Security must evolve to support organisations' transition from virtualised data centres to private cloud computing infrastructures, according to analysts at Gartner, Inc. While the fundamental principles of information security remain the same, the way by which organisations provision and deliver security services must change. Gartner predicts that by 2015, 40 per cent of the security controls used within enterprise data centres will be virtualised, up from less than 5 per cent in 2010.
"For most organisations, virtualisation will provide the foundation and the steppingstone for the evolution to private cloud computing," said Thomas Bittman, vice president and distinguished analyst at Gartner. "However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing."
Mr Bittman explained that whether securing physical data centres, virtualised data centres or private clouds, the fundamental tenets of information security - ensuring the confidentiality, integrity, authenticity, access and audit of our information and workloads - don't change. There will however, be significant changes required in how security is delivered. Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources.
"Policies tied to physical attributes, such as the server, Internet Protocol (IP) address, Media Access Control (MAC) address or where physical host separation is used to provide isolation, break down with private cloud computing," said Neil MacDonald, vice president and Gartner fellow. "For many organisations, the virtualisation of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud."
To support secure private cloud computing, security must include the following characteristics. It must be an integral, but separately configurable part of the private cloud fabric, designed as a set of on-demand, elastic and programmable services, configured by policies tied to logical attributes to create adaptive trust zones capable of separating multiple tenants. These, Mr MacDonald explained, are the six necessary attributes of private cloud security infrastructure:
1. A Set of On-Demand and Elastic Services
Rather than security being delivered as a set of siloed security product offerings embodied within physical appliances, it needs to be delivered as a set of services available 'on demand' to protect workloads and information when and where they are needed. These services need to be integrated into the private cloud provisioning and management processes, and be made available to any type of workload - server or desktop. As workloads are provisioned, moved, modified, cloned and ultimately retired, the appropriate security policy would be associated with the workload throughout its life cycle.
2. Programmable Infrastructure
The security infrastructure that supplies the security services must become 'programmable' - meaning that the services are exposed for programmatic access. By definition, private and public cloud-computing infrastructure is consumable using internet-based standards. In the case of programmable security infrastructure, the services are typically exposed using RESTful (Open representational state transfer) APIs, which are programming language and framework independent. By exposing security services via APIs, the security policy enforcement point infrastructure becomes programmable from policy administration and policy decision points. This shift will enable information security professionals to focus their attention on managing policies, not programming infrastructure.
3. Policies That Are Based on Logical, Not Physical, Attributes and Are Capable of Incorporating Runtime Context Into Real-Time Security Decisions
The nature of the security policies that drive the automated configuration of the programmable infrastructure needs to change as well. As organisations move to virtualised data centres and then to private cloud infrastructure, increasingly, security policies need to be tied to logical, not physical, attributes. The decoupling and abstraction of the entire IT stack and movement to private and public cloud-computing models means that workloads and information will no longer be tied to specific devices, fixed IP or MAC addresses, breaking static security policies based on physical attributes. To enable faster and more-accurate assessments of whether a given action should be allowed or denied, more real-time context information must also be incorporated at the time a security decision is made.
4. Adaptive Trust Zones That Are Capable of High-Assurance Separation of Differing Trust Levels
Instead of administering security policies on a VM (virtual machine)-by-VM basis, security policies based on logical attributes will be used to create zones of trust - logical groups of workloads with similar security requirements and levels of trust. As the policies are linked to groups of VMs and not physical infrastructure, the zones adapt throughout the life cycle of the VM as individual VMs move and as new workloads are introduced and assigned to the trust zone. Private cloud infrastructure will require security services that are designed to provide high-assurance separation of workloads of different trust levels as a core capability. Gartner estimates that by 2015, 70 per cent of organisations will allow server workloads of different trust levels to share the same physical hardware within their own data centre, except where explicitly prohibited by a regulatory or auditor compliance concern.
5. Separately Configurable Security Policy Management and Control
Security must not be weakened as it is virtualised and incorporated into cloud-based computing infrastructures. Strong separation of duties and concerns between IT operations and security needs to be enforceable within a private cloud infrastructure, just as within physical infrastructure and virtualised infrastructure today. This separation occurs at multiple levels. If software controls are virtualised, we should not lose the separation of duties we had in the physical world. This requires that virtualisation and private cloud-computing platform vendors provide the ability to separate security policy formation and the operation of security VMs from management policy formation and the operation of the other data centre VMs.
6. 'Federatable' Security Policy and Identity
Private clouds will be deployed incrementally, not all at once. They will be carved out of existing data centres, where only a portion has been converted to a private cloud model. Ideally, private cloud security infrastructure would be able to exchange and share policies with other data centre security infrastructure - virtualised and physical - and security controls placed across physical and virtualised infrastructure would be able to intelligently cooperate for workload inspection. Furthermore, security policies designed to protect workloads, when on premises, would also ideally be able to be federated to public cloud providers. There are currently no established standards for this although the VMware vCloud API is a start, as is work within the Distributed Management Task Force (DMTF) to extend Open Virtualisation Format (OVF) to express security policy.
Additional information is available in the Gartner report 'From Secure Virtualization to Secure Private Clouds' which is available on Gartner's website at: http://www.gartner.com/....
Additional information on private cloud computing will be discussed at the Gartner Data Center & IT Operations Summit 2010, 22-23 November in London and at the Gartner Data Center Conference 2010, 6-9 December in Las Vegas. These events deliver a wealth of strategic guidance and tactical recommendations on the full spectrum of issues reshaping the 21st-century data centre.
Members of the media wishing to register for the Gartner Data Center & IT Operations Summit 2010 in London can register by contacting Ben Tudor, Gartner PR at ben.tudor@gartner.com. For further information on the Summit, please visit http://www.gartner.com/....
Additional information on the Data Center Conference 2010 in Las Vegas is available at www.gartner.com/.... Members of the media can register for the event by contacting Christy Pettey at christy.pettey@gartner.com.
About Gartner Data Center & IT Operations Summit 2010
The Gartner Data Center & IT Operations Summit 2010 will provide Gartner's latest insight and advice on how to improve organisation's maturity in the areas of organisational transformation, process adoption and technology implementation. Gartner analysts will examine what the data centre professionals need to do to maintain cloud computing and virtualisation, which have become the first and second priorities for CIOs this year as "trusted" service provider to the business.
For further information on the Gartner Data Center & IT Operations Summit 2010 taking place on 22-23 November in London, please visit europe.gartner.com/datacenter. You can also follow the event on Twitter at http://twitter.com/... using #GartnerDC.
"For most organisations, virtualisation will provide the foundation and the steppingstone for the evolution to private cloud computing," said Thomas Bittman, vice president and distinguished analyst at Gartner. "However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing."
Mr Bittman explained that whether securing physical data centres, virtualised data centres or private clouds, the fundamental tenets of information security - ensuring the confidentiality, integrity, authenticity, access and audit of our information and workloads - don't change. There will however, be significant changes required in how security is delivered. Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources.
"Policies tied to physical attributes, such as the server, Internet Protocol (IP) address, Media Access Control (MAC) address or where physical host separation is used to provide isolation, break down with private cloud computing," said Neil MacDonald, vice president and Gartner fellow. "For many organisations, the virtualisation of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud."
To support secure private cloud computing, security must include the following characteristics. It must be an integral, but separately configurable part of the private cloud fabric, designed as a set of on-demand, elastic and programmable services, configured by policies tied to logical attributes to create adaptive trust zones capable of separating multiple tenants. These, Mr MacDonald explained, are the six necessary attributes of private cloud security infrastructure:
1. A Set of On-Demand and Elastic Services
Rather than security being delivered as a set of siloed security product offerings embodied within physical appliances, it needs to be delivered as a set of services available 'on demand' to protect workloads and information when and where they are needed. These services need to be integrated into the private cloud provisioning and management processes, and be made available to any type of workload - server or desktop. As workloads are provisioned, moved, modified, cloned and ultimately retired, the appropriate security policy would be associated with the workload throughout its life cycle.
2. Programmable Infrastructure
The security infrastructure that supplies the security services must become 'programmable' - meaning that the services are exposed for programmatic access. By definition, private and public cloud-computing infrastructure is consumable using internet-based standards. In the case of programmable security infrastructure, the services are typically exposed using RESTful (Open representational state transfer) APIs, which are programming language and framework independent. By exposing security services via APIs, the security policy enforcement point infrastructure becomes programmable from policy administration and policy decision points. This shift will enable information security professionals to focus their attention on managing policies, not programming infrastructure.
3. Policies That Are Based on Logical, Not Physical, Attributes and Are Capable of Incorporating Runtime Context Into Real-Time Security Decisions
The nature of the security policies that drive the automated configuration of the programmable infrastructure needs to change as well. As organisations move to virtualised data centres and then to private cloud infrastructure, increasingly, security policies need to be tied to logical, not physical, attributes. The decoupling and abstraction of the entire IT stack and movement to private and public cloud-computing models means that workloads and information will no longer be tied to specific devices, fixed IP or MAC addresses, breaking static security policies based on physical attributes. To enable faster and more-accurate assessments of whether a given action should be allowed or denied, more real-time context information must also be incorporated at the time a security decision is made.
4. Adaptive Trust Zones That Are Capable of High-Assurance Separation of Differing Trust Levels
Instead of administering security policies on a VM (virtual machine)-by-VM basis, security policies based on logical attributes will be used to create zones of trust - logical groups of workloads with similar security requirements and levels of trust. As the policies are linked to groups of VMs and not physical infrastructure, the zones adapt throughout the life cycle of the VM as individual VMs move and as new workloads are introduced and assigned to the trust zone. Private cloud infrastructure will require security services that are designed to provide high-assurance separation of workloads of different trust levels as a core capability. Gartner estimates that by 2015, 70 per cent of organisations will allow server workloads of different trust levels to share the same physical hardware within their own data centre, except where explicitly prohibited by a regulatory or auditor compliance concern.
5. Separately Configurable Security Policy Management and Control
Security must not be weakened as it is virtualised and incorporated into cloud-based computing infrastructures. Strong separation of duties and concerns between IT operations and security needs to be enforceable within a private cloud infrastructure, just as within physical infrastructure and virtualised infrastructure today. This separation occurs at multiple levels. If software controls are virtualised, we should not lose the separation of duties we had in the physical world. This requires that virtualisation and private cloud-computing platform vendors provide the ability to separate security policy formation and the operation of security VMs from management policy formation and the operation of the other data centre VMs.
6. 'Federatable' Security Policy and Identity
Private clouds will be deployed incrementally, not all at once. They will be carved out of existing data centres, where only a portion has been converted to a private cloud model. Ideally, private cloud security infrastructure would be able to exchange and share policies with other data centre security infrastructure - virtualised and physical - and security controls placed across physical and virtualised infrastructure would be able to intelligently cooperate for workload inspection. Furthermore, security policies designed to protect workloads, when on premises, would also ideally be able to be federated to public cloud providers. There are currently no established standards for this although the VMware vCloud API is a start, as is work within the Distributed Management Task Force (DMTF) to extend Open Virtualisation Format (OVF) to express security policy.
Additional information is available in the Gartner report 'From Secure Virtualization to Secure Private Clouds' which is available on Gartner's website at: http://www.gartner.com/....
Additional information on private cloud computing will be discussed at the Gartner Data Center & IT Operations Summit 2010, 22-23 November in London and at the Gartner Data Center Conference 2010, 6-9 December in Las Vegas. These events deliver a wealth of strategic guidance and tactical recommendations on the full spectrum of issues reshaping the 21st-century data centre.
Members of the media wishing to register for the Gartner Data Center & IT Operations Summit 2010 in London can register by contacting Ben Tudor, Gartner PR at ben.tudor@gartner.com. For further information on the Summit, please visit http://www.gartner.com/....
Additional information on the Data Center Conference 2010 in Las Vegas is available at www.gartner.com/.... Members of the media can register for the event by contacting Christy Pettey at christy.pettey@gartner.com.
About Gartner Data Center & IT Operations Summit 2010
The Gartner Data Center & IT Operations Summit 2010 will provide Gartner's latest insight and advice on how to improve organisation's maturity in the areas of organisational transformation, process adoption and technology implementation. Gartner analysts will examine what the data centre professionals need to do to maintain cloud computing and virtualisation, which have become the first and second priorities for CIOs this year as "trusted" service provider to the business.
For further information on the Gartner Data Center & IT Operations Summit 2010 taking place on 22-23 November in London, please visit europe.gartner.com/datacenter. You can also follow the event on Twitter at http://twitter.com/... using #GartnerDC.
