Let me give you an example. In Catbird we manage firewall rules, and we do it on a TrustZone basis. That's our policy envelope methodology. So I say stuff — these five servers are in this TrustZone and they can only talk to this other TrustZone providing database services with database network traffic. And anybody can come into it with web, because it's a web app.
What I'm able to do when I'm managing ACLs or network-based access control rules is forsake the context of every other zone or IP address and simply look at those rules that are impacting that zone. Now the zone is a container for many assets that might have multiple interfaces, etc., but I'm essentially getting an economy of scale when I abstract multiple IP addresses to this zone because I can look at the rule set within the context of just that zone.
And then when those zones are removed, or when the virtualized assets in those zones are decommissioned, I can easily see that and remove those rules. When we think about it this way, a firewall operator need not ever consider and manage 70,000 rules at a time. The system is intelligent enough to manage only the subset that's relative to them.
Does the DevOps movement — the practice of merging the development and operations groups — change the equation at all? Someone recently said DevOps is the last great hope for security professionals because it would let them bake in security early.
I've been to organizations that take security very seriously: federal, financial and high-tech companies who have the skills to protect their IP, etc. I've also been in organizations who know that security is important but haven't allocated anything more than technology expenditures to security ever. So it really runs the gamut.
But even in organizations that take security seriously, security is rarely baked in from the beginning. So I agree with the DevOps sentiment that security people should be involved from the beginning. It seems that someone is getting hacked every day now. They learn how much security they need by living through these nightmares.
Good security is the ability to respond quickly when things go wrong. If you knew how they were going to attack and subvert your systems tomorrow, that would be the Holy Grail, wouldn't it? Most security solutions are looking at yesterday's hack.
That's why I am a firm advocate of multifunctional integrated security solutions that perform automation. Because with these types of tools I can analyze network traffic and manage firewalls and scan and look at the open ports and launch a configuration scan, all from the same unified interface. That gives me much better holistic unified threat visibility than I can possible get with five different consoles open on my desk. And that, by nature, means tool consolidation.
Sign up for Computerworld eNewsletters.