Analysing effective security management in a software-defined world

(c)iStock.com/4x-Image

Software defined infrastructure (SDx), along with use of private and public clouds completely transforms the way IT departments manage enterprise data centres and workloads. Automation is a key component of software defined networking (SDN), bringing together network, server, security management and other IT functions or teams together.

In the past, when organisations deployed new applications, the application owner needed to collaborate with several teams. For example, one team installed the required HW and OS servers, a separate team connected servers to the network, and yet another team provisioned the security and firewall rules. It was as if the stars – or functional teams – had to align in order for all of the necessary components to provision so that the application owners could start using the new infrastructure to deploy and make use of their new applications.

Today, private and public cloud infrastructures allows IT to automate these operations; virtual machines are dynamically created and deployed, operating systems are quickly and easily provisioned, and connecting new services to the network is streamlined and automatic. As a result, pre-configured templates of commonly used and well defined services are available to the application owner with a single click on a self-service portal, across multiple data centres, private and public clouds.

In this new world where new apps are instantly created or moved to a different location as the infrastructure gets provisioned, changed and elastically scaled based on demand, security officers are challenged to enforce the organisation’s security policy and retain full visibility of security incidents. As we will find out, the keys to getting control back are creating dynamic security policies, API scoping, and security management consolidation.

Creating dynamic security policies

Dynamic security policies in modern networks are achieved by close integration with network virtualisation and public IaaS solutions, such as VMware NSX, Cisco ACI, OpenStack, or AWS/Azure. By integrating with these solutions, objects defined by those systems, such as groups and tags, are learned and utilised security policies. This creates dynamic policies where changes in the software-defined environment are immediately translated and instantly reflected into an effective and active security policy that is applied to all traffic automatically – without human intervention.

Additionally, leveraging and populating this contextual information in log files gives security admins the ability to better understand and investigate any security incident.

API scoping

In order to completely automate the deployment of new applications, organisations need to grant developers access to APIs that in many cases involve modification of security policies. It is vital to ensure this access is coped or limited appropriately; otherwise, a mistake by a developer could potentially alter the security policy of the entire organisation, making it vulnerable to threats.

An example of scoping access to APIs can be seen through the printer admin. The printer admin uses an app to add printers to the network. In doing so, this involves modifying firewall rules using an API. The security policy must ensure that the printer application can only add new printers – nothing else – and is only permitted within relevant network segments.

Security management consolidation

Consolidation of management functions is necessary to gain complete and holistic visibility of security policies and incidents across the entire organisation’s infrastructure, including all north-south, east-west, virtual and physical, private and public cloud traffic. Without management consolidation, incidents are difficult to identify, correlate and analyse across the various cloud networks, making it operationally impossible to secure these environments.

CheckPoint aims to integrate with leading cloud and network virtualisation solutions, as well as allowing customers to confidently embrace automation and the cloud while retaining advanced security using effective security management for software-defined data centres and public cloud environments. You can find out more here.