For years, the security industry has been complacent, using complex concepts to keep security discussions isolated from mainstream IT infrastructure conversation. We all know that this time is over. The industry consolidation, initiated by EMC’s acquisition of RSA in 2006 and now well on its way with the recent acquisition of McAfee by Intel and Arcsight by HP, is demonstrating that the security and IT infrastructure conversation are one in the same.
We, the security people, must follow this transition and lay out a vision that non-security experts can understand without having to take a PhD course in prime number computation.
Let me give it a try by using the video rental industry as an example on why security in the cloud will be different and more effective.
Video rental industry:
1 – You start with a simple need: Most families want to watch movies in their living room, a movie of their choosing, at a time of their choosing.
2 – A new market emerges: Video rental stores with chains such as Blockbuster in the US. Do you remember the late fees?
3 – Then comes a new business model. Instead of paying per movie and driving to the store, you pay a monthly subscription fee and movies are delivered directly to your home. Netflix* jumps in and makes the new delivery model work with legacy technology by sending DVDs through postal mail.
4 – Increase in network bandwidth makes video on demand possible on many kinds of end-user devices from cell phone to video game consoles. Netflix expands its footprint by embedding its technology into any video viewing device that makes it into your home: Game consoles, streaming players and smart phones.
5 – Blockbuster has filed for Chapter 11 bankruptcy. Netflix is uniquely positioned to help consumers transition from the old world of video viewing with DVDs to video on-demand. The customer wins with better movie choices delivered faster.
The Security Industry
The parallel with the evolution the security industry is going through is striking:
1 – You start with a simple need from CIOs and CSOs: They want to secure their information.
2 – A new market emerges: IT security with early players focusing on perimeter security: Building firewalls around information and bolting on security controls on top of insecure infrastructure.
3 – Here comes the cloud, a different way of delivering, operating and consuming IT. IT is delivered as a service. Enterprises use virtualization to build private clouds operated by internal IT teams. The IT infrastructure is invisible and security is becoming much more information-centric. New security solutions emerge that focus on gaining visibility over the new cloud infrastructure and on controlling information.
4 – Increase in bandwidth makes it possible to expand private cloud into hybrid clouds, using a service provider’s IT infrastructure to develop new applications or to run server or desktop workloads. Security is changing as controls are directly embedded in the new cloud infrastructure, making it security aware.
5 – What will happen to the security industry? It must adapt and manage the transition from physical to virtual to cloud infrastructures. First, by dealing with traditional security controls in physical IT infrastructure; then, by embedding its control in the virtual and cloud infrastructure to build a trusted cloud; and finally by providing a consolidated view of risk and compliance across all types of IT infrastructure from physical to cloud. The customer wins: IT infrastructures have become security-aware, making security more effective and easier to manage.
So, does this explanation work for you? I welcome all comments below!
* Netflix is a registered trademark of Netflix, Inc.