Security spend is outpacing IT spend. And the only thing that seems to be outpacing security spend is security losses. Martin Casado, VMware’s CTO for networking, says: “It's like we're losing this battle. We can't spend our way out of the battle.”
After focused on networking for ten years, Casado has come back to security, where he worked before attending Stanford University. He held a research position at Lawrence Livermore National Laboratory where he worked on network security in the information operations assurance center. Part of his role as an analyst was actually breaking into things.
“The funny thing is like almost nothing seems to have changed in ten years.”
He insists there's something fundamentally, architecturally wrong and sees an opportunity.
”It was just like with SDN. For SDN you've got computers you can program to do cool stuff, and you've got networks that you can do almost nothing with and operations are getting worse over time. So you've got this trend that if I take the slider bar out to the future, we're going to spend all of our time on the network. That's opportunity for an architectural shift.”
He says we're at the exact same place with security. “If you take the slider bar out to the future, 100% of our money is going to be in security.”
When doing security in the data center, he says, there now is a basic trade-off between context and isolation. “One thing that's missing in the modern data center is a horizontal security layer that provides both context in isolation to do meaningful security.”
His goal is to build that out as a platform. “Then new security services can snap on top of this to do things like next-generation firewalling with deep visibility in the end host, or maybe network access control that actually understands things like objects and people or meaningful policy or vulnerability assessment, where you're actually looking in and saying, there's this vulnerable piece of code, so I'm going to immediately remediate this.”
He says just as changes in computing – mainframe to client server to cloud – and shifts in network architecture come rarely, “we're redefining these new architectures to actually have a horizontal security layer that you can build rich systems on top of.
“We do need something that will change the architecture and the way we view it.”