How the Server Revolution is Transforming Traditional Security

By Mitch Bishop, Chief Marketing Officer, CloudPassage

Technology moves fast. In the case of server technology, it has actually moved faster than we could name it. We’ve moved from physical servers to virtual servers to… well, a new kind of server—that sometimes isn’t a server. These latest-generation servers are at the center of a revolution that’s changing the fundamentals within companies everywhere. Securing these servers requires a new approach.

Servers are no longer empty vessels into which we pour our applications: servers are the applications. The key driver is now speed. Virtualized infrastructure and the orchestration tools that come with it are driving unprecedented speed and agility for businesses. But traditional security methods and tools aren’t currently built for speed. Security has to change or be left behind.

Here are seven best practices that security teams need to adopt to move faster while protecting today’s servers:

  1. Take advantage of server cloning. Agent-based security solutions are ideal for cloned server environments because they can be added to master images thereby ensuring every cloned server instance is protected regardless of duration or location. This enables continuous development methods like DevOps instead of slowing things down by trying to provision security after deployment. The benefits are near instant visibility and policy enforcement, regardless of scale.
  2. Leverage servers as application building blocks. In today’s server environments, servers are configured as one of a small number of building blocks. The ideal security solution allows for the creation of detailed security policies for each building block type. These policies, when combined with agent-based architecture, will protect every building block server from the time they boot up.
  3. Small footprints matter. With today’s servers, resource utilization is directly related to costs. Heavy security solutions adversely impact VM density in data centers and lead to surcharges in public clouds. This is particularly true in environments that scale on-demand, since security overhead costs are multiplied as infrastructure grows.
  4. Minimize staff overhead. Many Infosec teams have more tools than they have staff to manage them. The ideal security solution for today’s servers should require no maintenance and should be “set and forget.”
  5. Don’t lock yourself in. Most servers still live in data centers, and almost all companies will end up leveraging public cloud infrastructure to help manage costs. Implementing and maintaining separate tools (one for public cloud, one for the data center, etc.) is not only time consuming and costly, but also slows security. Therefore, choose a solution that works seamlessly in any environment.
  6. Limit Server Communications. Server firewalls should be configured to only allow communications as required by the application modules. All other connections should be blocked. This will decrease the attack surface and protect against lateral movement of threats between servers in your data center, which are often missed by network security tools.
  7. Integrate instead of rolling your own. A security platform that supports built-in integrations with popular SIEM (security information and event management) tools, directories, and infrastructure orchestration tools will avoid long hours of custom development work and protects the investments you’ve already made.

Mitch Bishop
Chief Marketing Officer, CloudPassage
Phone: (415) 992-8497

About CloudPassage
CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. The Halo platform is delivered as a service, so it deploys in minutes and scales on-demand. Halo uses minimal system resources; so layered security can be deployed where it counts, right at every workload – servers, instances and containers.


Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.