0
Aerial photograph of the Tobolsk Kremlin by Russian President Dimitry Medvedev, released under Creative Commons 4.0.
There is a fortress atop a hill overseeing two rivers: One natural, the other a man-made canal. The first building made there was wooden, but by 1683, the Cossacks who had conquered Siberia has grown tired of soft perimeters. They sent for Russians from the south to begin the tradition of building impenetrable stone structures from the finest masonry. They never stopped building it, for centuries. The fortress of Tobolsk — prized by Peter the Great and revered for its stark and simple beauty — became the center of its own self-sustaining security industry, around which the town and later all of Siberia would revolve. The word for the style of spiral stone structure that marks the center of the fortress is kremlin.
Anyone standing inside this kremlin’s walls in 1982 would have witnessed one of history’s greatest natural gas explosions just a few miles away. Its catalyst, wrote former US Air Force Secretary Thomas C. Reed in 2004’s At the Abyss: An Insider’s History of the Cold War, was a Trojan horse program planted by American agents in code they knew would be stolen by Soviet agents.
Though Reed’s account remains disputed by folks who like certain things to be red, but not their own faces, US officials have long feared the retribution of some red-starred ghost.
In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report [PDF]. Rather than wait for a vengeful ex-KGB hacker agent to ignite an American pipeline until it could be seen from space, the report issued recommendations for preventing an incursion that had yet never happened, from ever happening again.
Recommendation No. 1 was this: Know your perimeter.
“What is the boundary of your network perimeter?” the report reads. “Is it simply the border gateway that separates your control system from other external networks? Is it at the firewall? What about a modem that connects directly to the SCADA [Security Control and Data Acquisition] system or the field technician’s laptop that gets connected to both the control network and untrusted networks (e.g., at home, hotel, or airport)?”
Once you mapped your network’s access points, the report explained, you could essentially connect the dots to reveal your perimeter. From there, it advised that this perimeter must be defended, tested, and hardened.
It was the correct recommendation for defending a gas pipeline’s SCADA system, circa 1982. But its principal presumptions — that everything such a system should protect is on the inside, and everything that would threaten it were on the outside — had already been rendered obsolete.
“The perimeter model is dead,” pronounced Bruce Schneier, author of The New York Times’ best seller Data and Goliath, and the CTO of IBM Resilient. “But there are personal perimeters. It doesn’t mean there exists no perimeters. It just means it’s not your underlying metaphor any more. So I wouldn’t say to anyone running a corporate network, ‘There are no perimeters, zero.'”
In this second leg of our journey for ZDNet in search of security for the modern, distributed data center, we consider this most bizarre of possibilities: A security perimeter may be established around the people who use systems, with a more immediate effect than building more walls around the “kremlins,” if you will, of those systems themselves.
As Cyxtera’s Randy Rowland told us, his firm’s implementation of SDP would be governed by a controller that serves as the main arbiter and enforcer of the policies with which networks are created. (Not all SDP models refer to such a component.) Each client’s view of the network is substantiated by a set of policies enforced at each client’s gateway G. Cyxtera’s name for these policies is live entitlements.
“It’s not a static thing; it’s something that is active and living,” described Rowland. “Once entitlement has gone through its approved policy and has been handed down from the controller, the client takes that entitlement and the gateway creates a micro-firewall instance, where the only rule set in that micro-firewall is that entitlement. That’s how we get cloud scale. Instead of having these huge, monolithic, perimeter-based firewall devices, if I can break it into tokens or into entitlements that I can distribute across multiple gateways, now we can scale as large as the cloud itself, and still give that micro-firewall, and the entitlement that’s required to access a system, complete autonomy.”
It’s an explanation that seems to adopt some of the motif, if not the meaning, of the microservices model to which Adrian Cockcroft introduced us at Waypoint #1. There, services can be scaled up or down because they’ve been decoupled from the underlying body of code, and from the infrastructure. The ideal of autonomy meshes well with the idea that a service orchestrator should not be a micro-manager. And there’s a hint of elegance in the notion that a policy component should serve as the fundamental building block for a virtual network in itself. This bodes well for any hope we may have that something inspired by the old security model of the data center can be applied to the new operations model.
Bang, bang: Maslow’s silver hammer
“I think it’s Maslow’s Hammer,” declared Chet Wisniewski, principal research scientist with IT security provider Sophos. “When all you have is a hammer, everything looks like a nail. All I have is a network; I have to create a perimeter so I can control the network for security reasons, because I can’t do it any other way.”
One could easily come to the conclusion that anything so frequently and vociferously declared dead for so long by so many cannot possibly be dead. In Wisniewski’s world, security engineers, researchers, and advocates continue to describe the threats to networks as encroaching upon the perimeter — usually before joining the chorus singing a requiem for the perimeter.
“The perimeter is dead. Don’t create new perimeters, don’t create ten thousand perimeters,” he warned us. “There hasn’t been a perimeter already for ten years, which is why everybody’s breached every other day — because they still think there’s a perimeter. I don’t think we’ll ever have a perimeter again, because it’s impractical and it’s not really the right way to solve the problem.”
Cyxtera’s Randy Rowland cautioned that SDP should not be confused with a “soft perimeter.”
Elsewhere:
We need to turn our security model inside out by Lori MacVittie, F5 NetworksRSA 2016: There Is No Cloud Security Stack Yet by Scott M. Fulton, III, The New StackThe Cloud is Evolving Faster than Cloud Security by Scott M. Fulton, III, CMSWire
The race to the edge:
Have hyperscale, will travel: How the next data center revolution starts in a toolshed
The race to the edge, part 1: Where we discover the form factor for a portable, potentially hyperscale data center, small enough to fit in the service shed beside a cell phone tower, multiplied by tens of thousands.
A data center with wings? The cloud isn’t dead because the edge is portable
The race to the edge, part 2: Where we come across drones that swarm around tanker trucks like bees, and discover why they need their own content delivery network.
Edge, core, and cloud: Where all the workloads go
The race to the edge, part 4: Where we are introduced to chunks of data centers bolted onto the walls of control sheds at a wind farm, and we study the problem of how all those turbines are collected into one cloud.
It’s a race to the edge, and the end of cloud computing as we know it
Our whirlwind tour of the emerging edge in data centers makes this much clear: As distributed computing evolves, there’s less and less for us to comfortably ignore.
Related Topics:
Security
Hardware
Servers
Networking
Storage
Cloud
0