What will happen with network technology trends for 2012? SearchNetworking.com sat down with five leading industry analysts to learn what they are predicting for the new year. In this installment about trends in network security, Greg Young, research vice president with Gartner, gives us his take.
Network security technology trends for 2012: Secure virtualization
In 2012, enterprises will get serious about securing
“To date there have been a lot of attempts to virtualize security, but the real practice should be that you are securing virtualization,” he said.
Security controls that are external to virtual servers will become more important as enterprises deploy a mix of different hypervisor vendors in their data centers, Young said. Installing security software inside VMware hosts is one thing, but when you have a mix of VMware and XenServer in your environment, virtualized security becomes more complex.
“Being able to wrap that [infrastructure] as a sandbox is really powerful, because then you allow the benefits of virtualization to take off without security being a wet blanket holding it down. So if you can contain it and secure it at the same time, that’s the goal,” Young said.
Network security technology trends for 2012: Data center network fabrics
New and emerging data center network fabrics like Juniper Networks’ QFabric and Brocade’s Virtual Cluster Switching (VCS), have created a new security problem, Young said. These networks with large Layer 2 domains that enable low-latency, any-to-any server connectivity will turn the traditional data center network security model on its head.
“There are really some dangerous things going on in data centers right now, and we’re ready for a revolution in data center network security,” Young said. “Everybody talking to everybody is really great from a flexibility model like virtualization. It’s very powerful for the business, but that’s a great threat model, too.”
Young hasn’t seen a good security model from vendors marketing data center fabric technology, he said, but that could change in 2012. He expects the industry to offer enterprises a way to enforce security zones in these new data center networks, ensuring that if resources require separation that they continue to be separated from each other in the new network.