Much is said today about security, much is said in the past and more will be spoken in the immediate future … not far, the immediate.
Today President Obama authorizes, by executive measure, to impose sanctions on cyber-attackers towards the United States. and it could be understood that this is a late reaction or a mere eagerness to reveal what for years has been commented and hidden, or that was only left to the free interpretation and conjectures of what was happening globally.
The recent events, some not so much, put us to think about that 1983 film called Cyber War and if what is happening today is not a reflection of the cold war, espionage, or just running a fantastic movie script .
Today we need to be more aware of what has been going on for a long time and it is no coincidence that FBI Director Cybedivision Director Joseph Demarest expresses himself in Sony’s case about the increasingly sophisticated sophistication of these cybernetic perpetrators and draws attention to “You will be hacked … make a Plan”. This is not the first case of Sony which goes back to 2011.
But what does this have to do with Virtualization ?, if we take into account the growth of the IaaS offerings by Cloud Services Provider that they are using in their operations of virtualized environments services to maintain an acceptable cost rate that helps them to be more competitive, with faster procurement, and greater operational efficiency; there would be no doubt that they would also have to pay much attention to the statement of Joseph Demarest.
Today virtualization is a fact in Latin America, in some countries have already reached a relevant maturity rate, others are still consolidating, and the least are thinking positively the adoption of dynamic infrastructures within an increasingly hybrid environment … and fair here, in the hybrid that are happening the Datacenters of today is that are the gaps of security due to the maintenance of paradigms regarding the traditional security that want to be embedded like a game of tetris in these new technological platforms, while these today are progressing towards the unification of several dissimilar layers of the infrastructure towards a technological umbrella of Software-Define-Network and Software-Define-DataCenter.
But how are security gaps in these transitions of mental models versus unification of physical infrastructure, networking, security, virtualization, services, etc.? … this is an interesting question to answer.
The first is that the traditional security applied to the dynamic environment of virtualized datacenters is opposed to the availability of resources in the operation of the business. The second is that security must be considered as an internal service within this new dynamic infrastructure where the most important beyond the perimeter or virtual segmentations is the jewel of the crown … the data. As long as you think of IP within the dynamic datacenter and do not switch to an application security paradigm, we will have these discrepancies and eternal quarrels between Risk, Security and Infrastructure at the committee’s board of meetings.
The management of the risk adapted to the dynamic datacenter is key to understand how to improve the availability of the platform, such as to achieve greater efficiency, such as keeping KRI risk indices at bay due to an efficient management of vulnerabilities that seek to shorten windows exposure to risk or attacks on these gaps in terms of hours / days.
Thinking that we will be hacked, will create new contingency plans, new security plans, more creativity in protecting critical information assets, and above all, understand that the dynamic datacenter will be dominated by software every day, it will be every day more malleable to the needs of the business, will be more and more critical its defense with a new way of thinking about security.
You will be hacked … make a plan … do not be a victim … do not be part of the attack statistics.