Cloud computing and mobile devices have revolutionized our personal and professional lives. These innovations have unlocked a new age of elasticity and mobility. Along with this digital revolution, an unexpected transformation is taking place at the heart of server workloads and mobile devices.
We are witnessing the decline of the general purpose operating system.
The once static datacenter has transformed into a highly agile virtual datacenter, and is once again transforming thanks to cloud computing. First generation migrations to cloud, using IaaS, are facing tough competition from PaaS frameworks designed to take advantage of the rapid elasticity and scalability the cloud model provides.
A similar change is taking place with client devices. The once ubiquitous laptop is being supplanted by highly specialized and proprietary devices like Smart phones, iPads and Netbooks running Google’s Chrome OS. As these devices become more capable, the need for a general purpose Operating Systems like Windows or Mac OSX fades.
While the agility and financial benefits of this metamorphosis can’t be denied, this transformation is not without cost. As we move away from the open general purpose operating system, we lose the ability to deploy host-based controls. The lack of host-based control brings a lack of control and visibility.
The more diversified our IT infrastructure becomes, the more information security is left in the dark.
We are seeing this today, with many organizations grappling with how to secure and monitor all of the places where their data now lives. Breaches through lost laptops of the past have turned into hijacked cloud SaaS and PaaS resources of the future.
These fundamental changes are creating new challenges, but they are also creating new opportunities. As security emerges from the cocoon of the past, a new generation of cloud-focused solutions will unify the diverse mixture of assets, restoring the control we once had and embracing the agility of the new model.
Metamorphosis is an opportunity to change behavior. We can take this opportunity to rethink how and where we secure data.
The changes to the delivery model have made some security aspects easier. For example, one of the advantages of PaaS is the reduced OS footprint needed to support the singular purpose of each instance. Just-enough-OS running below the platform services have a significantly reduced attack surface and require less maintenance. New applications can by patched by simply re-deploying them from an updated template.
In some cases, the new delivery models require new means of employing security. PaaS, for instance requires special consideration when deploying applications directly exposed to the internet. Without host-based controls, PaaS-built applications must rely on filtered network traffic, embedded security modules or other means to augment the applications’ resiliency.
As the workloads become more diverse, identity and encryption take on a new importance. With the always-on connectivity we move away from mobile devices having large amounts of data, but it becomes even more critical that we authorize and encrypt data changing hands. Data moving between different cloud resources also needs special care as we enter a future of multi-provider, geographically diverse IT-as-a-Service.
With all of this change, we have to remember that effective security management requires unified visibility and control across the spectrum of traditional assets, mobile devices and cloud computing resources. The next generation of security solutions need to bridge this gap and let our data safely take flight.