Cisco Cisco ASA 5525-X Adaptive Security Appliance 백서
- 1 -
©Nemertes Research 2008
I
SSUE
P
APER
New Suit of Armor: Securing the
New Data Center
John Burke, Principal Research Analyst
Executive Summary
In the dispersing enterprise, the spread of service-oriented architectures, rich
internet applications, and virtualization dictate that data center security
reshape itself. To secure a dynamic infrastructure with fluid boundaries,
reshape itself. To secure a dynamic infrastructure with fluid boundaries,
security needs to become dynamic and virtualized. To enable access rights
tailored to specific relationships with staff, customers, partners, and suppliers,
it must be identity-centered. To protect transactions using standardized, upper-
tailored to specific relationships with staff, customers, partners, and suppliers,
it must be identity-centered. To protect transactions using standardized, upper-
level formats such as SIP and XML, security needs to become content-sensitive.
The Issue: Moving Targets
Major tectonic shifts in the way enterprises work with and provision their
core applications are forcing changes in the way the enterprise has to think about
securing them.
One shift is the continuing opening of the enterprise, with the gradual
federation and interpenetration of IT systems between an enterprise and its
partners, customers, and suppliers. The figurative walls of the data center are
being filled with doors, windows, and access ducts, and now serve more as a
partners, customers, and suppliers. The figurative walls of the data center are
being filled with doors, windows, and access ducts, and now serve more as a
framework for structuring the flow of information than as a barrier to it.
Another shift is the rise of service-oriented architectures (SOAs).
Enterprises are looking to SOA to provide an integration method for their
applications, a development methodology and framework, and an overall
architecture and philosophy for deploying new functionality. As enterprise
applications gain services interfaces, and sometimes are actually atomized and
turned into constellations of loosely-coupled services, each service creates on the
network a new set of access points; perhaps tens or hundreds of times as many as
applications, a development methodology and framework, and an overall
architecture and philosophy for deploying new functionality. As enterprise
applications gain services interfaces, and sometimes are actually atomized and
turned into constellations of loosely-coupled services, each service creates on the
network a new set of access points; perhaps tens or hundreds of times as many as