With the virtualization economy on the rise, numerous application workloads and virtual network functions (VNF) are leveraging virtualized infrastructure to reap benefits of the on-demand infrastructure to increase the pace of innovation and reduce cost. Security of virtualized workloads and virtual infrastructure, however, needs to be considered as a key constituent of the overall cloud defense-in-depth strategy.
To ensure that the workload and virtual infrastructure security is constantly tuned and updated to address the ever-evolving cybersecurity threats, it is important that the security policies are applied to application and network function workloads. It is critical that the virtual infrastructure is up-to-date with the business process rules as well as with the actionable insights generated by the threat monitoring platforms. Orchestration engines have emerged as a critical entity that help manage afore-mentioned security policies across virtual infrastructure platform and workloads related to application, analytics, big data and network function. In addition to policy orchestration, the orchestration engines should have to have following functionalities:
- Orchestrate infrastructure security capabilities related to VM attestation/measurement, hypervisor inspection
- Network security feature orchestration – Network micro-segmentation handle through host based lightweight firewall agents in workloads/VMs, NAT/firewall dynamic configuration, dynamically introducing security functions as part of service chaining based on traffic anomaly detection
- Application workload security – Identity and trust federation, platform attestation
- Manage crypto keys and PKI certificates used in workloads for managing data at rest as well as data in flight, manage privacy and trust of the data stored in data lake, manage multiple root trust (TPM/HSM/cloud key vault based)
- Security orchestration engine should be able to provide industry domain (e.g., telco CORD, industrial and consumer IoT and digital business) specific orchestration templates which can be used to build deployment specific customizations as well as to integrate with DevOps.
- Work seamlessly with cloud specific security orchestration engines to enable multi-cloud environment e.g., work with moon orchestration engine available as part of OPNFV
Using its cloud orchestration and VNF manager software framework and solutions, Aricent is building a security orchestration software framework to address industry domain specific needs and hybrid cloud orchestration needs. What would be your wish list of functionalities that need to be included in Aricent security orchestration engine framework?