The Cube - VMworld 2012 - Christofer Hoff, Juniper Networks, with John Furrier
he road to security is one that is ever changing, but the path inevitably proceeds up the stack into new and transforming datacenter concepts. In today’s ecosystems, there exists a challenge and opportunity to implement security across a number of access points including the latest emerging technologies in virtual networking, software defined-networking, and beyond. In a sit-down on theCube at VMworld 2012, Christofer Hoff, Chief Security Architect of Juniper Networks, describes the state of security challenges in these environments, and what key elements are in store for security in the future datacenter.
Hoff notes that no big splashy moves in the security space have emerged yet in light of the transition of VMware’s virtualization datacenter play to cloud. Also the Nicira acquisition by VMware is a notably brilliant move and is set to change the underpinnings of virtual networking. The security industry hinges their solution sets on the foundation of networking elements; therefore the ramifications for the security space are grand. The answer according to Hoff, is to approach with a focus on security that is designed to protect the application and information in the first place. This means getting as close to the application information as possible. The introduction of software-defined networking, greater separation of workloads, data and a non-static environment makes for an interesting challenge, and the point of security service insertion becomes a critical focus. Hoff notes that a movement towards tighter, better, more broadly defined access points are required, going beyond API standards. The bolt-on approach to security will prove to be insufficient and fragmented without a shift towards a more integrated security model. A big problem with this is the lack of agreement on how to define and standardize this integration at the API level and across the stack at the points of service insertion. The direction that the Nicira story takes will dictate how the security industry integrates the future changes and will likely be playing by some new rules.
Hoff briefly discusses the developer environment and distinguishes that not all development can be lumped together. The focus and intent of the application in mind are critical to consider, for example, some applications are designed for a specific environment and may require a feature such as network awareness, while another may not have any such elements. The definition of development versus application is critical to understanding this, and requirements ultimately dictate whether they cross over at all. Security integration requires that as an industry, recognizing that fragmentation is a huge disadvantage, and that there is an opportunity to embrace the architecture of software defined networking, benefitting from a unified vision. Security can then be engineered as a rewrite that addresses the way in which security operations and the ecosystem interact. With a more fluid, automated vision for security, the benefits of utilizing this service layer approach can be applied consistently across the virtual layer, cloud environment, SDN, and so on.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
VMworld 2012 | San Francisco. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For VMworld 2012 | San Francisco
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for VMworld 2012 | San Francisco.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
VMworld 2012 | San Francisco. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to VMworld 2012 | San Francisco
Please sign in with LinkedIn to continue to VMworld 2012 | San Francisco. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Christofer Hoff | VMworld 2012
The Cube - VMworld 2012 - Christofer Hoff, Juniper Networks, with John Furrier
he road to security is one that is ever changing, but the path inevitably proceeds up the stack into new and transforming datacenter concepts. In today’s ecosystems, there exists a challenge and opportunity to implement security across a number of access points including the latest emerging technologies in virtual networking, software defined-networking, and beyond. In a sit-down on theCube at VMworld 2012, Christofer Hoff, Chief Security Architect of Juniper Networks, describes the state of security challenges in these environments, and what key elements are in store for security in the future datacenter.
Hoff notes that no big splashy moves in the security space have emerged yet in light of the transition of VMware’s virtualization datacenter play to cloud. Also the Nicira acquisition by VMware is a notably brilliant move and is set to change the underpinnings of virtual networking. The security industry hinges their solution sets on the foundation of networking elements; therefore the ramifications for the security space are grand. The answer according to Hoff, is to approach with a focus on security that is designed to protect the application and information in the first place. This means getting as close to the application information as possible. The introduction of software-defined networking, greater separation of workloads, data and a non-static environment makes for an interesting challenge, and the point of security service insertion becomes a critical focus. Hoff notes that a movement towards tighter, better, more broadly defined access points are required, going beyond API standards. The bolt-on approach to security will prove to be insufficient and fragmented without a shift towards a more integrated security model. A big problem with this is the lack of agreement on how to define and standardize this integration at the API level and across the stack at the points of service insertion. The direction that the Nicira story takes will dictate how the security industry integrates the future changes and will likely be playing by some new rules.
Hoff briefly discusses the developer environment and distinguishes that not all development can be lumped together. The focus and intent of the application in mind are critical to consider, for example, some applications are designed for a specific environment and may require a feature such as network awareness, while another may not have any such elements. The definition of development versus application is critical to understanding this, and requirements ultimately dictate whether they cross over at all. Security integration requires that as an industry, recognizing that fragmentation is a huge disadvantage, and that there is an opportunity to embrace the architecture of software defined networking, benefitting from a unified vision. Security can then be engineered as a rewrite that addresses the way in which security operations and the ecosystem interact. With a more fluid, automated vision for security, the benefits of utilizing this service layer approach can be applied consistently across the virtual layer, cloud environment, SDN, and so on.
