At Gartner’s Security & Risk Management Summit, analysts identified 2014’s Top 10 Technologies for Information Security. They singled out software-defined security as a trend to watch, stating that because its “impact on security will be transformational.”
Featured Download: Social media access at work. Do your employees know the rules?
Like with software-defined networking, Software-Defined Security (SDS) is indeed a paradigm shifter. By definition, SDS is a type of security model in which the information security in a computing environment is implemented, controlled and managed by security software, not hardware.[1] The benefits of SDS are many. Here are the top five:
1. Simplicity: In physical data centers, security architecture is complex. It often requires multiple servers, specialized hardware devices (i.e., Firewall Appliances, HSMs – Hardware Security Modules, etc.), network identities, and more. In a software-defined model, security is based on logical policies. We like to equate this to mathematical walls replacing the physical walls of a data center. SDS does not rely on physical location of data; information may be protected anywhere it resides.
As an example, our realm of SDS is SDE; Software-Defined Encryption (and key management). By virtualizing this service, customers simplify their infrastructure and increase their security (see #5, below). With software-defined split-key encryption, for example, multiple encryption keys can be automatically generated and stored securely in a virtual appliance, simplifying the key management process without compromising the security of the encryption keys.
2. Automation: Thanks to its independence from rigid hardware, SDS allows automation. For example, once policies are defined, new devices created within the environment can be automatically covered and controlled under the base security policy. Think of Software Defined Encryption as an example; using orchestration and a RESTful API approach, encryption can be automated across virtual servers, availability zones, or geographical regions.
By automating security, we reduce our dependence on manual detection, response and administration.
3. Scalability and Flexibility: Nearly any type of virtualization adds elements of scalability and flexibility. In the world of security, removing hardware from the equation makes it quick and easy to scale security up or down based on the immediate needs of each host hypervisor and each business. Also, geography becomes irrelevant in securing networks with devices in multiple locations.
As companies migrate assets to software-defined, cloud infrastructures, the security to protect these assets needs to also shift to the software-defined model. In a sense, SDS is security in the cloud, for the cloud.
4. Cost Effectiveness: Because virtualizing security eliminates the dependence on and need for hardware that is expensive to buy, upgrade, and manage, SDS is a cost-effective model that can be consumed (and paid for) in an “as you go” model. Thus, users pay only for what they use. The heavy capital expenditures are eliminated.
5. Increased Security: Perhaps the most controversial benefit of SDS is that it offers increased security. Hardware enthusiasts will argue that there is nothing stronger than the sticks and bricks of the physical data center and the metal of the hardware devices. But this is not necessarily so. Mathematics, and especially when mathematical proof is available, is more resilient than hardware. And some companies, with limited resources, cannot create the kind of physical security that SDS offers.
The benefits of software-defined security are many. Being singled out by Gartner, the world’s leading information technology research and advisory company, as one of the year’s top technologies, proves the significance of SDS in today’s information systems.
[1]
By Gilad Parann-Nissany, Founder and CEO, Porticor
Bio: Gilad Parann-Nissany, founder and CEO, is a Cloud Computing pioneer. As CTO for Small Business at SAP, Gilad built SaaS Clouds for medium and small enterprises and contributed to SAP products reaching more than 8 million users. Before founding Porticor, he created a consumer Cloud at G.ho.st – a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and applications.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.