Ask the Data Center Security Expert with Cisco’s Rajneesh Chopra
Rajneesh Chopra is the Director of Product Management and Marketing at Cisco for the enterprise firewall line of technologies and has more than 10 years of product management leadership experience in the networking and data center arena. He also has a very futuristic outlook and a great passion for solving big customer problems.
Rajneesh sees the confluence of mobility, power efficiency, and standardization as the key drivers for change in the next-generation data center and with implications for the way security will need to be addressed. These changes are particularly significant as they are being driven by end-users versus heavy marketing pushes, which can often artificially induce change. Rajneesh delves into each of these factors and the role they play in the next generation data center.
As personal devices have become ubiquitous, traffic patterns have changed dramatically as well as the nature of user access into the data center. Users increasingly use these devices to perform a myriad of personal and business-related activity and at the same time applications increasingly interact with other applications to serve up a range of preferences. The result: a lot more east-west traffic versus north-south traffic, which is the type of traffic that was traditionally seen in the data center. Consider how the experience of purchasing airline tickets has changed. You can now make or change that reservation from your personal device and may no longer need to print your ticket and instead leverage an electronic version of your boarding pass on your device. Also, when you purchase your ticket you may also have options to purchase a bevy of other related travel items, such as food, hotel rooms, car hire, and entertainment.
The increase in east-west traffic requires that security is capable of handling high volumes of traffic, not just at the edge but also within the data center. This is why Cisco has designed its firewall and intrusion prevention portfolio to handle a greater number of connections, and at superior speeds, but also to be able to scan or take action on traffic depending on context and the connection type. For example, traffic that might be connected to a source that is deemed to be a high risk might be routed through an IPS appliance; whereas connections within the data center that are deemed safe might not.
Power efficiency initiatives are driving great change in the data center. It’s more than ensuring that energy is not wasted. It’s also about keeping up with the need for greater connectivity as demonstrated in recent Amazon and Netflix outages that occurred over the Christmas period at the height of consumer demand. We’ve seen how virtualization has greatly increased server utilization, and the latest initiatives around software defined networking also hold great promise to offer greater efficiency to keep up with connectivity demands.
In the past, security functions were more siloed and required multiple separate appliances. Most vendors have worked to consolidate functions to enable a more efficient approach that, in turn, uses less power. The recent advances in the Cisco ASASoftware Release version 9 allow for higher performance density, less power consumption, and less rackspace.
In the past, critical systems were built to be fault tolerant and to avoid failure. With so much more traffic, interactivity, and increased access, the emphasis should be on building applications to be resilient and enabling them to inform every aspect from bare metal through to the front-end web interface. Infrastructure should be designed with increased standardization for new levels of efficiency and to recover more easily from failure, which organizations should plan for. To achieve greater standardization, organizations need to consider an end-to-end architecture rather than seeing switching, computing, services, and security as separate silos. Security built into the underlying fabric, for example security intelligence that is communicated through routers and switches, enables security decisions to be taken closer to the data source for greater levels of efficiency.
For further context or any questions, please feel free to contact Rajneesh Chopra or post a comment to this blog.