With the shift to cloud and mobile computing, security architectures have not kept pace with modern data center architectures. In a world where perimeters have largely disappeared, organizations must embrace security models designed for cloud: distributed systems. Taking a cue from cloud architectures, distributed systems allow security to scale horizontally, adding capacity dynamically based on need. Distributed systems offer a superior architecture for security by providing simplified operations, more effective threat analysis, and better economics.
Innovations in digital business, mobile, big data, social collaboration, and Internet of Things have pushed the limits on existing computing systems. As a result, organizations are transitioning to cloud architectures that are better geared to handle the new requirements for agility, scalability and flexibility.
Cloud computing architectures (whether public, private, or hybrid) offer numerous benefits over traditional client/server models: on-demand service instantiation and reconfiguration; elastic scaling of capacity; and arbitrary placement of workloads to keep physical asset utilization high, to name a few. The business value created by these benefits is transforming entire industries.
Yet security architectures have not evolved and remain dominated by legacy client/server models, monolithic proprietary hardware platforms, and workload-based software agents. These legacy security systems fall into two broad categories: perimeter-based, and host-based.
Perimeter-based security systems (often referred to as network-based systems) intercept the communications between clients and servers, and interrogate that traffic for compliance with established security policies. Firewalls and IPSs are common examples of perimeter-based security.
One of the primary benefits of perimeter-based approaches is coverage. All kinds of computing systems can be protected by a firewall – whether it’s a web server, a mainframe, or a piece of infrastructure. Next generation firewalls emerged to include application awareness and deep packet inspection to give companies more control over applications ingressing or egressing the perimeter while detecting malicious threats.
Historically, a challenge with perimeter models has been gaining sufficient context on the endpoint. Perimeters are far from the endpoints they seek to protect, and the traffic can be transformed or obscured in transit. This creates challenges in inspection (i.e. ensuring high fidelity in the policy evaluation to avoid false positives or negatives), and in attribution (i.e. once an issue has been identified, the ability to connect that issue back to a specific originating host).