Our own Carson Sweet recently spoke at the Wall Street Technology Association (WSTA) seminar on data security. Financial institutions have been among the most diligent about data threat profiling and creating effective protection strategies. However, evolving infrastructure delivery models have impacted data protection approaches on multiple levels. What’s possible in virtualized, dynamic cloud infrastructure is very different from traditional approaches. This brings an opportunity to change security delivery too. As a result, data protection approaches should follow suit. This evolution brings its own challenges, creating churn and change. Yet, financial services still need to protect the data and the infrastructure where financial data is stored, processed and transmitted.
Historically, security leaders have adopted strategies that deploy protection at the infrastructure level, often with a very appliance-centric approach. This approach maps well to traditional infrastructure environments that are relatively slow-moving and allow for arbitrary physical topologies and hardware choices. An infrastructure/appliance centric approach also matched well where vertical scalability is often achieved through tuning hardware and networking to meet the application’s demands – not vice-versa. In these models, applications often live on their own dedicated “islands” of hardware, on their own network segment, both of which are highly customized to the demands of the application itself.
This approach is being turned on its head by a combination of cloud infrastructure and application models designed for horizontal scale. This scale is often by way of cloning identical virtualized workloads. In these models, the applications are tuned to use abstracted cloud infrastructure, typically homogeneous from a hardware, networking and topology perspective. With limited to no control over physical-level networking, and without the ability to deploy hardware-accelerated security appliances, security approaches that depend on appliances are becoming far less useful.
The disruptive nature of cloud-centric infrastructure and application models are furthered by the proliferation of big data technologies. Big data use cases are used extensively for use cases such as enhancing the customer experience and the ever-growing computing demands of ‘what if’ Monte Carlo simulations that refine business analytics. In these use cases, business units don’t want to acquire a permanent stack of hardware that they may only use from time to time. They want to rent computing power on-demand, and pay for exactly what they use. In addition to being time-efficient (no waiting for physical infrastructure to be built), on-demand cloud infrastructure also accommodates budgetary demands that every company must contend with.
So it’s time to model security that is purpose-built for these cloud environments and can bridge across public, private and hybrid clouds. The agility of business does not have to hold back because of cloud workload security concerns. CloudPassage Halo has many features that can provide the security accountability for financial services. Even though the delivery of software-defined security may be new, having the means to integrate into proven existing security processes will help manage through the change and churn. With ability to utilize the REST API, end to end integrations to governance, risk and compliance solutions, SIEM/logging, and identity management can easily be fulfilled and meet the demanding needs of securing banking functions.