It’s the end of the summer of 2015 – the nights are getting cooler, the leaves are starting to change colors, and flocks of students are abandoning the beaches of Cape Cod bound for college campuses. The seasonal change also signals another annual ritual – VMworld in San Francisco.
VMworld used to be focused on virtual server technology and then it expanded to VDI. Now the show represents all things cloud computing. Of course, I’ll be looking at a specific sub-segment: The intersection of cloud computing and cybersecurity. As such, I’m anticipating discussions around:
1. Micro-segmentation. A few years ago, virtual networking really meant virtual switching at Layer 2. While virtual switches offered a lot of functionality, most organizations used them as a bridge to forward traffic to the “real” physical network. This is no longer the case however, many enterprises are embracing virtual networking in data centers across layers 2-4. As part of this transition, I’m starting to see a lot more interest in micro-segmentation for network isolation, east-west traffic segmentation between data center servers, and even the creation of network tunnels from endpoints to data center applications. From a cybersecurity perspective, micro-segmentation offers great potential as it can be used to limit the attack surface. I’m curious to find out about micro-segmentation adoption. Is it still a cutting edge technology or has it crossed the proverbial chasm? My hope (and gut feel) is that we are making progress – more soon.
2. Network security services. As virtual networks gain traction, they will pull virtual network security services along for the ride. VMware is pushing this model with NSX partners like Check Point, F5, Palo Alto, Rapid 7, Symantec, and Trend Micro who can supplement server and network virtualization with enterprise-class, proven security services. Cisco offers a similar architecture and partner program with ACI and its security services architecture. Others like Illumio and vArmour are intent on virtualizing network security services on their own – sort of like what Novell NetWare did for file and print services 25 years ago. If you are serious about cloud computing, you have to go down the network security services route but this is a big leap of faith for many seasoned cybersecurity veterans who grew up as CCNEs and Cisco Pix firewall administrators. I’ll be monitoring VMworld to see how this transition is progressing as changes here could have big implications on the security market.
3. Identity and access management (IAM) in the cloud. According to ESG research, 68 percent of enterprise cybersecurity professionals’ claim that the combination of cloud and mobile computing have made IAM security a lot more difficult (note: I am an ESG employee). Why? Cloud computing extends IAM to new infrastructure and applications, some with their own authentication, entitlements, and management tools. This in turn creates IAM blind spots, policy contention, and loads of opportunity for human error. There are several ways to bridge these worlds including homegrown integration using federated identity standards (i.e. SAML), single-vendor product solutions (i.e. CA, Centrify, IBM, Microsoft, Oracle, RSA, etc.), and gateway solutions (OneLogic, Okta, Ping Identity, etc.). There’s also a slight chance that social networking vendors like Facebook, Google, and LinkedIn will fill this void and there are promising authentication technologies (i.e. Apple, FIDO alliance) that could greatly impact IAM at large. Lots of balls in the IAM air so I’m interested to see how this will play out.
Sign up for CIO Asia eNewsletters.