Access to cloud-based infrastructure has revolutionized how businesses store and work with their data, but the convenience of cloud-based systems is not without risk. The Cipher Brief spoke to Eric Chiu of HyTrust, a cloud cybersecurity company that recently released a report detailing trends in and attitudes towards cloud-based data centers and security automation. According to Chiu, greater automation on the security side is necessary in order to keep up with the agile business environment created by cloud-based data centers.
The Cipher Brief: Some of our readers may be unfamiliar with the concept of a software defined data center (SDDC). Can you briefly describe what an SDDC is?
Eric Chiu: Software Defined Data Center SDDC is the continuation of the journey that we have been on with virtualization over the past decade. With virtualization, we abstracted the compute layer. Similarly, with SDDC, we continue that journey by virtualizing the network and storage layers as well as adding orchestration and automation to drive a more agile and dynamic datacenter environment.
TCB: What are the primary benefits from SDDCs, network virtualization, and storage virtualization for businesses? What are the downsides?
EC: The main benefits of pursuing an SDDC for networking, compute, and storage is to achieve greater agility within the organization by creating a dynamic and elastic infrastructure to host business unit applications. We also see that companies are looking for greater efficiency from collapsing multiple virtualized data centers into fewer shared environments in addition to using lower-cost, commoditized hardware versus expensive switching and storage systems.
One of the downsides is that without adequate planning, automation and operationalizing security can become a challenge. Key risks include securing the administration of the SDDC components to ensure separation of duties and least privilege access; logical segmentation of the infrastructure to replace physical air-gapping so that companies can move to a shared model; data security given that virtual machines and their data are entirely portable; compliance since the virtualized infrastructure is now also subject to compliance in addition to the applications and data; and traditional areas such as network and endpoint security that can be optimized for cloud environments
TCB: What are the cybersecurity issues associated with SDDCs and virtualization? What is being done to mitigate or correct these issues?
EC: There are a number of key risks in SDDC architectures. First is architecting the SDDC to achieve the desired business outcomes (SLA, cost, regulatory requirements, etc.). The second is around operationalizing this new architecture, especially when the underlying infrastructure and management tools are fairly young. Third is around concentration of risk, especially with security, given that you’re now collapsing multiple tiers of infrastructure, which means that segmentation of administrators and infrastructure become even more critical. For example, do you want your virtual machine administrator to be able to muck with your network settings or firewall rules, or have one business unit be able to manage, change, or delete the systems of another business unit?
TCB: Is there disconnect in terms of cybersecurity concerns between C-suite executives and network managers? If so, what might account for this disconnect, and how can it be corrected? How does this issue affect SDDC adoption?
EC: Sometimes there are disconnects between the C-suite and the network managers regarding an SDDC strategy, and often that’s related to change and concerns that change may impact cyber security. The perceptions can be very different than reality. In fact, in a study HyTrust just conducted, the majority of respondents agreed that there are technologies in place to address the cyber security concerns around an SDDC, yet in the same survey almost a third believed that the perception that security was an issue would slow down SDDC adoption and projects. SDDC can enable cost savings and agility, yet teams need to better understand the security of their SDDC strategy and how to address concerns, both real and perceived.
TCB: How does automation improve cybersecurity for SDDCs?
EC: Moving to an SDDC creates a dynamic, fast-changing environment – very advantageous to a business but perhaps a challenge to maintaining security. Automation plays a key role, making it possible to define security policy and automate the deployment and enforcement of security across an SDDC as things change rapidly. Automation allows security to happen more dynamically with a policy-driven approach that can keep up with the dynamic nature of an SDDC.
TCB: How will the market for SDDCs change in the near term, and how is this likely to affect the data virtualization industry moving forward?
EC: The SDDC market is evolving rapidly as products and technologies are maturing, and organizations are gaining deployment experience. The gaps in automation, security, and being able to manage and monitor SDDC (operations) are being addressed with innovations from the largest infrastructure platform providers and by new ventures with innovation and time to market advantages. The cost and agility benefits from moving to an SDDC are very compelling and will drive a complete re-engineering of IT as we’ve known it in the past. Companies will have to look past their infrastructure providers for policy, security, and automation tools that enable a true any-to-any model so they can maintain provider flexibility in the future.
