By - May 10, 2016

Continue with our blog series on Gartner’s cyber security predictions for 2016 and 2017 and their impact on the middle market. Today’s topic will be the 2nd prediction:

Software Defined: According to Gartner, application and platform security will become the newest members of the “software-defined” movement as we enter 2016, enabling organizations to meet new requirements for management flexibility and capability as well as use across multiple vendors and security policy pools—lessons learned from both the middleware (service bus) security space and the virtualization security space have been played key roles in creating this software-defined approach to managing and enforcing security policies.

This is a continuation of the theme presented in their first trend regarding the Internet of Things (IoT), namely, that the business environment will continue to become inherently smarter and organizations will need to adapt to different methods of administration in order to properly oversee and control the avalanche of new data and systems.

So, what does the concept of Software Defined Security (SDS) actually mean and how will it change an organization’s approach to securing their environment? In plain English, SDS means that organizations will manage their security from the “thousand mile above” view rather than the tactical, on-the-keyboard methods that most organizations use today.  It allows organization to give broad guidance to the environment on what types of behaviors they would like to allow rather than concerning themselves with the myriad of low-level, device specific configurations that actually implement the solutions.

As an example, imagine the differences between the SDS approach to controlling internet access to specific types of websites and the traditional, tactical methods of doing so. Using the traditional methods, administrators would potentially be required to touch and configure individual firewalls, proxies, DNS servers, Domain Controllers, end-point protection agents, Data Loss Prevent (DLP) appliances and agents, malware gateways, and other hardware and software solutions. This approach often takes hundreds of hours to reach even marginal success at the stated goals, and if often proves impossible to maintain over time. Conversely, the SDS approach would have an administrator select and implement generalized polices from a single, polished graphic interface that would instruct the underlying software to go forth and perform all of the aforementioned individual configuration steps.

Such a management platform drastically changes the business calculus for enterprise security. These solutions allows administrators and security teams to make logical decisions on how the environment should behave without necessarily taking into account the overall “keyboard” time needed to implement the solution. Unfortunately, it is a simple reality that organizations often know exactly what should be done to secure their environments, but they then need to settle for half-measures because the effort and cost needed to accomplish those tasks outweighs the benefits. SDS management platforms could significantly reduce the expense related to deploying appropriate security controls, which then puts “true” security within the reach of middle market companies that currently do not have access to the resources and technology to reach that state through traditional means.

With that being said, how do organizations start to utilize this new generation of security products? First and foremost, beware the marketing buzz.  The term “Software Defined X” (replace X with whatever IT product strikes your fancy) is currently a major focus for software and hardware vendors and the market is swamped with advertisements for “Software Defined” everything. Similar to the term now ubiquitous “cloud” term, organizations must understand what actual functionally they desire then find a product that meets those requirements rather than deciding they need a product that happens to have a buzz-worthy term attached to it than trying to figure out what it does and how they will use it. For organizations starting to explore Software Defined Security, consider the following:

  1. Abstraction: A true SDS product will remove essentially all direct interaction with the underlying environment once it is deployed. Except for rare cases, administrators should be managing the behavior of the network, operating systems, applications, data, and users from a single interface. The engine running under that interface should be making the vast majority of alterations to the various elements of the environment. Beware of solutions that advertise this ability but still end up forcing administrators to circumvent the SDS solution and manually configure most resources in order for them to work as desired.
  2. Agnostic: A true SDS product will be able to interact with various operating systems, mobile devices, databases, web applications, hosted services, cloud services. Much of the actual behavior should be automated and require little to no administrator interaction. Beware of solutions that only focus on one area of the environment (e.g. management of operating system level functionality) because this may lead to an organization needing to deploy a library of SDS solutions rather than one overarching platform.
  3. Consistency: Closely related to the prior point, a true SDS product will behave as expected regardless of the size or composition of the environment over which it is deployed. If an administrator tells an SDS solution to enforce passwords that are 14 characters long and complex, the results should apply equally to environments that are large or small, a mix of operating systems, a mix of applications and software, and a mix of on-site and hosted. Beware solutions that offer flexibility across various platforms but can only demonstrate functionality over small sub-sets of the resources you would find in a modern environment.
  4. Monitoring: The final major component of a true SDS solution is the ability to monitor the behaviors of the environment. This is beyond SIEM and other security monitoring solutions that are log based. SDS level monitoring should provide visibility into the percentage of the environment in compliance with specific controls, the number of exceptions, anomalous activity, and a wide variety of other events that are beyond the capabilities of lower-level security monitoring solutions. Beware SDS solutions that advertise “monitoring” but in reality simply gather and collect logs similar to existing solutions.


Leave a Reply

Your email address will not be published. Required fields are marked *

Receive Posts by Email

Subscribe to the IT Infrastructure blog and receive notifications of new posts by email.