In previous posts, I talked about the need for information security to become more adaptive – adaptive to changes in the threat environment and adaptive to changes in the business and regulatory environment. This is the subject of my ongoing research project on Adaptive Security Infrastructure as a Gartner Fellow.
I’ve also discussed how the move to virtualization and cloud computing forces security policy to move “up the stack” to policies defined on higher level attributes and context – such as the application being run, the identity/group/role of the entity making the request and the content being handled.
Most of today’s security infrastructure is static — enforcing policies defined in advance in environments where IT infrastructure and business relationships are relatively static. This will simply not scale to effectively support an environment that is highly dynamic, multisourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owned and provisioned systems.
I see some progress in addressing these requirements from the security vendors, Different security vendors playing in different security silos add agility by coming at the problem from different angles. For example, some are adding “application-awareness”, some are adding “identity-awareness” and others are adding “content-awareness”.
The most visionary are adding all three – and more.
I’ll argue all of these are part of the broader shift to make security infrastructure more context-aware and adaptive. And, we are just getting started. There’s more to context-aware security than just adding identity, application and content awareness. For clients. I discuss the evolution of this concept in detail in this research note that was just published: The Future of Information Security is Context-Aware and Adaptive.
Category: Next-generation Data Center Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Next-generation Security Infrastructure, Virtualization Security