Security in

Datacenter
Transformation
Potential Hurdles and How to Overcome Them

C O M M I S S I O N E D BY

MARCH 2020
© C O P Y R I G H T 2 0 2 0 4 5 1 R E S E A R C H . A L L R I G H T S R E S E R V E D.
 About this paper
A Pathfinder paper navigates decision-makers through the issues
surrounding a specific technology or business case, explores the
business value of adoption, and recommends the range of considerations
and concrete next steps in the decision-making process.

A B O U T T H E AU T H O R

ERIC HANSELMAN
C H I E F A N A LY S T
Eric Hanselman is the Chief Analyst at 451 Research. He has
an extensive, hands-on understanding of a broad range of IT
subject areas, having direct experience in the areas of networks,
virtualization, security and semiconductors. He coordinates
industry analysis across the broad portfolio of 451 Research
disciplines. The convergence of forces across the technology
landscape is creating tectonic shifts in the industry, including
SDN/NFV, hyperconvergence and the Internet of Things (IoT). Eric
helps 451 Research’s clients navigate these turbulent waters and
determine their impacts and how they can best capitalize on them.
Eric is also a member of 451 Research’s Center of Excellence for
Quantum Technologies.

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 2
 Executive Summary
Organizations are rapidly changing their datacenter operations and technologies. Approaches
to securing them have to adapt to ensure that they don’t impede this transformation and
are still able to protect an organization’s most critical assets effectively. In order to maintain
compliance and operational efficiency, security has to scale and adapt at the same pace as the
rest of the digital transformation journey. New application architectures and core technologies,
such as containers and software-defined networks, are straining traditional security techniques.
Embracing new forms of infrastructure is a key part of digitization as enterprises look to cloud
providers for scale outside of their existing footprints to build hybrid environments. Datacenter
networks and the security capabilities that they can wield need to provide the ability to enable
those cloudy extensions in ways that allow organizations to grow efficiently while maintaining
effective security controls. Key architectural decisions can be made today to pave the way for
the future.

Key Findings
• Datacenter technologies are transforming, and security controls have to adapt to remain
effective.
• Scale and scope are the biggest challenges to security in datacenter transformation.
• Application architectures are changing, and isolation needs to address identity and east-west
traffic with the granularity that micro-segmentation can provide.
• Core technology shifts driven by containers and software-defined networks are straining
traditional security approaches.
• Integration with cloud providers is happening and at increasingly accelerated rates.
• Hybrid is the new reality, and security capabilities have to span from datacenter to cloud
seamlessly.
• Security automation is a force multiplier for security teams.
• Extending consistent controls across new environments can help teams scale up.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 3
 Introduction
Enterprise datacenters are seeing a set of technology transitions that threaten to get ahead
of traditional security approaches’ ability to protect them. The scale and pace of change can
challenge a security team’s abilities, and new technologies require a set of protections and
controls that may not even exist in many environments. While there have always been hurdles
for infosec teams, the nature of this current wave makes it imperative that investments are made
now to address the longer-term impacts of this new technology tide. With intelligent approaches,
security organizations can address the current flood and put capabilities in place to be ready for
the future.

One of the first pressures most organizations face is scale and the associated pressures that
increasing rates of change present. As virtualization started to seep into datacenter infrastructure,
few enterprises incorporated significant changes in security operations. At smaller volumes of
activity, traditional methods and practices could still cope. More complete virtualization has led
application and development teams to expect security activities to keep up with the provisioning
speed of the virtual realm. Newer technologies, like containers, and the incursion of public cloud
services are ramping up the rate of activity and setting expectations ever higher.

The most recent 451 Research Voice of the Enterprise (VotE) study on workload-related concerns
continues to list security issues as the dominating force for IT teams. While that’s not new,
security teams face greater challenges in addressing those concerns.

Figure 1: Most important workload-related challenges

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019
Q. Which of the following represent the most important workload-related IT challenges your organization faces at the moment?
Base: All respondents (n=921)

Data protection and security 60%

Governance and compliance 37%

Migrating workloads to new IT environments 31%

Incorporating new workloads into the IT environment 25%

Ongoing capacity planning 23%

Cost tracking/management 23%

Lack of workload-specific staff/expertise 23%

Maintaining visibility across different IT environments 21%

Other 3%

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 4
 Scaling to New Methods
Virtualization is addressing workload provisioning and network changes as well. That often
leaves security configuration change rates as the limiting factor of the speed with which new
workloads can be put into production. To let datacenter changes happen at the pace necessary
for enterprises to be competitive, security teams have to leverage automation and integration
of security controls with infrastructure systems. These systems typically have integration
points where changes in the environment, new virtual machines (VMs) being provisioned or
existing ones moved, can be fed to security management systems. At the very least, these event
streams can alert security teams to changes, but the full benefit of integration is being able to
automatically apply or adjust controls to securely manage change. An effective implementation
can greatly reduce the effort required for security operations to overcome this hurdle.

Virtualization is also putting resource control into the hands of teams with different skills than
in legacy environments. When network configurations were performed in an entirely different
domain than compute or storage, dedicated networking teams were the ones doing the work.
They typically had specific domain knowledge about security practices. With virtualized
deployments, more teams can build environments that include networking through software-
defined networking functionality but may not be fielded with secure configurations. Leveraging
automation can ensure that when new network segments are built, the appropriate controls are
wrapped around them and that the teams with the skills needed to secure them have approved
their design. Organizations can leverage automation and the richer context that virtualization
provides to implement the more granular controls of micro-segmentation. This helps ensure that
improved workload segmentation becomes a more automated process and not a scaling burden.
Templates and access policies can relieve security teams of the need to review every single
change and still manage compliance.

And these improvements are a necessary step to deal with the greater levels of dynamism
that containerization is bringing to datacenters. Container-based infrastructure comes with an
expectation that instances will be created with much greater velocity and have much shorter
lifetimes than VM-based environments. That makes security automation and orchestration
mandatory. The investments that enterprises make will help them to stay on top of the levels of
activity required. In a recent 451 Research VotE study on DevOps practices, more than half of the
respondents had containers deployed at some level in their organizations. More than a third were
using the Kubernetes orchestration framework as part of their management toolkit.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 5
Figure 2: Adoption status for containers and Kubernetes
Source: 451 Research’s Voice of the Enterprise: DevOps, Q4 2019
Q: Which is the primary environment? Q: Which environment(s) does your organization use for your DevOps implementation?
Base: All respondents

25%
Full adoption across 100% of IT organization
11%
35%
Some adoption at team level, but not by all applicable IT teams
25%
16%
In discovery/proof of concept
21%
11%
Plan to trial in next 12 months
14%
7%
Plan to trial in next 24 months
9%
4% Containers
Considering but no current plan to implement (n=464)
10%
Kubernetes
Not in use/not in plan
2% (n=447)
10%

For enterprises to effectively operate at the fast pace that containerized infrastructure
allows, security controls have to become standardized, repeatable and automated. For many
organizations, this will require new levels of coordination across teams. That coordination needs
extended visibility across the datacenter, allowing collaborating teams to both be aware of
organization-wide activity and to align activities with repeatable operational templates. To run
at scale successfully, enterprises have to eliminate special cases and one-off configurations.
Datacenter-wide visibility can make this easier to achieve.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 6
 Responding to New Architectures
Alongside these new infrastructure technologies is a change in application architectures. The
traditional three-tiered application stack has been splitting and morphing into a much more
complicated situation. The linear flow of the past, where data sources fed application tiers that
supplied web or UI tiers is becoming a complicated matrix of paths that require more complex
controls and more intelligent and granular isolation. Data sources are now being queried by many
different application components, making firewall configurations more complex and dynamic.
Applications are often integrated with CRM or marketing systems that feed user context. The
‘east-west’ flows of intra-application traffic can dwarf the volumes that eventually reach users,
and the complexity of interconnection can strain legacy configuration techniques. The need for
micro-segmentation is being driven by the dissolution of the traditional protections that tiering
offered. That means that controls have to integrate new context to be effective.

It’s now more critical to be able to identify traffic by application type and integrate identity
into access controls in order to effectively segment datacenter networks and provide the
per-workload protection that micro-segmentation requires. Configurations have to support
abstractions for traffic types and groupings and templates for servers and data sources if
administrators are going to be able to keep up with these levels of complexity and scale. As
with new technologies, automation becomes a requirement, and there is also much greater
benefit in configuration tools that can provide organization-wide views. To operate at high
scale, enterprises have to leverage consistent and repeatable configuration templates for their
infrastructure. They can ensure that new environments are built consistently with existing ones.
Effective systems can also identify variations in configurations and catch configuration drift
before it results in exploitable holes in network protections.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 7
 Cloud Protections
Most enterprises are using some level of off-premises cloud-based services today. Whether
SaaS-based customer management or full-blown public cloud infrastructure, this is having a
significant effect on security protections in the datacenter. Cloud-based services can provide
many benefits for enterprises when used effectively and connected securely. They provide scale
and cost management at levels that can be difficult to achieve in traditional models. The trick to
achieving those advantages is managing cloud resources effectively. A 451 Research VotE Digital
Pulse study reiterated broad enterprise enthusiasm for moving to cloud, reporting an expectation
that workloads will move from a strong on-premises majority today to parity with off-premises
in two years. Enterprises have to anticipate ways to extend the same protections that exist in
datacenters today to cloud and beyond in order to be ready for this growth.

Figure 3: Primary workload deployment venue, 2019 and 2021

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects
Q: Thinking about all of your organization’s workloads/applications, where are the majority of these currently deployed? Where will the
majority of these be deployed two years from now?
Base: All respondents

SaaS 13%
21% Public Cloud
IaaS/PaaS 9% Key venue for 22%
of organizations,
12% expanding to 39%
Third-party colocation 19%

Hosted private cloud 9%

11%
On-premises private cloud 18%
15% Private Cloud
Primary workload
venue for 27% of
19% organizations,
growing to 34%
On-premises 'traditional' IT 39%

16%

2019 2021
(n=885) (n=849)

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 8
 Once again, the key to clearing the hybrid complexity hurdle is efficient and effective
management as enterprises extend to cloud to reduce the amount of effort for security teams
to manage an expanding infrastructure footprint. The pressures and difficulties are similar to
those in embracing new infrastructure technologies. Cloudy environments present new security
models with different types of controls. These can create complexity because security teams
have to successfully translate policies and practices to these new forms. On the plus side, some
cloud infrastructure can provide more detailed and comprehensive operational information than
legacy systems. This telemetry can enhance security observability if security teams can integrate
it into their operational systems.

The challenges to integration are the new forms this information takes and the volume at which
it’s generated. To put this information to work requires not only automation but also analytics
that can aid security teams in making sense of this data. In most cases, the data arrives with rich
context, but security teams struggle with manual correlation tasks because of its large volume.
Analytics that can correlate across datacenter and cloud can ensure operational consistency and
reduce complexity.

A second aspect of ensuring security with cloudy environments is managing the extension of
on-premises controls and policies into off-premises deployments. The future of enterprise
infrastructure is being established as a hybrid one, where infrastructure will be built with a range
of resources. While mapping of differing configuration capabilities is possible, doing it manually
creates a significant amount of work, especially because there is an ongoing maintenance
requirement as providers change and expand their offerings. Where possible, security teams
should look to security management systems that will allow them to automatically map controls
and policies across their complete environment. It’s far better to extend existing controls out to
new cloud environments because most enterprises will wind up using multiple cloud providers.
Trying to adapt cloud capabilities back into on-premises policies will cause significant reworking
as each new provider is brought on board. Enterprises need to expect and plan for capabilities
that will reduce the amount of work required to bring new providers on board and make hybrid
environments secure with a reasonable amount of effort.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 9
 Dealing with Staffing and Skills
Staffing and skills shortages in information security have become a chronic problem for
enterprises, and it’s one that they shouldn’t expect will change in the immediate future. It’s a
problem that echoes the requirements for increased effectiveness that new technologies and
the progress to hybrid environments have already expressed. Only a third of VotE respondents
indicated that they felt that they had sufficient infosec staffing levels.

Figure 4: Information security personnel staffing level

Source: 451 Research’s Voice of the Enterprise: Information Security, Organizational Dynamics 2019
Q: How would you describe the number of information security personnel at your organization?
Base: All respondents (n=477)

1%

33% Not enough information security personnel

Right number of information security personnel

Too many information security personnel

66%

Automation can be a force multiplier for teams. The ability to automate repetitive tasks has
the benefit of not only reducing toil, but also reducing errors and standardizing operations.
Enterprises need to focus on the types of automation that they deploy and their applicability.
Automation must also focus on integrating context in ways that would be difficult to scale
in traditional approaches. The amount of work that would be required for a task like micro-
segmenting the individual workloads in an application, for example, would be prohibitively costly
if done using traditional techniques, and normalizing those rules across a hybrid deployment
would be even more challenging. In expecting a more hybrid environment, these investments
have to be able to extend beyond the datacenter.

A recent 451 Research VotE study on information security identified an evolution in the nature
of the skills gaps that points out these echoes from new technologies. While there is increased
interest in utilizing cloud-based infrastructure, security expertise in cloud platforms is now
reported as the leading skills gap by a considerable margin.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 10
Figure 5: Skill sets inadequately addressed at organization today
Source: 451 Research’s Voice of the Enterprise: Information Security, Organizational Dynamics 2019
Q: Which skill sets are inadequately addressed at your organization today? Please select all that apply.
Base: All respondents (n=462)

Cloud platform expertise 48%

Application security/coding 39%
Machine or deep learning 37%
Digital forensics/incident response 37%
DevOps 35%
IoT security 35%
Penetration testing 33%

Security architecture 29%

Security operations 29%

Identity/access management 25%

Regulatory compliance/audit 23%

Encryption 19%

Network security 16%

None are inadequately addressed 8%

Other 2%

Anecdotal evidence points to that skills gap existing for both on- and off-premises cloud
platforms. This is fundamentally a lack of experience in current automation and orchestration
technologies. That makes it doubly important for enterprises to invest in technologies that make
the task of automating simpler and that include integration that can ease hybrid complexity. It
means that the best choices will be ones that reduce the amount of work required to establish
visibility from on-premises to off-premises and can establish security policies with sufficient
abstraction to make defining consistent policies across this wider landscape possible.

One of the most powerful changes that security teams can undertake is making sure that the
work that is being done is as effective as possible. Considerable work is wasted in dealing with
the high volume of alerts that are generated in most security environments. Being able to focus
teams on the events that have the greatest impact can make them much more efficient. This
is another area where an investment in analytics can pay dividends. The challenge in applying
analytics is building the results into existing workflows to ensure that teams can leverage its
power without retraining or extensive new learning. Extending existing systems to embrace this
wider world will prevent the common problem of creating pools of separate analytics for on- and
off-premises environments.

The ultimate goal for enterprises should be the ability to bind the power of analytics with
automation. This will allow security staff to maximize their efforts and drive to greater
productivity. It will also allow them to operate at the scale that the modern enterprise needs to
innovate and be competitive.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 11
 Conclusions
Enterprise security teams need to invest today to prepare themselves to address the rate of
change in today’s datacenter environments and to be ready for the next wave of technology
transformation that has just begun to roll in. Those that aren’t prepared will jeopardize
competitiveness, could limit innovation and will start to lose out to cloud-first approaches that
are able to move and scale faster. By investing in automation and orchestration capabilities
for security operations, security teams can improve their change speed and improve reliability.
These capabilities will prepare them to clear whatever hurdles they encounter in their
transformation journey.

Learn how Palo Alto Networks prevention-focused architecture reduces complexity

and delivers robust protection for your data and application workloads everywhere.
To learn more, visit https://www.paloaltonetworks.com/network-security/data-center.

PAT H F I N D E R | S E C U R I T Y I N D ATA C E N T E R T R A N S F O R M AT I O N

C O M M I S S I O N E D B Y PA LO A LTO N E T W O R K S 12
About 451 Research
451 Research is a leading information technology research and advisory com-
pany focusing on technology innovation and market disruption. More than 100
analysts and consultants provide essential insight to more than 1,000 client
organizations globally through a combination of syndicated research and data,
advisory and go-to-market services, and live events. Founded in 2000, 451
Research is a part of S&P Global Market Intelligence.
© 2020 451 Research, LLC and/or its Affiliates. All Rights Reserved. Reproduction and dis-
tribution of this publication, in whole or in part, in any form without prior written permission
is forbidden. The terms of use regarding distribution, both internally and externally, shall
be governed by the terms laid out in your Service Agreement with 451 Research and/or its
Affiliates. The information contained herein has been obtained from sources believed to be
reliable. 451 Research disclaims all warranties as to the accuracy, completeness or ade-
quacy of such information. Although 451 Research may discuss legal issues related to the
information technology business, 451 Research does not provide legal advice or services
and their research should not be construed or used as such.
451 Research shall have no liability for errors, omissions or inadequacies in the information
contained herein or for interpretations thereof. The reader assumes sole responsibility for
the selection of these materials to achieve its intended results. The opinions expressed
herein are subject to change without notice.

N E W YO R K
55 Water Street
New York, NY 10041
+1 212 505 3030

SAN FRANCISCO
One California Street,
31st Floor
San Francisco, CA 94111
+1 212 505 3030

LO N D O N
20 Canada Square
Canary Wharf
London E14 5LH, UK
+44 (0) 203 929 5700

B O S TO N
75-101 Federal Street
Boston, MA 02110
+1 617 598 7200