Posted on Apr 16th, 2015 by Avishai Shafir

We're now in the era of the third platform, and IT security professionals must be prepared for it. According to global analysts, IDC, the third platform is the next phase of the IT revolution. The first was the mainframe computer. The second platform was the personal computer, (PC) driving enterprise network architecture all the way through about 2005. The third platform is built on cloud services, big data, mobile computing and social networking. I recently listened to IDC at Cloud Expo in London and it expects global infrastructure communications technology (ICT) spending to grow by 3.8% in 2015 to more than $3.8 trillion, with the majority of this growth focused on third platform technologies. Yet, the average security policy is still based on the second platform of physical computing machines. Next-generation security is a must for successfully supporting the third platform.

Enterprise IT and security experts are under increasing pressure to respond to complex network changes and keep up with growing business demands. As we've discussed many times before on this blog it means even to make a single network change they must continually update and configure a huge of settings on numerous firewalls coming from multiple vendors, as well as on devices and other security systems. It's a never-ending task that's becoming increasingly impossible to manage using traditional manual techniques. The risk of errors and omissions and opening up new back doors is high. This lack of network visibility also hinders the ability to deliver services and applications with the security, speed and accuracy required. What we have as a result is a considerable gap between what an organization's security policy looks like on paper, and the reality of how a network behaves in the real world. This gap will only widen as businesses make the transition from the second to third platform.

In today's enterprise, the users are setting their own IT agenda, bringing in devices, apps and storage solutions themselves. If IT is not agile enough, shadow IT will crop up to solve problems. To make things even more complicated enterprise networks are a mishmash of all the platforms - with physical and virtual assets, spread out across premises, private and public cloud locations. This heterogeneous environment is cost effective for business, but makes IT security management a nightmare. Making the challenge even tougher is the fact that hackers are also using third platform technologies to penetrate business networks and steal sensitive data.

To take advantage of the many benefits that the third platform will provide, organizations must adopt a more proactive approach to security policy orchestration. These steps are a good place to start:

  1. Security should be unified and consistent. Create a unified security management plane, spanning physical and cloud assets, that accurately reflects the true, day-to-day behaviors of the network. Security policy must be implemented across all levels of the organization.
  2. Enforce an enterprise security policy. Automatically ensure adherence of network connectivity changes and manage violations appropriately – and without exception.
  3. Understand your network topology. The third platform will have many moving parts, with assets disseminated across the organization. Visibility is your only hope to manage it all. This requires comprehensive view of the entire network to troubleshoot quickly and plan changes.
  4. Think application-centric. The third platform is all about software and applications. Enable network connectivity of business critical apps while being agnostic to infrastructure.
  5. Apply automation. Third platform upgrades and configuration changes require total efficiency and zero downtime. Plan ahead and provision changes to your physical network automatically, to make it as agile as your cloud.

When building a third platform-optimized security policy, IT security managers need to consider vulnerability management, risk management and threat mitigation using the same mindset and methods as a hacker to learn about your internal and external security risks. Planning your security policy now, before third platform assets are integrated into the network, will save you pain later.