Security Performance in the Age of Digital Transformation

Security Performance in the Age of Digital Transformation

In a World Where Performance and Scalability are King, Security Stands to be a Significant Barrier to Success

The twin pillars of digital innovation are scalability and performance. Cloud and SD-WAN provide agility and flexibility for constantly shifting business requirements, enabling organizations to dynamically scale compute, storage, application delivery and other functions to meet the escalating demands of end users and customers. At the same time, faster access to data, consistent throughput for business-critical applications and the need to process vast amounts of data all require higher levels of throughput. Failure to meet user demands for increased levels of network and application performance can cause customers to look elsewhere for the services they require.

These challenges are felt most keenly with security. Both physical and virtual security appliances traditionally suffer from performance challenges, especially when it comes to critical functions such as inspecting encrypted traffic. And in today’s digital business world, where network traffic continues to increase, performance is more important than ever. Resulting bottlenecks can impair end user experience and disrupt workflows and transactions. The temptation to bypass security in favor of performance, especially by DevOps and web teams, exposes organizations to increased risk.

However, most physical security appliances still rely on generic CPUs for processing highly specialized traffic. The result is performance numbers so low that many security vendors are too embarrassed to even publish them, or require massive multi-rack systems that are simply cost-prohibitive for most implementations, such as at next-gen branch offices. Those environments rely on new SD-WAN appliances to support bandwidth-hungry applications such as unified communications and business-critical SaaS solutions. 

A vast majority of security vendors cannot meet customer requirements for high performance and low-cost security for branch offices that can protect and inspect high-volume encrypted data at scale. The result is poor user experience and diminished productivity.

Every Industry Addresses Performance Issues with Custom Hardware – Except Security

To address these escalating challenges, the security industry needs to take its cue from vendors in other spaces. In virtually every other industry, all major advances in performance start with the development of new, purpose-built hardware designed to support and accelerate applications, workflows, and transactions. Nearly every major manufacturer and service provider outside of the security industry understands this maxim. 

The proper development of an effective, purpose-built processor can take years and requires teams of specialized developers, and most security vendors don’t even have this process on their roadmap. The challenge is even worse in areas where security has been treated as an afterthought. SD-WAN solutions generally come with little to no integrated security, forcing customers to build elaborate security overlay systems. Relying on traditional security solutions can be cost-prohibitive, especially when trying to outfit a large number of branch offices. The result is performance bottlenecks and increased risk and security gaps. 

By adding custom processors designed for both security and network processing to SD-WAN solutions, however, organizations would be able to realize the level of connectivity, performance, and security they need, at a price point only possible when using purpose-built ASICs. This would enable IT teams to rapidly deploy a complete SD-WAN solution while reducing complexity and overhead. 

Optimization Focus Needs to Extend to Virtualized Security

Being able to optimize performance isn’t just limited to physical devices. Private and public clouds, data center optimization, and virtual networks all rely on virtualized security designed to deliver optimal performance and protection. However, as with the development of physical security ASICs, building an effective virtualized security appliance requires advanced optimization skills that few vendors possess. 

Most security solutions ported to cloud environments, for example, fail to take advantage of the power of the multi-core virtual machines they run on. When combined a lackluster virtualization of security, you get a solution that not only doesn’t run as a cloud native solution, but also requires dramatic scaling to meet basic inspection requirements – which translates directly into higher costs to secure your cloud traffic. 

Interestingly, many of the skills required to optimize a virtual solution are similar to those required for ASIC development. Porting software to a chip requires the deep optimization of the software that will run there. When done properly, security and networking functionality ported to a chip can easily deliver ten to twenty times the performance, and at about 10 percent of the price, of a traditional CPU. Using that same development and optimization strategy to virtualize security can likewise deliver three to four times the performance of traditionally ported software. 

Digital Transformation Depends on an Aggressive Security Development Strategy

To meet the demands that everyone can clearly see on the horizon, including new edge computing and networks and the imminent delivery of 5G, which will deliver as much as 10 times the throughput of current connections, security vendors need to step up and take security development more seriously. Traditional methods of simply stacking more generic CPUs in a box – and escalating the price at the same time, simply fails to meet the reality of today’s organizations who need to secure multiple branch offices or emerging edge networks where data, processing, and security will all need to be moved closer to end users and devices.

In a world of digital transformation where performance and scalability are king, security stands to be a significant barrier to success unless vendors step up and address these challenges head on.

view counter
image
John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.
Previous Columns by John Maddison:
Tags: