The single biggest threat to today’s networks is security, but as those networks have now extended to the cloud, the security ‘perimeter’ has moved beyond the control of the customer.
Software-defined networking has enabled a new level of flexibility for network security architecture in a virtualised datacentre network. This has enabled enterprises to move away from traditional perimeter-centric security solutions, and look at dynamic network designs that focus security controls where they are most needed – around the applications and individual systems.
So how do CIOs or CTOs plan for the security of new traffic flows when moving critical applications and data to the cloud?
“We need to start thinking about protecting the applications or the systems, rather than the network as a whole” says Simon Leech, Chief Technologist for Security, Hybrid IT at Hewlett Packard Enterprise. “The important thing with most of the customers I speak to is that, they want to be able to deliver standardised network security policies across both the virtual and physical environment.”
“If you’re talking about attacks that come from within the perimeter of the cloud itself, that’s where technologies such as micro-segmentation start to offer a lot of benefits.”
In a recent 451 Research study, commissioned by HPE, maintaining consistent network security policies for security domains was listed as a high priority by 49% of respondents. The report recommends cloud users push their cloud vendor to enable micro-segmentation as a form of risk mitigation.
As part of our Cloud Security Guru series, Simon Leech explains the benefits and capabilities of software-defined network security. Listen below.