Security Think Tank: Meeting the security challenge of multiple IT environments

Security is now officially “perimeter-less”. Organisational boundaries have disappeared as increasing volumes of workloads move to different clouds according to enterprise requirements.

Using cloud providers for a variety of workloads and services is now commonplace across organisations in most verticals, with Ovum research noting that around 30% of enterprise workloads run in the cloud.

Although less than 5% of all mission-critical and core business applications are currently deployed in the cloud, these workloads are expected to transition to hybrid multi-cloud environments, where integration services are used to place workloads to fit the specific need of each application.

The speed with which workloads can be spun up in the cloud means that run-time security is of paramount importance. Flexibility is a boon for developers and operations, but a challenge from a security perspective.

Security and compliance challenges are magnified by the multiplicity of different environments, making it significantly more difficult to apply common security policies and compliance controls across an organisation’s business footprint.

However, a combination of software-defined networking (SDN), containerisation and encryption can be used to help alleviate some of these security headaches. Each of these three areas can be used to apply security policy at the application and data level.

SDN enables the organisation to respond to the demands of variable workloads using dynamic networking, separating the flow of data from the network instructions. This separation allows security policies to be applied directly to the data flow.

Containers package the workload in a format that allows these security policies to be applied to just that specific workload, as well as supporting the concept of portability. Furthermore, containers can be encrypted, which can be used for protecting information. 

A layered approach to security is widely recognised as the only way for organisations to have a reasonably comprehensive security posture, and this is as true in a multi-cloud world as it is on-premise.

The level of “comprehensiveness” will depend on the number and quality of layers of security, and applying SDN, containerisation, and encryption contribute positively to these layers.