Increased use of virtualization may be driving many businesses to investigate internally focused data protection solutions, but customer appetite for hardware-based perimeter controls shows no sign of slowing, according to one solutions provider.
The need for an architectural rethink had grown out of the growing adoption of virtual server solutions, which require purpose-built security solutions that interact with hypervisors and virtual machines (VMs) rather than trying to duplicate the conventional security tools within the VMs.
This trend had moved the perimeter for business applications inwards, particularly since the spread of network-accessing mobile devices has already shaped modern notions of data protection. But with the rise of advanced persistent threats (APTs) and malware communicating with the outside world, perimeter defences had taken on an expanded role as the close inspection of incoming and outgoing network traffic became ever more important.
Perimeter gateways also offer a layer of protection for internal virtual servers, Watchguard Asia-Pacific vice president of sales Scott Robertson told CSO Australia.
“SMBs have embraced virtualization,” he explained, “but when you're using virtualized infrastructure and hosting different applications and user groups on the same service, you don't have that same traditional segregation you used to have.”
“The traditional network environment used to be a secure perimeter,” Robertson continued, “but these days customers might be hosting Office 365, SalesForce.com or using other Web applications.
“And while there's a lot of interest in virtual security on platforms, there's still a market reluctance to have a virtual server talking directly to the Internet” without an intermediary handling device security."
For those reasons, he said the shift to embrace cloud and virtual environments was “focusing the discussion in new areas” – for example, the implementation of data and access controls to control employee access to certain systems, or the use of security scanning tools to scan connections from mobile devices in bring your own device (BYOD) models.
“All of these technologies that people and businesses embrace, should provide some sort of productivity benefit or improvement in the way they do business,” Robertson said. “Yet at the same time they introduce a whole realm of new security threats.”
Backing new initiatives and virtualization-specific security with gateway security solutions – including the appliance-based security systems commonly used for perimeter security – offered the promise of a more comprehensive threat defence, with internal firewall defences part of a big-picture security posture.
“There are a range of different inputs required to be able to assess security policy,” Robertson said.
“It creates a lot more discussion, particularly because there are things that systems admins can't decide on their own. However, there are good examples where a security solution can facilitate that kind of solution: it does make security much more complex but it allows for a more comprehensive security policy to be implemented. From a security point of view, what keeps us motivated is the constant change in the environment.”