IT organizations are interested in making the move to software-defined infrastructure (SDI) for their data centers. Most market studies show a clear uptrend in planning and adoption over the next few years.
Why? SDI can dramatically reduce time-to-service and costs through automation. And overall, it creates a more secure infrastructure.
But despite demonstrable benefits, for most organizations, the path is gradual. Sometimes skeptical. Mostly cautious. And what is a root cause of the anxiety? Ironically, security. It is still perceived as a barrier to adoption.
But why? What we hear from our customers and partners is consistent. The challenge is not really with SDI, but with the security infrastructure itself. Simply put, existing security solutions are designed for existing data centers. Not the new stuff (SDI).
So why is Software-Defined Security needed to solve this?
Reason 1: Current security solutions are mostly blind to what actually goes on in one of those virtualized data centers.
Today’s advanced security solutions are often high performance physical platforms at the perimeter of the data center or network. Or just ported, virtualized versions of them placed within it. Most were designed to focus on access-based security for traditional networks with static routes and known entities. While they may be excellent at detecting and blocking attacks, they are unaware of the dynamic changes that occur within SDI. And they’re unable to consume its information and exploit its innate security capabilities.
Reason 2: Assimilation of point solutions into an SDI can be futile – mostly.
There are a few emerging solutions that provide for point integrations with virtualization management and orchestration platforms. But while they support some targeted use cases, the overall approach of stuffing a single security function into the infrastructure doesn’t do it. The point product integration also results in inconsistent user experience for the security admin responsible for multitude of security products. And while the SDI can meet some of the shared intelligence and security orchestration needs, these platforms are not designed for in-depth security analysis and management. Especially in the way that security teams both expect, and rely on.
Reason 3: Most people, and businesses, prefer positive return-on-investment
IT organizations have made significant investments in their existing security solutions. Beyond equipment and applications, they’ve configured those systems, and built the skills of their personnel or relationships with their providers, to manage it. They generally don’t want to hear “forklift” upgrade. Or that staff will need to manually outpace network automation. Or manage more security systems. Or figure how to synchronize policy across disconnected infrastructures.
The result? Trying to employ existing security solutions or point product approaches create gaps in protection and coverage, inefficient architectures, and problems with compliance. And through this, the value and potential of SDI for performance, cost reduction and security isn’t fully realized, and adoption slows.
We have a new solution to this challenge, which uses a new approach for Software Defined Security.
This fall 2014, we will introduce the Intel® Security Controller. It provides an abstraction layer between the security and virtual infrastructures. It uses a controller-based approach for Security Function Virtualization (SFV), virtualizing the individual security services, and synchronizing policy and service injection within workflows as defined by the SDI. And it supports duty separation and investment protection by allowing security admins to use their existing security management applications to span policy across their physical and virtual security infrastructures.
Neil Campbell, Global General Manager for Security at Dimension Data hears the same requirements from customers that we do. “For SDN to be considered ready for deployment in large organisations, security controls need to be applied with the same level of granularity and reliability that is possible with physical infrastructure. This new, unified approach to security is a very exciting development for our clients. Accommodating existing security assets to secure virtual infrastructure and automate security management amplifies their return on investment.”
In its first release and application, we partnered closely with VMware to create a solution that uses the Intel® Security Controller to offer the protection of our next-generation IPS, the McAfee Network Security Platform within VMware NSX data centers.
This is just the beginning, and we’re really excited to have worked with VMware to develop a solution that can really help our customers realize the full potential of SDI. The Intel® Security Controller will be available for beta in just a couple of weeks, and released in a couple of months. I encourage you to learn more about this new solution, and consider applying to our beta program by visiting our website at
- Rishi Bhargava, Vice President and General Manager, Software Defined Datacenter Group Intel Security Solutions Division, Intel Security, Inc.
Follow Rishi on Twitter