The departure from perimeter-defined security is a key theme at RSA Conference Asia Pacific & Japan in Singapore. The state of data center security has also evolved from the paradigm of a self-contained operation with a well-defined perimeter, says Munawar Hossain, director of product management for data center security and content security at Cisco Systems.
"[The data center] has evolved in three distinct ways: the aspect of virtualization, the dependence of the data center on optimized resources; and the dependence on services not housed in the data center," Hossain says.
In his RSA keynote session titled Securing the Next-Generation Data Center (video), Hossain spoke to how virtualization has brought about a change in the traffic patterns and flow of data within the data center. About 75 percent of the traffic takes place in the east-west direction - traffic that doesn't leave the data center at all, he says. The challenges here are provisioning security within this landscape and elastically scaling these services.
Add to this the preponderance of hybrid SaaS models that organizations are increasingly deploying to meet capacity requirements, and you have a scenario that requires you to re-architect your security strategy to the new networking architecture and sophisticated threats, he says.
In this exclusive interview with Information Security Media Group, Hossain shares insights on the state of security in the data center today and the evolution that it has seen. Hossain also speaks about:
- The changing threat landscape in this space;
- Challenges being thrown up by these changes;
- Security investment recommendations for practitioners.
Munawar "Mun" Hossain is director of product management for cloud, SDN/NFV and content security at Cisco's security business group. He joined Cisco in 2000, and during his tenure with the security team, he has led several key product lines including firewall, IPS, VPN, email/web security, data center/SP security and DDoS prevention. Most recently, he led a team to embed security into Cisco's SDN framework, deliver virtual security assets to secure the public cloud, and extend Cisco's portfolio for security services delivered from the cloud through SaaS offerings.