Having spent the best part of 3 decades architecting and operating Enterprise infrastructure, including 16 years at Goldman Sachs, it became clear to me that the security model within the Datacenter represents the last major barrier to our transition to 'software defined' cloud computing architectures. Over the past several years, I came to the realisation that only by taking a completely new approach to security, one which embraces distributed computing principles to deliver security services in a secure and holistic manner, could we ever address this challenge.
Existing security ‘art’ fails to serve the challenges of the modern software defined datacenter in two major ways; it is functionally incompatible with cloud principles and it fails to provide the security capabilities we require.
Today’s security architectures consist of hierarchies of physical infrastructure (or more recently virtualised devices based upon legacy principles) which partition the datacenter through ‘defence in depth’. Incompatible functions (Firewalls, IPS, proxies, content filters, honeypots among others) form complex systems of control, generally at the perimeter or DMZ, while the innermost layers of the datacenter provide free and open access with little control and even less visibility. Unfortunately, this innermost layer is where the assets of most value reside and it is also to where the attackers are increasingly gaining access.
Functionally, the static and complex perimeter-based security model prevents the realisation of the benefits of cloud principles in the following ways;
- It is nearly impossible to orchestrate and automate the complex system of incompatible controls we have assembled at the network perimeter. There is just too much ‘stuff’ to program, most of which was not designed with automation and self-service in mind. This prevents the scaling and reconfiguration of cloud applications with any dependency upon the world outside the datacenter.
- The physical zones constructed to implement separation have resulted in fragmentation of datacenter resources. Rather than calling computing and storage resources from a large common pool, it has become necessary to treat each ‘zone’ of trust (or even business function) as separate resource pools.
- The security products within the perimeter typically scale vertically based upon expensive and proprietary hardware platforms. These systems are often initially over- provisioned to delay the day that disruptive and expensive forklift upgrade is required. This contrasts with today’s software architectures which are designed to scale horizontally based upon business need and distributed systems principles.
As we have seen from security incidents over the past few years, today’s security architectures are even less successful at safeguarding the basic security of our data and services. And here is why;
- Our security controls are predominantly placed in the physical ‘edge’ of the datacenter, but it is not so easy to define where the logical boundary resides from an organizational point of view any more. In a world where IT services are increasingly consumed from the cloud (be that based upon hybrid cloud solutions, or the integration of public cloud services into the IT flow) and the workforce is mobile, the historical belief that the edge of the datacenter equated to the edge of trust no longer holds.
- The threat actors are now highly sophisticated and organized, becoming particularly adept at penetrating traditional perimeter controls. It is also no longer a given that would-be attackers begin their campaigns outside the perimeter, whether that be through deliberate insider access or through inadvertent exploit through social engineering. If you look at today’s threat models, the controls are in the wrong place
- Many years spent pursuing the latest security threats by layering incremental controls within the perimeter has resulted in systems of exponential complexity. They have become difficult to engineer and test, leaving myriad avenues for exploitation. As we learnt within security engineering 101, but seem to have forgotten in many implementations, “complexity is the worst enemy of security”.
- Finally, and quite simply, today’s controls are not aligned to protect our most important assets - the data and services provided within the core of our Datacenters. Today’s datacenters provide very little control around access to these services, far less security information or analytics, and make it very easy for attackers who have compromised the perimeter to pursue their campaign undetected and often unencumbered by security measures.
Marc Woolward joins vArmour as EMEA CTO. Previously he was a Technology Fellow and CTO for Networks and Telecommunications at Goldman Sachs. He also served on the Technical Advisory Group at Open Network Foundation (ONF) where he founded and chaired the Security Working Group.