HCI can Help Improve Agency Security
Running operations through an HCI can improve an agency’s security posture.
Over the past few years, government agencies have changed their security tactics from trying to maintain a hard perimeter to protecting an agency’s critical data. Moving security from the network perimeter and the actual data is something with which a hyperconverged infrastructure (HCI) can help.
The most sophisticated security strategies these days focus on limiting access to applications and data only to approved users. They also ensure that even those with access to sensitive and classified data can’t move that data outside of certain restricted portions of the enterprise network. All that requires security policies and processes agencies can manage centrally through policy directives.
As a software-defined architecture, HCI is ideally suited for this kind of policy-based approach to security. It reduces the complexity involved since all of the compute, storage, and networking resources devoted to any given workload are contained within the HCI. Specific policies can be written for all of these resources and managed from the HCI’s “single pane of glass” interface.
That’s a much more straightforward and effective approach to security. It also removes the risks associated with writing and applying policies generically for an enterprise IT infrastructure. Those can become outdated over time, increasing the chances of inadvertently creating a vulnerability cyberthreats can exploit.
That central resource management is also one of the principal reasons HCI has proven popular with agencies wanting to set up a virtual desktop infrastructure (VDI). It helps security personnel apply security patches to desktop systems without having to upgrade each desktop manually. It also provides for the traditional desktop experience with which users are familiar, while still protecting those systems with HCI’s policy-based security.
HCI also helps with disaster recovery in the case of device failure, at least in the case of multiple HCI nodes applied to a given workload. Since each of these nodes contains all of the compute, network, and storage resources needed to run the workload, data is replicated across all nodes. If any one element in a node goes down making it inoperative, the data is still accessible from other nodes.
Still, security professionals have to be careful with how they manage their top secret, secret and unclassified data. Given the intermingling of data that can happen within an HCI, what was unclassified at one point can become classified as two kinds of data are stored in the same node, creating complications about the certification and accreditation of various HCI systems.
Organizations have to make security policies slightly more flexible. That’s a normal occurrence in infrastructures with a set location of certain data and devices and the physical and logical boundaries are known and defined. With HCI, however, virtual machines and workloads can be automatically spun up in seconds—and just as quickly spun down.
Security has to be able to follow these workloads throughout their lifecycle. That means the security model must be as flexible and responsive as that underlying architecture. If organizations rely on the traditional security tools they have in place to protect HCIs, they will create holes that attackers can exploit. Fortunately, managing the various automated security policies required for handling each workload and its associated data is a straightforward process through HCI’s software-defined architecture.