THE NEW IT SECURITY PARADIGM PART 1 – The Need for A New Security Perspective

By Richard Dornhart, National Security Practice Manager, Data#3

[Reading Time – 4 minutes]

Can you trust what you cannot control?

Today, the architecture of enterprise IT is far removed from the days of client/server. Where it was once relatively easy to align IT security controls within the stack to the apps and data that required protection, a typical app is now likely to be distributed across multiple compute, storage and database layers. Alternatively, it could be a composed service comprised of a host of containers, spread across a mix of on-premises and Cloud infrastructure.

In a very real sense, applications have come to reflect the characteristics of the network itself, evolving to accommodate the growth and complexity of new enterprise requirements and capabilities. Apps now consist of a number of components drawn from different silos across a growing number of data centres. This has resulted in a corresponding rise in the amount of East-West traffic between data centres and server environments – all of which is happening with minimal oversight.

Mind the gap

Such environments present a very pressing issue for enterprise security. How can applications be protected when in many cases organisations struggle with providing end-to-end control over the infrastructure across which those applications are deployed? Given that the average enterprise environment may consist of hundreds of applications, running on shared infrastructure, across multiple data centres, the security considerations rapidly become extremely complex.

Add to this the difficulties of identifying the true enterprise perimeter, and it is clear that an architectural gap has emerged between the policies that can protect the application layer, and the controls that secure the infrastructure upon which it relies. While often these protections are created based on the characteristics of the application, the infrastructure it is running on and the information it is interacting with lacks sufficient context and dynamism to respond with the agility required to adequately defend against today’s threats.

This impacts IT security in three key ways: 

  • Lateral Movement – One degree of compromise in any segment can result in a compromise of the wider environment (i.e. in any of the shared services, web, database or app servers, etc.). Effectively, this means there are no real obstacles to a threat freely moving either within that given segment, or between segments. Up to now, we have spent too much time securing the front door – our North-South traffic – and need to step up our efforts to protect against the risks that such lateral movement has introduced. At present, threats that do penetrate the network can simply follow the application link between its components and the application stack, exposing multiple sites to significant risk.
  • Policy Complexity – While security has focused heavily on the North-South flow of traffic – from applications/data centres to the Internet, WAN, or branch offices – the increase in East-West traffic between applications or between data centres has introduced a dramatically more complex environment, making policy control much harder – if not functionally impossible – to map and implement effectively.
    Controls need to move inside, but now that there is no longer a single egress point, where should these controls be posted? There is also a compound policy problem; if you have a server in one area talking to a server in another area, you may hit multiple instances of a firewall. What then constitutes an effective overarching firewall policy? A combination of policies for every firewall you encounter, in any given order that you may encounter them, becomes far too complex to effectively design and implement.
  • Silos versus Systems – Such complexity tends to create a distributed service chaining problem – each application comes to require different policies, with different sets of controls. Lack of coordination and communication controls makes it extremely difficult to achieve a comprehensive, cohesive approach to security, resulting in these controls acting as silos rather than a unified, secure system. This makes gathering real-time insights and analytics into what may be threatening your data and apps effectively impossible.

A new foundation for enterprise security

These are some of the fundamental challenges presented by today’s architecture, which have necessitated a new paradigm for IT security. It is very difficult, for instance, to place controls in the path of an application. Existing security policies, almost entirely focused on protecting applications and data at the access level, struggle to anticipate the evolving threats that are emerging between layers at the infrastructure level. We need to better align these policies and controls with what we are trying to protect.

What has become increasingly apparent is that for a truly effective approach to security, this architectural gap needs to be closed. In this instance, network virtualisation has significant potential in enabling micro-segmentation across discrete server environments via the virtual fabric. This allows a ‘shared’ state to exist between applications and the infrastructure that enables them providing greater oversight and control.

This is the first of four blogs investigating the ways in which IT security needs to evolve. In our next blog, we’ll explore in further detail how network virtualisation is helping bring about this evolution through its ability to provide an abstraction layer between infrastructure and applications and a shared context for network security policies and controls.


Tags: Cybersecurity, Data Security, Identity Management, Security



Data#3 name Dell Technologies Top Performer Award
Data#3 named Dell Technologies Top Performer 2022 for Australia

September 12, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Smart spaces are changing the workplace
Will Smart Spaces Be a Game-Changer in Your Workplace?

Many elements of smart space technology were already theoretically possible, but integrating sensors and smart cameras, for example,…

Transform any space into a smart space
Smart Space Experience Guide

If there’s one thing that a global pandemic has shown, it is that those working with technology are masters…

ACSC Essential Eight Maturity Model: Multi-Factor Authentication
Essential Eight Maturity Model: Multi-Factor Authentication

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…

Customer Story: Main Roads Western Australia

Main Roads Western Australia Boosts Visibility and Security with Microsoft Defender for Identity Solution from Data#3…

Customer Story: Hydro Tasmania

Hydro Tasmania seamlessly transitions to work from home across Australia Download Customer Story…

Making Computer Vision Accessible to Everyone

When we hear the word ‘camera’, we almost certainly think ‘picture’, and so it is that with CCTV…

Webinar: Data#3 Licensing Update and Microsoft 365 A5 Deep Dive
Data#3 Licensing Update and Microsoft 365 A5 Deep Dive

During the recent ISQ IT Managers forum, many schools expressed strong interest in a follow-up session on Microsoft 365…