Software-Defined Data Centers Require Software-Defined Security

By on Nov 07, 2016

This blog was written by Candace Worley, McAfee’s former Vice President and Chief Technical Strategist.

If you are like most organizations, the majority of your apps have been virtualized but are still running in your own data center[1]. IT has been busy renovating the data center to take advantage of the increased agility and reduced operating costs of a private cloud. You may have virtualized data-center network and storage as well, adding automation and orchestration, resulting in a software-defined data center (SDDC) that can reduce costs up to 75% and decrease deployment times from weeks to minutes.[2]


Unfortunately, many CISOs and IT decision makers are still unsure about the security of a private cloud. Half of IT decision makers are concerned about a sensitive data breach in their private cloud, and 63% of CISOs don’t fully trust their own cloud, according to a recent research study.[3]

Along with the benefits, private clouds do bring some new risks. For example, there tends to be a big increase in traffic between virtual services, which is not inspected or secured by traditional security systems. To increase the confidence of CISOs and business leaders, your cloud data center needs a security strategy and architecture that are designed in and built in, not bolted on. Visibility and protection need to extend wherever the processes and data are. This should include heterogeneous cloud environments, both private and hybrid, to support future needs.

Integrated security solutions are essential to securing this new cloud architecture in order to effectively and efficiently support security operations. Intrusion-prevention and anti-malware systems, optimized for virtual environments, need to share threat intelligence to combat emerging threats. Policies need to be applied to applications and servers as soon as they are provisioned.

The best match for an SDDC is software-defined security, matching the agility of server, storage, and network virtualization with dynamic security provisioning and policy management.


Using security controllers that are designed for virtual environments, you get the same cost efficiencies and flexibility for security operations. Policies and protections are tied to each virtual machine (VM), and will remain with that VM throughout its life, regardless of where it moves. Security processes can scale up and down as needed, matching demand. Automation is a fundamental component of software-defined security, keeping up with the rapid moves and changes of virtual processes and reducing the risk inherent in manual processes.

A software-defined security model augments your resources, including the security operations team. Virtualization optimizes resource use and brings scale, agility, and cost savings to security, while enhancing protection. Security becomes easier to provision, deploy, and manage, building on automation to link policies and processes from the moment they spawn or move. Visibility expands throughout the clouds, enabling centralized discovery, management, and security of all workloads, applications, and data, including shadow IT.

Private clouds are a critical turning point as IT transitions to a services model, and attackers are responding to this shift. Legacy security technologies do not afford sufficient or appropriate protection, leaving too many gaps for attackers to exploit. With the best private cloud security, designed for your architecture, attackers may run, but they cannot hide.

[1] Flash Forward: Moving Critical Workloads to Engineered Systems, The Aberdeen Group 2015

[2] Global Financial Institution Selects Software-Defined Data Center, VMWare.

Circumstances will vary. McAfee does not guarantee any costs or cost reduction.

[3] Blue Skies Ahead? The State of Cloud Adoption, Vanson Bourne for McAfee 2015

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs