Less than a week before the RSA Conference in San Francisco and my telephones are ringing off the hook. People want to discuss a variety of topics including APTs, mobile security, cloud security, big data analytics, and so on.
Funny, but no one has mentioned data center network security. Yes, but with the rich assortment of buzz-worthy topics, why discuss something as boring as data center network security? Because it is a real problem. In a recent ESG Research survey, networking professionals were asked to identify their top data center networking challenges. Network security was the top challenge (51%), followed by network performance (44%), and network management (37%).
Data centers are gaining massive scale as large enterprises work through data center consolidation projects and embrace server virtualization. Unfortunately, growing data center scale and complexity is no match for physical security devices, manual processes, and limited skills. ESG calls this phenomenon "data center networking discontinuity." This discontinuity is forcing changes in the physical network (i.e., fabric architectures, SDN, network convergence), and it will force changes with network security.
Some specific issues include:
- Data center network security scale. ESG sees standardization of 10GbE at the network access layer and interest in 40/100GbE for the network core. This will require a new generation of high performance/low latency network security equipment from Check Point, Cisco, Crossbeam, Fortinet, HP, IBM, Juniper, McAfee, and Sourcefire. It also presents another opportunity for F5 to work its security/network/application aggregation play.
- Server virtualization security remains a mystery. Yes I know that everyone and his brother offers security tools as virtual appliances and that VMware has been very active with vSafe and vSheld. What security vendors fail to realize, however, is that large organizations have no clue as to how to build a physical/virtual security architecture. Enterprises need more education and less bits and bytes.
- What about compliance? Even if we can create a high performance physical/virtual security architecture, will compliance auditors approve it? When I ask vendors this question, I generally get a tilted head/strange noise dog look in return.
Data center networks are going through a profound transformation and this will be a major point of discussion a few months from now at Interop. Surprisingly, it will be a minor topic at the RSA conference next week. Hmm, where is all the talk about high performance firewalls, virtual/physical controls, new processes, user education, and regulatory compliance concerns? To paraphrase an old Forrester colleague of mine, the security industry seems to be "tripping over the dollars and picking up the pennies."
You can read Jon's other blog entries at Insecure About Security.