As is explained in our recent Leadership Report, Security for the Cloud, IT security is evolving rapidly under-the-covers under the pressure of infrastructure virtualization, migration to Public Cloud, and a growing shortfall of security talent in the market. Virtualization, a.k.a. software-defined technology, has spread from compute to storage, networking, and applications. Workload virtualization will reach almost all enterprises by 2017 and continue growing at this pace through 2019 at least as part of the new master IT architecture.
Security for the new master architecture is at once very different from traditional on-premises brethren, while reusing some of its fundamental design principals. The virtualization of security for the Cloud is embedded in the Cloud infrastructure, up and down the stack from hardware through applications, and across the Cloud(s) with the use of software-defined networking (SDN). SDN separates security policy from underlying services, devices, and workloads by placing policy in a web-browser, while the functions of data switching and routing remain in network devices, enabling Cloud providers to quickly spin-up and down virtualized private computing that extends from storage and data, through compute and applications anywhere in the Cloud. Security virtualization is extended further by virtual network functions (VNF) that add services to almost every aspect of security, from firewalls to antivirus applications, sandboxes to data loss prevention, and cryptography to Web application filtering. The virtualization of security is further enabled by OpenStack, an open-source network Cloud operating system now in general use, integrated into commercial cloud packages including Hewlett-Packard Enterprise’s Helion and IBM’s Softlayer and supporting SDN, VFN and APIs for Amazon Web Services and Google Compute Engine, among others.
As more workloads and data centers migrate to what’s called the public cloud, responsibility for securing the IT infrastructure will move to cloud service providers. The focus of security expertise will shift up the stack; enterprises will shift hiring to data analysts, vendor managers, risk and business analysts, cloud virtualization security specialists, and DevSecOps developers to fill market needs for more than one million new open positions by 2020.
The focus of security will also shift up to business uses, software services, and APIs, while Cloud providers will deliver the physical and technical security expertise and controls, along with the infrastructure. The locus of security will shift to virtualization, software- and API-defined services, analytics, multi-Cloud provisioning, and the orchestration of security services across the enterprise value chain. Security virtualization over the next two-to-four years will set the stage for a decade of significant change in enterprise security.
The full report, “Security for the Cloud,” is available to clients of the Business IT Strategy and Transformation (BST) research View. For more on ISG Insights and our Research Views, please click here.
