published: The Future of Information Security is Context-Aware and Adaptive.
Category: next-generation-data-center next-generation-security-infrastructure virtualization-security
Tags: adaptive-security-infrastucture next-generation-security-infrastructure virtualization-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.