Next-Gen IT Infrastructure Requires a Next-Gen Security Approach
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security targeted-attacks advanced-threat information-security network-security
1 Comments | 4,047 Visits
Guest post by Nicholas G. Harlow, product manager, IBM Security.But like all technology does, the information security landscape has evolved. Organizations no longer control all aspects of the IT environment, nor do they want to do so. IT workloads are frequently collocated in a shared data-center or virtualized and running on public cloud infrastructure, shared among numerous unknown parties. Employees increasingly demand to use their personal smart phones, tablets, and laptops for both personal and professional purposes. Because of this, critical data and business functions are frequently processed or implemented as network-accessible IT applications.
In traditional IT infrastructure, organizations controlled every aspect of the environment, from the physical building, to the machine hardware, to the software stack, and the data repositories. Enforcing security in this environment was easier because there were fewer variables to control.
Security threats more often target these applications, and not simply to gain unauthorized access to systems for curiosity or mischief. Instead, malicious attackers are more likely to be well-funded organized criminals or national actors targeting organizations in order to defraud them, compromise their critical data, and disrupt their operations, using increasingly sophisticated attacks. The cost to organizations of a successful breach in lost revenue, productivity, and clientele is climbing steadily. Organizations must manage the risk of operating in this more dangerous landscape.
Although next-generation IT infrastructure provides flexibility and specialization, ensuring equivalent security in this improved operating environment is more complex. The objective is to manage risk and minimize costs without compromising operational efficiency. Security of next-generation infrastructure requires solutions that are flexible, scalable, and manageable. Furthermore, next-generation security must provide adequate visibility into the activity and usage of the infrastructure in order to manage the associated risks. Because of the distributed, flexible nature of next-generation IT environments, no single security product will meet every use case; beware of any vendor trying to sell you a “silver bullet” for security.
Effective security solutions are more likely to be comprised of multiple elements each designed to protect an aspect of the infrastructure, such as the network, critical server infrastructure, virtual environments and user endpoints. These elements should consolidate the required security features as much as possible in order to prevent wasted expenditure and the proliferation of point solutions. Furthermore, in order to keep the cost and complexity of these solutions under control, organizations should look for solutions that centralize and integrate their management and output.
Investing in solutions that can centrally manage large parts of the security infrastructure reduces the administrative overhead and total cost of ownership of the solution. Similarly, centrally collecting and automating the analysis and correlation of security events, network behavioral data, and log data is critical to deriving timely insights from the flood of data your infrastructure can provide. These insights can help to draw focus to the key risks quickly, while focusing less attention on low risk areas of the infrastructure.
Securing next-generation IT infrastructure requires adequate visibility into your systems, scalable management, and a way to extract actionable intelligence from all the data being produced. Effective next-generation security solutions will provide these capabilities, while limiting the cost and complexity of managing the system.
About the Author:Nicholas Harlow has over a decade of experience in security software. He is the product manager for the IBM Security Systems host and virtualization security products, as well as the security content analysis offerings. Prior to joining product management, he worked as a software engineer on IBM's Identity and Access Management products. He holds a Bachelor of Science in computer science from Stanford University and an MBA from INSEAD.