Name
Moving from an Infrastructure to an Application Security Focus
Date & Time
Tuesday, April 23, 2019, 10:30 AM - 11:30 AM
Speakers
Description
Applications have continued to move from monolithic stacks to more distributed models. Future applications will be even more distributed by breaking up specific application services further into sets of containers and micro-service arrays. This continued distribution will have dramatic positive impacts on scale, performance and availability. However, with this increased level of distribution new challenges emerge. Chief among these challenges is the ability to effectively apply security controls for these applications. The modern datacenter is now largely virtualized and is composed of many application “networks”. Trying to apply distributed security controls for this increasingly distributed model of application constructs is proving to be challenging at best and ineffective at worst.
The primary emerging threat in today’s modern datacenter is the cyber posture of the resident workloads contained within. The standard approach to securing data centers has emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats – including advanced persistent threats, insider threats, and coordinated attacks. What’s needed is a better model for data center security: one that assumes threats can be anywhere and probably are everywhere, then acts accordingly.
During this session, we will look at benefits of this evolving segmented architecture. We will also explore the “art of the possible” around these three areas:
The primary emerging threat in today’s modern datacenter is the cyber posture of the resident workloads contained within. The standard approach to securing data centers has emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats – including advanced persistent threats, insider threats, and coordinated attacks. What’s needed is a better model for data center security: one that assumes threats can be anywhere and probably are everywhere, then acts accordingly.
During this session, we will look at benefits of this evolving segmented architecture. We will also explore the “art of the possible” around these three areas:
- Network security inside the data center—Organizations will develop flexible security policies aligned to virtual network, VM, OS type, or dynamic security tags aligned to tenant mission sets. This creates a workload centric view of security regardless of the network topology implemented.
- Automated deployment for data center security policies—Workload security profiles could be applied when a VM or container object spins up, moved if and when a workload is migrated, and are removed when a workload is de-provisioned insuring that there are no stale security controls. In other words, the tenant’s security posture become an inherent attribute of the workload itself.
- Using best of breed security ecosystem to go “Beyond the Firewall”— Organizations will also require platforms that provide an extensibility model with open API frameworks to enable advanced integration and automation with various security tool sets beyond just firewalling. This will also create the basis for next generation “adaptive” CYBER capabilities.
Location Name
Room 5
Full Address
Palmer Events Center
900 Barton Springs Rd
Austin, Texas 78704
United States
900 Barton Springs Rd
Austin, Texas 78704
United States
Session Type
Breakout