Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Is Software-Defined Security “SDSec” Just Another Layer of Tinfoil?

Tin_foil_hat_2.jpgTinfoil hats were first introduced in the 1927 fiction short story, “The Tissue-Culture King.” The story describes how hats of metal foil could be used to block the effects of telepathy.  The goal of the tinfoil hat was to block information transmission without physical interaction.  Similarly, today’s threat vectors no longer need physical interaction as they can be and are increasingly virtual. So with that said, can’t we all just put hats of foil on and be done with it?

 

Well not really. Although SDSec can and will grow to be an effective approach to virtualized and automated security, it cannot operate as an island.  In order for SDSec to be effective, it must be part of a holistic protective ecosystem.  The ecosystem requires people, policies/procedures, processes, products and proof.  At HP, we call this, the P5 Model.  By following this model, one can ensure that all aspects of security within the Software-defined Data Center (SDDC) are open and programmatically accessible. A tinfoil hat (solely) will just not do.

 

I see SDSec occurring in two waves. The first wave will be the automation of the basic blocking and tackling security tasks (e.g., next-generation Firewalls, IPS’, SIEM, etc.). This automation will be closed loop and eliminate as much human interaction as possible.  Subsequently, IT security staff will be available to perform high-value security analytics and activities. Wave two, will incorporate business logic to drive security behavior as well as advanced threat forecasting to drive predictive models of protection toward unknown attacks. The automation of security tasks will remove the need to orientate our security organizations toward protecting against known threats. After all, if we know it is coming, shouldn’t we put into place automated measures to thwart the threat?

 

Therefore, my point is, SDSec’s time has come. It will not come over night and it will not be a singular solution solving all security woes. It will however, advance your security program to a level of functionality and effectiveness far superior to the classic tinfoil hat approach.   

 

I would love to hear how many layers of tinfoil your data center has protecting it, so either drop me a line or just telepathically let me know.  

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/b...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.