Having just come back from Gartner’s Data Center Conference held annually in Las Vegas, I had the opportunity to reflect about what I heard at a macro level over the past few days. For those that didn’t attend, Gartner brings together 2500 or so of the industry’s leading IT professionals from the vast majority of the Fortune 500. Their titles range from IT and Data Center Manager to CIO and VP of IT or Infrastructure. Over the course of four days or so, this mass of IT folks get together and mingle, discuss business strategies and try to get a sense of where the various technologies and the industry itself is going. Obviously areas like Internet of Things, Cloud, BYOD, APM and Co-Lo were very hot topics, as were the latest generation of offerings of servers, storage and networks. But there was one topic that seemed to be an integral part of all other discussions: security.
As I sat back and listened, I realized that many of the folks in attendance had a solid reference point of “their IT” as it has existed for the past 20 years. Many of the vendor presentations and hallway discussions had a tone which longed for the simpler “Good Ol’ Days’ where their biggest concerns were capacity, availability and interoperability. Sure, we had some good times dealing with those to be sure and many of us have made our entire career chasing those rabbits.
So here we are in 2014 and it is OURS to define the going-forward plans. And those plans will be dramatically different from the ones that got us here. And as it turns out, the massive connected mesh we are all striving for brings along with it the responsibility to deliver it all in a highly secured fashion with all the tentacles (endpoints) secured as well. The topic of Security is now clearly a sharp focus and prevails inside all of the other discussions about building IT structures today and tomorrow.
Now follow me on this next journey: According to Rakesh Kumar at Gartner, 1) Over $3.7 TRILLION dollars has been spent on IT and IT services in 2014, and 2) Over 37% of those dollars are being spent on IT solutions but OUTSIDE of the IT organization. Why are these important? What it means is that the safe and confined comfortable corporate world of IT that we all grew up on and protected is now littered with connections and other services that exist OUTSIDE of your control! And it’s not just remote users, but remote applications as well. Connecting to SaaS and other clouds, remote access and BYOD users forms a critical component of our going forward plan and yet many of us are still throwing 2005 vintage protection schemes at our corporate borders.
In the Good Ol’ Days, massive security commercial breaches were something we rarely heard of at the corporate level because those companies simply didn’t allow much external access, and when they did allow external access, they used VPN like technologies and felt safe and secure since they thought the endpoints were as good as ‘inside’ the corporate structure. Today, nearly every day, we hear about another major retailer or bank, government agency or telecom disclosing ‘issues’ with unauthorized data access. What changed? Are these companies simply not spending enough on firewalls or IDS? It should be so simple. In fact IDC says that they spent nearly $10 BILLION on protection systems this year. Money is not the problem. They want to protect, but the modern threats have simply matured so much that old school ‘signature’ based technologies (the ones deployed by most companies today) are dramatically ineffective. Today it doesn’t really matter how many ‘signatures’ those old school devices have built-in. We need to think different.
It’s about behavior. With $3.7 Trillion of new spend on the line, the forward thinkers are realizing that detection signatures are something that describes the past, where as behavior is something that defines the future. What do I mean by behavior? Well the autopsy of a typical breach goes like this; 1) A simple system like a desktop, laptop or web server is hacked and some form of malware control app is placed upon it. 2) The malware becomes the ‘agent’ on that box and can be instructed to do anything the outside hacker wishes, 3) The hacker typical is looking for something in specific, sensitive data, so this control agent is told to search that data out and then once found, package it up and use a familiar friendly protocol (like HTTP) to send it back to hacker central. Lastly, 4) these agents are usually instructed to try to find similarly breach-able peer systems so that the process can be repeated.
With this behavior in mind, it’s just a matter of designing new protection systems from the ground up that try to identify this flow. They are designed to focus on zero-day threats (those never seen before) as well as all kinds of Advanced Persistent Threats (APTs). These newer protection systems understand the zillion variants of behavior and the best of these systems actually get smarter over time. These systems test their initial analysis and even try running certain payloads that are seen traversing the wire.
The point of this whole story? The Good Ol’ Days are fun to talk about and even share a few stories over a cup of Starbucks or a cocktail, but OUR real business needs going forward all hinge on solving the security challenge for a highly connected world. Frank Gens at IDC estimates that by 2018, HALF of ALL of our IT spending on computing and storage will be Public Cloud based. This means all that computing will be at the end of a wire which you have little or no control over, is outside of your comfortable brick and mortar walls and has its own set of security mechanisms.
We will find our footing, and we will collectively reach a consistent definition of what is expected from the new secured world of IT. This is Data Center Transformation in the making. But as we saw in Las Vegas, it will come with a primary desire to think about the new task at hand, and solving for that, rather than building on the structure we have inherited. Time to put on our big-boy pants…