by Neil MacDonald | September 21, 2010 | Comments Off on Security Thought for Tuesday: Program Policies, not Infrastructure
I’m here at the midsized enterprise summit in San Antonio. Earlier today, I presented on the same theme I will be presenting on at Gartner’s US Fall Symposium – the evolution of information security to address the security needs of private and public cloud-based services.
In addition to the virtualization of security controls, one of the other significant transformations taking place in security infrastructure is the move to make the security policy enforcement points “programmable” – able to be configured using standard APIs (in most cases, REST-based). The policy enforcement points are then managed from security policy administration points and consoles where policies are linked to workloads based on logical, not physical, attributes. For example, “PCI-related web applications require web application firewall protection” or “Only a member of the Sales organization can use Skype”. These policies then drive the automated configuration of the security policy enforcement points embedded (likely virtualized) throughout our data center “fabric”.
There are several fundamental changes in information security reflected in these simple examples:
- Information security professionals focus on setting security policies, not the low-level programming of firewalls and other security infrastructure.
- As security policies move “up the stack” and context-aware tied to application, identity and content, the policies themselves read more like English statements – understandable to the policy creator and to people verifying the policy (auditors, information owners and so on).
- Combined, by shifting to policy-driven programmable security infrastructure, we reduce the chance of misadministration, mismanagement and human mistakes – a significant source of unplanned downtime and successful attacks – and improve our overall security profile.
Food for thought.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: cloud-security next-generation-security-infrastructure virtualization virtualization-security
Tags: adaptive-security-infrastucture cloud-security next-generation-data-center next-generation-security-infrastructure reducing-complexity virtualization-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.