I was recently fortunate enough to be invited to present at a conference in Tel Aviv. The title of the conference was "Powering the Cloud"; all the major players in infrastructure and cloud security were represented.
I don't in any way want to downplay the success of the event, it was both well organised and well attended but one thing struck me as soon as I looked at the agenda. Without too much reflection I realised it was something that is all too common to most conferences of this sort. The conference was divided into two tracks that ran at the same time. One track was "Infrastructure" and the other was "Security" and no one seemed to mind.
To me this enforced segregation between technical teams is indicative of the far larger problem; the fact that security continues to be a bolt-on and in some cases even an afterthought.
So what is really powering the cloud and why does this lack of cross-pollination between teams matter all the more? Datacentre virtualisation, VDI, shared storage and I/P/SaaS change the architectural game possibly more than any other innovation in the last 15 years.
None of the traditional security concerns disappear (although they often have to be addressed in unique and different ways), but new security challenges arise, many of them at an architectural level which do not have a counterpart in the physical forerunner.
Firewalls at cloud providers must operate as lowest common denominator security devices; configured for the least secure customer, but perhaps not for you. Cables, switches, bandwidth, virtualisation platforms and SANs must all be considered a shared resource and as such, untrusted. Many aspects of traditional infrastructure are collapsed into the hypervisor or the abstraction layer of the virtualised SAN and many security technologies become unacceptable bottlenecks and business disablers, crowbarred into an unforgiving infrastructure.
In this brave new world it is not enough to be an infrastructure expert or an information security expert. The focus should not be on securing infrastructure; it should be on building secure infrastructure.
And if you attend a conference that is split into unhelpful tracks, get outside your comfort zone.
I don't in any way want to downplay the success of the event, it was both well organised and well attended but one thing struck me as soon as I looked at the agenda. Without too much reflection I realised it was something that is all too common to most conferences of this sort. The conference was divided into two tracks that ran at the same time. One track was "Infrastructure" and the other was "Security" and no one seemed to mind.
To me this enforced segregation between technical teams is indicative of the far larger problem; the fact that security continues to be a bolt-on and in some cases even an afterthought.
So what is really powering the cloud and why does this lack of cross-pollination between teams matter all the more? Datacentre virtualisation, VDI, shared storage and I/P/SaaS change the architectural game possibly more than any other innovation in the last 15 years.
None of the traditional security concerns disappear (although they often have to be addressed in unique and different ways), but new security challenges arise, many of them at an architectural level which do not have a counterpart in the physical forerunner.
Firewalls at cloud providers must operate as lowest common denominator security devices; configured for the least secure customer, but perhaps not for you. Cables, switches, bandwidth, virtualisation platforms and SANs must all be considered a shared resource and as such, untrusted. Many aspects of traditional infrastructure are collapsed into the hypervisor or the abstraction layer of the virtualised SAN and many security technologies become unacceptable bottlenecks and business disablers, crowbarred into an unforgiving infrastructure.
In this brave new world it is not enough to be an infrastructure expert or an information security expert. The focus should not be on securing infrastructure; it should be on building secure infrastructure.
And if you attend a conference that is split into unhelpful tracks, get outside your comfort zone.
Be the first to comment on this article!