Gartner Blog Network

Security Thought for Tuesday: Program Policies, not Infrastructure

by Neil MacDonald  |  September 21, 2010  |  Comments Off on Security Thought for Tuesday: Program Policies, not Infrastructure

I’m here at the midsized enterprise summit in San Antonio. Earlier today, I presented on the same theme I will be presenting on at Gartner’s US Fall Symposium – the evolution of information security to address the security needs of private and public cloud-based services.

In addition to the virtualization of security controls, one of the other significant transformations taking place in security infrastructure is the move to make the security policy enforcement points “programmable” – able to be configured using standard APIs (in most cases, REST-based). The policy enforcement points are then managed from security policy administration points and consoles where policies are linked to workloads based on logical, not physical, attributes. For example, “PCI-related web applications require web application firewall protection” or “Only a member of the Sales organization can use Skype”. These policies then drive the automated configuration of the security policy enforcement points embedded (likely virtualized) throughout our data center “fabric”.

There are several fundamental changes in information security reflected in these simple examples:

  • Information security professionals focus on setting security policies, not the low-level programming of firewalls and other security infrastructure.
  • As security policies move “up the stack” and context-aware tied to application, identity and content, the policies themselves read more like English statements – understandable to the policy creator and to people verifying the policy (auditors, information owners and so on).
  • Combined, by shifting to policy-driven programmable security infrastructure, we reduce the chance of misadministration, mismanagement and human mistakes – a significant source of unplanned downtime and successful attacks – and improve our overall security profile.

Food for thought.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud-security  next-generation-security-infrastructure  virtualization  virtualization-security  

Tags: adaptive-security-infrastucture  cloud-security  next-generation-data-center  next-generation-security-infrastructure  reducing-complexity  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.