Today’s datacenter is in the crosshairs under constant demands of modern business, meaning uninterrupted, secure 24/7 operation.  One of the biggest threats to that constant operation is the constant challenge of security.  Well publicized security breaches have in the recent past cost companies significant financial damage, as well as reputation and credibility.  As little as a one-day interruption tied to security can have irreversible impact.  Implications from a security breach can additionally affect such modern components of the overall picture such as mobile workers, web-based applications, as well as an increased client information database.  Today’s security worker needs to adopt a new base of skills to reflect the changing infrastructure.

The threats are numerous, including things like all out compromise scenarios, sophisticated malware like Flame and Stuxnet, botnets, and DDoS.  The matrix of threats requires new security constructs with new demands.  Integrated features such as in-line defense and technology that has alerting capabilities are critical in these new environments.  Architecture features should be optimized for user experience, yet keep the best practical security in mind.  Even still many organizations are looking to security services based on cloud technology to secure among other things, their internal infrastructure and cloud environments.

Security technicians are having to adapt to these broad elements and changing landscape. For example, take applying archaic security strategies to an internal cloud, external cloud or hybrid cloud environment.  Innovative answers to security questions are still emerging and include many newer features such as data mining, automated log analysis, security that is built-in to virtualization technologies, delegation strategies, and expanding centralized tool management.  That list goes on, and security strategies should be built around a particular organization’s needs.

The days of a one-size fits all prescription to security approach are gone.  Today even backup and recovery duties are being turned over to services in organization after organization.  I’ve made the case before, and heard from the security community time after time that compliance is not security.  Never has that case been made any clearer than in today’s changing technology environments.  The perimeter has changed and will continue to change, so strategies that solely focus on securing the perimeter are out.  Many of the traditional compliance rules don’t even sufficiently address much modern infrastructure.  Traditional security skills of procedural constructs, auditing and standardization are diminishing in value to the business.  Intelligent solutions at every level that are customized to that enterprise environments needs are imperative.  Arriving to those solutions means a strategic approach, knowing the detailed elements of the infrastructure, user base, cloud environment, and an efficient, practical strategy.  Open standards based tools and unified management can provide a quick leg up in many cases.

Security practitioners enjoyed a very consistent reference model for security for a long time, but that has changed.  I recall that a former colleague of mine was lamenting a few years ago that in his opinion, security was now focused way too much on compliance, patching, standards, and procedure.  The “fun” of hacking something had been removed from the equation.  I believe he may have been wrong then, and it certainly couldn’t be any more wrong now.  Things have shifted very quickly in those short few years in terms of mobility, increased threats, virtualization, and infrastructure in general.  That’s just the tip of the iceberg.  Just thinking of such process strategies that include app validation, regular penetration testing, and virtual strategies makes it easy to see that there are many critical and dynamic elements to a layered and dynamic security approach.  Without any doubt that will continue to evolve and change to accommodate the technology landscape that lies ahead.