Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Securing Private Clouds Requires Changes to Information Security Infrastructure

by Neil MacDonald  |  December 1, 2010  |  4 Comments

As organizations virtualize their data centers, information security has had to evolve to support this. The same will be true as data centers evolve to private clouds – security must evolve to support the needs of private cloud infrastructure.

For most organizations, virtualization will provide the foundation and the stepping stone for the evolution to private cloud computing. However, the need for security must not be overlooked or ‘bolted on’ later during the transition to private cloud computing,

While the fundamental principles of information security remain the same (confidentiality, integrity, access, authenticity and so on), the way organizations provision and deliver security services must change, Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources.

In this recent research note for clients, I collaborated with one of my data center colleagues, Tom Bittman, to lay out six necessary attributes of private cloud security infrastructure:

1. Security as a set of on-demand services

Instead of thinking of information security as a collection of siloed products, security needs to evolve to be delivered as a set of services available ‘on demand’ to protect workloads and information when and where they are needed. As virtualized workloads are provisioned, moved, modified, cloned and retired, the appropriate security policy would be associated with the workload throughout its life cycle.

2. Programmable infrastructure

The security infrastructure which provides these security services must become “programmable” from policy administration and policy decision points – typically using RESTful based APIs. This will enable higher levels of automation enabling information security professionals to focus on managing policies, not programming infrastructure.

3. Policies based on logical attributes

Security policies need to be tied to logical, not physical, attributes. Security must also become context-aware, incorporating more real-time context information at the time a security decision is made to enable faster and more accurate assessments of whether a given action should be allowed or denied.

4. Adaptive trust zones

Security policies based on logical attributes will be used to create logical groups of workloads with similar security requirements and levels of trust which we refer to as “adaptive trust zones”. These zones must be capable of providing high-assurance multitenant separation of workloads of different trust levels

5. Separate control plane 

Strong separation of duties and concerns between IT operations and security needs to be enforceable within a private cloud infrastructure, which requires that virtualization and private cloud-computing platform suppliers provide the ability to separate security policy formation and the operation of security VMs from management policy formation and the operation of the other data center VMs.

6. ‘Federatable’ policies and identities

Ideally, private cloud security infrastructure should be able to exchange and share (federate) policies with other physical security infrastructure in the data center, and security controls placed across physical and virtualized infrastructure should be able to intelligently co-operate for workload inspection. Security policies designed to protect workloads on-premises should also be able to be federated to public cloud providers; however, there are currently no established standards for the exchange of security policy information such as firewalling and IPS policies so policy federation of this type will initially be based on proprietary linkages such as VMware’s vCloud APIs.

Today’s static and siloed security infrastructure trapped within the confines of physical hardware is ill-equipped to satisfy these dynamic requirements, but will evolve to support these attributes over the next five years.

I’ll be presenting on this topic next week at Gartner’s US Data Center conference in Las Vegas. I hope to see you there in person!

4 Comments »

Category: Cloud Cloud Security Next-generation Data Center Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , , ,

4 responses so far ↓

  • 1 Schecter   December 2, 2010 at 12:10 am

    Of all the stuff that you mentioned here I think the security services being “on demand” makes the most sense. The entire idea of the cloud is on demand so why not security too. Good luck at the conference and enjoy yourself.

  • 2 Neil   December 2, 2010 at 1:54 pm

    I’m a little unsure how more real-time context information can be seen as enabling faster decision making. Real-time context information almost always results in more complex rule sets, less caching, and therefore more overhead for decision making. Do you have some specifics for what speed increases can be obtained in your model?

  • 3 Neil MacDonald   December 2, 2010 at 3:14 pm

    Here’s an entire research note on context-aware security that explores the topic in great detail.

    http://blogs.gartner.com/neil_macdonald/2010/05/15/the-future-of-information-security-is-context-aware-and-adaptive/

    More accurate security decisions is the key benefit – ie fewer false postives and false negatives by incorporating more context into security decisions.

    Faster? Not as readily apparent – but if a security decision that lackes enough context ends up prompting the user for additional information – e.g. favorite pet, maiden name etc or goes out of band for stronger authentication – e.g. SMS text to your phone or email. In this case, the additional context at the point of the decision results in a faster decision because additional information isn’t needed. From the end to end point of view of the user, the decision is faster.

    Faster also in the sense that unanticipated usage scenarios can be enabled based on attributes versus predefined static conditions where it would require manual intervention to statically code a new policy.

    Faster in the sense that the context itself speeds up security processing. For example, a given IPS rule is NOT applied to a given traffic stream to a server because the OS context is that the vulnerability targeted has already been patched on that server.

    I agree that incorporating this context informaiton into a security policy enforcement point takes additional milliseconds of processing time. Some of the vendors cache their policies and information. One of the vendors, BitKoo, compiles their policies (much like Java byte code) to speed up contextual decision making. You are correct that this is a design consideration and the evaluation of a vendor’s caching architecture becomes important.

    I Suppose I could also argue that a longer decision that should be allowed and indeed is allowed when more context is available is faster than a decision that should be allowed but is denied (because of a lack of context) – but that would be cheating…

    In other words, a longer correct security decision is worth more to the user than a faster incorrect decision… especially if the user then has to call, escalate, etc – back to end-to-end experience of the user.

    Nah, too esoteric…

    :)

    Neil

  • 4 Neil   December 2, 2010 at 6:59 pm

    Ok, I’ll buy that if we’re talking about more than the policy enforcement point. I think most organizations skip having more complex policies today because it’s just too hard to manage otherwise.

    As you point out, that’s not something we can continue to avoid as we move outside.