simplifying security management in the virtual data center

How to Accelerate and Simplify Security Management in the Virtual Data Center

2

Nimmy ReichenbergVP of Marketing and StrategyAlgoSecNimrod.reichenberg@algosec.com

Meet our Presenters

2

Rick HollandPrincipal AnalystForrester Research Inc.@rickhholland

Firewall Breaches Data Center Automation

5% Vulnerabilities

95% Misconfiguration

The Security Management Balancing Act

3Security

Agility

Prevent Cyber Attacks

Enable Business Applications

Resource Time to Provision

Server Minutes

Storage Minutes

Security Access Days/Weeks

: 2013Source The State of Network Security

Data Center Scenarios

Confidential 5

Data Center Migration/Consolidation

Challenges

• Reconstructing the security policy for the new data center

• Ensuring required connectivity between migrated servers

Migrating Applications to the Cloud

Challenges

• Ensuring connectivity between onsite and cloud application components

• Removing access no longer needed for decomissioned legacy servers

Ongoing Datacenter Operations

Challenges

• Ensuring faster service delivery and improved availability

• Streamlining security policy change management

• Application-centric risk and compliance management

What Customers are Saying

Confidential 6

AlgoSec helped us reduce 80% of the time required to migrate the security of our applications as part of our data center consolidation project

- Bruno Rolleau, Network Security Architect, Sanofi

Watch Video

Simplifying Security Management in the Virtual Datacenter

Rick Holland, Principal Analyst

Tuesday October 22, 2013

@rickhholland

© 2013 Forrester Research, Inc. Reproduction Prohibited 8

Agenda

›The virtual datacenter is coming

›Prepare for it & implement a Zero Trust network

›How to overcome operational friction

© 2013 Forrester Research, Inc. Reproduction Prohibited 9

IT budget allocation

Enterprises make significant investments in hardware and infrastructure40% of the 2013 enterprise IT

budget went to hardware and infrastructure, on average.

Base: 878 enterprise IT hardware decision-makers

© 2013 Forrester Research, Inc. Reproduction Prohibited 10

Hardware & infrastructure budget

The datacenter and servers account for 67% of the hardware and infrastructure budget

Series1

26%

23%

18%

17%

16%

Budget %

Systems man-agement

Storage

Data center network-ing equipment

Servers and server operating systems

Data center and IT facilities

Base: 842 enterprise IT hardware decision-makers

Profit, margin, revenue

Firms are looking to reduce expenses while enabling the business

© 2013 Forrester Research, Inc. Reproduction Prohibited 12

Consolidation reduces expenses

Source: Forrsights Hardware Survey, Q3 2013

63% plan data center consolidation

Use public cloud platform(s) (IaaS and/or PaaS) at a service provider

Build an internal private cloud operated by IT

Develop a comprehensive cloud strategy for IT infrastructure

Consolidate IT infrastructure via data center consolidation

Purchase or upgrade disaster recovery and business continuity capabilities

Automate the management of virtualized servers to gain flexibility and resiliency

Consolidate IT infrastructure via server, storage, network virtualization and consolidation

Maintain or implement broad use of server virtualization

33%

36%

41%

42%

42%

48%

52%

52%

16%

19%

21%

21%

24%

20%

25%

25%High priority Critical priority

Base: 1,083 enterprise IT hardware decision-makers

“Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?”

© 2013 Forrester Research, Inc. Reproduction Prohibited 13

Source: Forrsights Hardware Survey, Q3 2013

Virtualization enables the business

Use public cloud platform(s) (IaaS and/or PaaS) at a service provider

Build an internal private cloud operated by IT

Develop a comprehensive cloud strategy for IT infrastructure

Consolidate IT infrastructure via data center consolidation

Purchase or upgrade disaster recovery and business continuity capabilities

Automate the management of virtualized servers to gain flexibility and resiliency

Consolidate IT infrastructure via server, storage, network virtualization and consolidation

Maintain or implement broad use of server virtualization

33%

36%

41%

42%

42%

48%

52%

52%

16%

19%

21%

21%

24%

20%

25%

25%

High priority Critical priority

Base: 1,083 enterprise IT hardware decision-makers

“Which of the following initiatives are likely to be your firm’s/organization’s top hardware/IT infrastructure priorities over the next 12 months?”

Respondents who selected “High priority” or “Critical priority”

© 2013 Forrester Research, Inc. Reproduction Prohibited 14

Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012

And security pros are concerned

Virtualization in the data center (e.g., storage, server)

Desktop virtualization

Application virtualization

26%

19%

23%

45%

38%

43%

2013 (N = 955) 2012 (N = 1,124)

“How concerned are you with the risk that the following initiatives or technologies could introduce in your firm?”

Respondents who selected “4” or “5 – Very concerned”

Base: North American and European enterprise IT security decision-makers

© 2013 Forrester Research, Inc. Reproduction Prohibited 15

Source: Forrsights Security Survey, Q2 2013; Forrsights Security Survey, Q2 2012

No shortage of virtualization concerns

Limited visibility into virtual environment

Insider threat resulting from lack of separation of duties for privileged users

Configuration management within the virtual environment

Virtual environments in general

Maintaining compliance within the virtual environment

Attacks against virtualization infrastructure including hypervisor

Complexity of virtual environment

33%

38%

38%

30%

43%

40%

42%

49%

51%

53%

53%

54%

55%

56%

2013 (N = 576) 2012 (N = 586)

“How concerned is your firm with the following for virtual environments?”Respondents who selected “4” or “5 – Very concerned”

Base: North American and European enterprise IT security decision-makers

Average Length of Time to Process Application Connectivity Change

1-3 hours23%

4-8 hours18%

8-12 hours13%

up to 1 day14%

1-2 days13%

3-7 days11%

1 week+7%

: Source Examining the Impact of Security Management on the 2013Business

© 2013 Forrester Research, Inc. Reproduction Prohibited 17

What do these trends mean for security professionals?

Virtualization should be a top priority for your security organization

If you lack visibility, you cannot understand the risk implications of the virtual data center

You must understand how your applications communicate

You need an operationally effective means to do this

Time for a new strategy

Get with the program

© 2013 Forrester Research, Inc. Reproduction Prohibited 19

Agenda

›The virtual datacenter is coming

›Prepare for it & implement a Zero Trust network

›How to overcome operational friction

USE ZERO TRUST PRINCIPLES TO PROTECT YOUR

VIRTUAL ENVIRONMENT

TRUST BUT VERIFY

TRUST BUT VERIFY

Which one goes to the Internet?

UNTRUSTED TRUSTED

Zero Trust

UNTRUSTED UNTRUSTED

Concepts of zero trustAll resources are accessed in a secure

manner regardless of location.

Access control is on a “need-to-know” basis and is strictly enforced.

Verify and never trust.

Visibility: Inspect and log all traffic.

The network is designed from the inside out.

© 2013 Forrester Research, Inc. Reproduction Prohibited 26

Visibility: inspect and log all traffic

Enterprises struggle with visibility inside the traditional data center

Visibility into the resources within the virtual data center is even more of a challenge

Can you see into application communications within your virtual environment?

What about intra-vm communications?

© 2013 Forrester Research, Inc. Reproduction Prohibited 27

The network is designed from the inside out

Visibility is required to design networks

We need a data centric approach, and data exists within applications

If you don’t understand how applications communicate how can you securely enable them

We are strategic when we design networks around critical data within applications

© 2013 Forrester Research, Inc. Reproduction Prohibited 28

Zero Trust

› Understanding applications (data) is the foundation of Zero Trust network design.

› Architecting Zero Trust networks is ideal when consolidating data centers and virtualizing applications.

› But the traditional approaches to enabling applications and segmenting networks aren’t effective and don’t scale.

Confidential 29

Confidential 30

Confidential 31

© 2013 Forrester Research, Inc. Reproduction Prohibited 32

Agenda

›The virtual datacenter is coming

›Prepare for it & implement a Zero Trust network

›How to overcome operational friction

© 2013 Forrester Research, Inc. Reproduction Prohibited 33

Its all about operations

Understand that if operational requirements are too great, solution WON’T be maximized

© 2013 Forrester Research, Inc. Reproduction Prohibited 34

What inhibits this? Self imposed operational friction

› Bad for the business and bad operations• Complex application communication requirements

• Bloated firewall rule sets

• Lack of tools

• Immature process and oversight

• Poor communication between information security, application owners and network operations

© 2013 Forrester Research, Inc. Reproduction Prohibited 35

You need a solution that reduces friction

Application discovery function Function that speeds the discovery of application communications

Self service Ability for application owners to request provisioning/deprovisioning of applications

Integrations No point solutions here, look for offerings that integrate into your firewall and change management solutions

Virtualization capable Must be able to enable automation within the virtual data center. Solution must be scalable enough to address nuances of virtual environment.

What to look for in a solution

© 2013 Forrester Research, Inc. Reproduction Prohibited 36

Technology is only one aspect

› We cannot forget about the other areas

› Foster relationships

› Look for technologies solutions that facilitate oversight, people and process activities

Oversight

People ProcessTechnology

Oversight

People ProcessTechnology

© 2013 Forrester Research, Inc. Reproduction Prohibited 37

Looking ahead› If you can’t securely

enable applications within your own data center, how can you expect to be successful in the cloud?

Thank youRick Holland

rholland@forrester.com

Twitter: @rickhholland

Firewall Analyzer

Security Policy Analysis & Audit

FireFlow

Security Policy Change Automation

BusinessFlow

Business Application Connectivity Mgmt

Business Applications

Security Infrastructure

The AlgoSec Suite

Confidential 39

Application Owners

AlgoSec Security Management Suite

SecurityNetwork Operations

• Faster security provisioningof business applications

• Accelerated data centermigrations

• Automated firewall operations

gility• Streamline communication

between teams• Enable true accountability

and governance

lignment

Accurate configuration ensures• Business continuity• Stronger security posture• Continuous Compliance

ssurance

• Effectively react to network and application changes

• Process changes up to 4x faster

daptability

Benefits

Business Impact

Confidential 40

Q&A and Next Steps

The Case & Criteria for Application-Centric Security Policy Management www.algosec.com/application

Simplifying Security Management in the Virtual Data Centerwww.algosec.com/datacenter

Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval

41

Connect with AlgoSec on:

www.AlgoSec.com

Managing Security at the Speed of Business