Infonetics Datacenter Security Report 2015

695 C ampbe l l Techno lo gy Pa rkway Sui t e 200 Ca mpbe l l C a l i fo r n ia 95008 t 408. 583 .0011 f 408 . 583 . 0031

www. i nf one t i c s . com S i l ic o n Val le y, CA Bos ton, MA London, UK

Data Center Security Strategies and Vendor Leadership Excerpts

March 2015

By Research Director Jeff Wilson

IHS INFONETICS RESEARCH REPORT EXCERPTS

Data Center Security Strategies and Vendor Leadership: Excerpts Reprinted with permission from IHS Infonetics Research. 2015 IHS Infonetics Research

Table of Contents

TOP TAKEAWAYS 1

INTRODUCTION 2

Market Background 2

Methodology and Demographics Overview 2

DRIVERS 3

DATA CENTER SECURITY DEPLOYMENT STRATEGIES 5

SOLUTION SUPPLIERS INSTALLED AND UNDER EVALUATION 10

TOP DATA CENTER SECURITY SOLUTION SUPPLIERSRESPONDENT PERCEPTION 11

DATA CENTER SECURITY SOLUTION SUPPLIER LEADERSHIP 12

ABOUT IHS INFONETICS RESEARCH 14

REPORT REPRINTS AND CUSTOM RESEARCH 14

List of Exhibits

Exhibit 1 New Data Center Security Solution Purchase Drivers 4

Exhibit 2 Security Solutions Deployed in the Data Center 6

Exhibit 3 Hypervisor Compatibility 7

Exhibit 4 SDN Controller Platforms Under Evaluation 8

Exhibit 5 Security Technologies Deployed as Virtual Appliances 9

Exhibit 6 Data Center Security Solution Suppliers Installed and Under Evaluation 10

Exhibit 7 Top Data Center Security Solution Suppliers: Respondent Perception 11

Exhibit 8 Data Center Security Solution Supplier Leadership 13

1 Data Center Security Strategies and Vendor Leadership: Excerpts Reprinted with permission from IHS Infonetics Research. 2015 IHS Infonetics Research

TOP TAKEAWAYS

The battle for data center security domination is raging in 2015, particularly at the high end of the appliance market. 2014 brought major market share changes, and many buyers are evaluating vendors old and new based on the following criteria:

Vendors have the interfaces and performance (connection and throughput) buyers require today; buyers will jump ship in 2015 if they believe security infrastructure will hamstring their high performance data center25G ports in particular will quickly be a key offering for the data center looking at 2016 and beyond

Performance increases dont come at the expense of security efficacy and management/policy tools; accessing real-time threat data tops the list of new investment drivers

Solutions are cost competitive today and offer an attractive upgrade path, including the ability to increase performance via software and/or hardware upgrades and add new protection mechanisms

Vendors have a compelling roadmap for virtualization and SDN with concrete plans for products in mid/late 2015 and have something available today to show as a proof of concept with a variety of hypervisor and SDN controller platforms

The most significant transformation affecting enterprise data centers today is the adoption of server virtualization technology and DC orchestration software, as they are the building blocks of the virtualized data center and important ingredients in the eventual rollout of SDN in the data center; 76% of respondents consider virtualization to be an important driver for purchasing new security solutions. That said, theyre not quite yet wrestling with purchasing security solutions that are SDN-compatible (near the bottom of the security investment driver list, but a driver for 71%).

When it comes to brand strength for key data center security buying criteria, Cisco, McAfee, HP, Juniper, and VMware mostly top the list. Strength in the individual criteria we ask about is primarily a function of overall brand strength (large vendors do better overall), but there are some interesting peaks (Juniper jumps up for technology innovation and price) and valleys (Cisco shows their typical dip for price/performance and also a dip in service and support), and Palo Alto has a surprisingly high score for management relative to its overall brand awareness and strength.


INTRODUCTION

Market Background

From massive hosting providers to cloud-centric companies like Google and Amazon to large and medium enterprises, IT organizations around the world are consolidating and rebuilding data centers, moving infrastructure into the cloud, and looking at flexible and programmable data center architectures (like SDN for data center networks) in an effort to get the scale and agility they need to operate their businesses and manage cost. Companies looking to deploy security solutions in data centers have to consider a wide range of security products from server software that protects a single machine (physical or virtual) to virtual appliances that deliver security at the hypervisor level, and even big iron security appliances that sit in the data center in multiple locations. There are many solutions available but little consensus on which is best and who should provide it. Enterprise data center operators are also looking at major changes in the way they architect their infrastructure (SDN for networking, software defined storage, deploying data center orchestration software, and new multi-CPU server architectures), which will absolutely drive changes in the way they deploy security.

So what do end-userscompanies in the process of building or upgrading their data centers todaythink of the security problems they face? We conducted this survey to answer key questions about buyers plans for security in their data centers.

Methodology and Demographics Overview

Using a panel of qualified IT decision-makers, we conducted a web survey in March 2015 with 137 medium and large organizations (over 500 employees) that operate their own data centers, defined as a facility in a single building connected to telecommunications facilities used to house local network connected servers (computer systems) and storage systems; this generally includes SANs, redundant or backup power supplies, redundant telecommunications connections, environmental controls (e.g., air conditioning and fire suppression), and security devices.

To qualify, respondents had to have detailed knowledge of the security solutions deployed in their data centers and have influence over purchase decisions for those solutions. All respondents are either primary decision-makers or have a lot of influence.


DRIVERS

Respondents are wrestling with a variety of problems when they make new investments in security for data centers. In the past few years, providing security for virtualized servers topped the list, but theres been a changing of the guard this year: on top in 2015 are solutions that leverage real-time threat intelligence and can inspect encrypted traffic.

Respondents rated the importance of various drivers in the decision to purchase new security solutions for their data centers on a scale of 1 to 7, where 1 means not a driver, 4 means somewhat of a driver, and 7 means a strong driver. The next chart shows the percentage of respondents rating each feature a 6 or 7, or a driver.

The more highly publicized threats there are, the more data center security buyers shift their mindset away from performance and architectural concerns and toward the meat of the problem: stopping damaging breaches. Respondents want solutions that are plugged into real-time threat intelligence to shorten their exposure to damaging threats, which is difficult to do at data center speeds. Data center security solution vendors need to make sure to message about threat intelligence and connectivity to it; add that message alongside messages about overall performance and the move to SDN/NFV as it deserves the same (if not more) weight.

They also want visibility into encrypted traffic. In the wake of the Snowden disclosures, there has been a massive shift on the Internet, with many major sites (Facebook, Google, etc.) switching over to HTTPS overnight and encrypting all traffic. Though this is potentially good for personal freedom, its a nightmare for security enforcement. There are a range of options for dealing with encrypted traffic, from adding SSL cards to existing appliances to putting an overall SSL inspection infrastructure in place, and buyers are demanding SSL inspection solutions that will work in the data center.


Exhibit 1 New Data Center Security Solution Purchase Drivers n=137

47%

61%

68%

68%

69%

71%

73%

75%

76%

77%

77%

77%

78%

79%

81%

0% 20% 40% 60% 80% 100%

Address environmental concerns

Add support for IPv6

Move to cloud/hybrid-cloud architecture

Meet regulatory requirements

Deploy solutions that support moretotal and concurrent sessions

Need security solutionscompatible with SDN rollout

Consolidate security technologiesinto fewer platforms

Upgrade to high speed networkinterfaces on security appliances

Protect virtualized servers

Protect DNS infrastructure

Prevent new DDoS attacks

Add new threatprotection technologies

Upgrade security products tomatch network performance

Inspect encrypted traffic

Need solutions that leveragereal-time threat intelligence

Percent of Respondents Rating 6 or 7

Driv

ers


The most significant transformation affecting enterprise data centers today is the adoption of server virtualization technology and DC orchestration software, as these are the building blocks of the virtualized data center and an important ingredient in the eventual rollout of SDN in the data center. 76% of respondents consider virtualization to be an important driver for purchasing new security solutions; rolling out virtualized servers will require them to invest in new security solutions in the data center.

Though mainstream enterprise data center buyers are looking to solve security problems associated with virtualized servers, theyre just starting to wrestle with purchasing security solutions that are SDN-compatible (lower on the list, only rated a strong driver by 71%). Most enterprise data centers still dont have SDN infrastructure in place yet, so this is not a short-term driver for security purchases. This year will be a transitional year for SDN as a driver, with 2016 being the year where SDNs are a mainstream purchase driver for data center security solutions. That doesnt mean that vendors shouldnt be working on their solutions or educating their customer base about how their solutions will work in an SDN environment in the future; it just means that delivering that solution today isnt critical.

DATA CENTER SECURITY DEPLOYMENT STRATEGIES

When security architects look to solve the data center security problem, they have a long list of technology and business requirements to satisfy, but their product choices tend to settle into 3 basic groups regardless of whether enterprises are buying for a more traditional data center, a data center where some of the server and storage has been virtualized, or a fully virtualized data center on its way to a full SDN implementation.

Large high performance appliances (firewalls, IPS, DDoS, etc.) are still required to protect data center infrastructure from attack. The applications and protocols these devices protect continue to evolve, and performance requirements continue to increase unabated. In some cases, high performance appliances can be virtualization-aware and capable of directing traffic to and from VMs and in the future will even work with SDNs and data center orchestration platforms.

After the big iron comes protection of servers at the hypervisor level. Here we see familiar names (like Juniper, Check Point, Cisco, Symantec, McAfee, and Trend Micro) and new ones (the virtualization platform vendors themselves, VMware being the most aggressive, and specialized vendors like Catbird). The exact security functions of these products vary, and the extent to which they communicate with other security elements varies as well, but most agree it's a requirement to have something that can interact with the hypervisor and protect multiple virtual machines. Over time, these platforms will build in support for SDN and data center orchestration as well.

Finally, theres protection of individual server instances. Here were back to traditional security software vendors (like Symantec, McAfee, and Trend Micro) offering products with a variety of functions from AV to encryption and file integrity management. There is major partnership potential between the appliance and hypervisor players and the companies offering protection of individual servers.


We asked respondents about their basic strategy for deploying security in the data center, and they clearly favor a multi-layered approach, with many respondents already deploying a mix of hardware appliances and virtual appliances. More than half deploy server-level security software per-VM despite the fact that this is the most expensive and most difficult to manage data center security deployment model. Its interesting to note that many respondents expect to decrease their use of hardware appliances in the data center 2 years out; this is part of a larger shift toward virtualized infrastructure, with forward-thinking buyers clearly expecting cloud-delivered solutions to impact their architecture.

We expect future deployments of SDN to shift the balance of hardware and software appliances in the data center, and when we do this survey next year, we expect respondents to be much more knowledgeable about SDN and data center orchestration tools. We believe this migration from hardware to software will likely be the case for higher-layer security technologies first (messaging, IPS, application, web protection), and we believe that there will always likely be hardware security infrastructure for DDoS mitigation and firewalls at the edge of the data center (where it connects to the Internet) even as those solutions are virtualized in the core of the data center in a services layer.

Exhibit 2 Security Solutions Deployed in the Data Center n=137, 137

95%

51%

75%

54%

72%

80%

0% 20% 40% 60% 80% 100%

Hardware security appliances

Per-VM security software

Virtual security appliances

Percent of Respondents

Secu

rity

Solu

tions

2017

Now


Next, we asked respondents with which hypervisor platforms their virtual security appliance solutions need to be compatible. For now, the battle is tight a 3 horse race in the enterprise data center between VMware (vCenter), Citrix (XenServer), and Microsoft (HyperV), though KVM isnt far behind VMware for now. Microsoft has the lead for now, with many companies trialing HyperV and even dabbling in Azure cloud services and many service providers reporting anecdotally that Microsoft is doing excellent technical work to make HyperV the product of choice in a hosting environment. Were very early in the market for virtual security solutions, and theres really no reason to declare a winner here; the truth is most virtual appliances will need to be compatible with all major hypervisor platforms.

Exhibit 3 Hypervisor Compatibility n=137, 137

2%

4%

40%

50%

66%

97%

1%

4%

41%

65%

66%

73%

0% 20% 40% 60% 80% 100%

Other

None

KVM

vCenter/ESXi

XenServer

HyperV


Hyp

ervi

sors

2017

Now


After server virtualization. one of the technologies to be deployed in the most enterprise data centers is SDN. Again, theres significant discussion about SDN in the data center world, but realistically were still very early in the deployment cycle for SDN. We asked respondents which SDN controllers they were currently evaluating, and there was healthy response for a variety of platforms including Cisco, VMware, IBM, and HP. In truth, the controller war may or may not impact the war for security technology underneath as most of the controllers will interface with any and all security vendors products, but there are implications. A data center operator who chooses Juniper Contrail is very likely to deploy Juniper vSRX virtual appliances as their first step, even if long term they can choose any security vendors for their services. Selection of controller vendors may be an indicator of early market success for virtualized security products.

Exhibit 4 SDN Controller Platforms Under Evaluation n=137

1%

1%

7%

8%

10%

11%

28%

29%

49%

55%

59%

70%

0% 20% 40% 60% 80%

Other

None

PLUMgrid Director

Midokura MidoNet

BrocadeVyatta Controller

CPLANENETWORKS controller

Dell ActiveFabric Controller

Juniper Contrail

HP Virtual ApplicationNetworks SDN Controller

IBM ProgrammableNetwork Controller

VMware NSX

Cisco APIC


SDN

Con

trol

ler P

latfo

rms


We also asked respondents which security technologies they planned to deploy using virtual appliances by the end of 2015. The top 4 are a mix of core network (firewall and IPS) and application/content (web security gateway and WAF) products. Conventional wisdom has said that companies will likely deploy higher-layer technologies (like SWG and WAF) in virtual appliance format because the applications themselves are already running on virtualized infrastructure. That said, there are more virtualized firewall offerings on the market every day, and as companies virtualize more network infrastructure in the data center, network security tools will follow.

Exhibit 5 Security Technologies Deployed as Virtual Appliances n=137

43%

44%

52%

55%

62%

63%

65%

66%

0% 20% 40% 60% 80%

Sandboxing/advancedmalware protection

DDoS mitigation

DNS Security

Mail security gateway

Web application firewall

IPS

Firewall/UTM/NGFW

Web security gateway


Tech

nolo

gies


SOLUTION SUPPLIERS INSTALLED AND UNDER EVALUATION

In an open-ended question, we asked respondents whose data center security solutions they use now and whose they are evaluating for use by 2016.

This is a fragmented market, and vendors in use include a mix of virtualization vendors, application/database vendors, server/data center heavy hitters, client security players, network security vendors, and vendors that also have a large stake in the network integration business for data centers. The winning vendors in this space will likely be the ones that position themselves best for data center and cloud security leadership through a mix of the right products (with a particular focus on providing performance upgrades at a reasonable cost), a great track record for security efficacy, a great solutions/integration offering, and the ability to leverage adjacent strengths (like HP and IBM leaning on their server and storage business to sell security in the data center or Cisco and Juniper creating strong offerings that blend security, switching, and routing).

Exhibit 6 Data Center Security Solution Suppliers Installed and Under Evaluation n=137, 137

3%

4%

8%

9%

5%

9%

10%

12%

26%

31%

2%

3%

7%

7%

8%

9%

9%

9%

22%

29%

0% 10% 20% 30% 40%

Trend Micro

Dell

VMware

McAfee

Juniper

HP

Microsoft

Symantec

IBM

Cisco


Supp

liers

Under evaluation

Installed


TOP DATA CENTER SECURITY SOLUTION SUPPLIERSRESPONDENT PERCEPTION

In an open-ended question, we asked respondents whom they consider to be the top 3 security solution suppliers for data centers, a measure called unaided brand awareness, which provides a good view of overall brand strength. Typically, the larger a vendor is (e.g., broad product portfolio) and the more visible their brand is (e.g., TV commercials, product placement), the better they fare in this question: overall brand strength trumps product or technical leadership, which means that IBM, a data center staple for decades, is high on the list even though they dont have as broad of a product offering as some of the other vendors (their massive integration business doesnt hurt their brand awareness either). Cisco leads overall, and the other vendors on this list are major brands in consumer security (McAfee), desktop OS/applications (Microsoft), and broad IT solutions (HP). Key companies like VMwarea central figure in data center security, especially as the world virtualizeshavent cracked the top 5 yet.

Exhibit 7 Top Data Center Security Solution Suppliers: Respondent Perception n=137

6%

12%

14%

15%

18%

20%

21%

25%

36%

47%

0% 10% 20% 30% 40% 50%

Trend Micro

Dell

Juniper

VMware

Microsoft

McAfee

HP

Symantec

IBM

Cisco


Supp

liers


DATA CENTER SECURITY SOLUTION SUPPLIER LEADERSHIP

We asked respondents to name the top 3 data center security suppliers for each of 10 important buying criteria (this is a prompted questionrespondents could only pick from a provided list of 11 vendors). The next chart shows the percentage of respondents who consider each vendor to be among the top 3 for each criterion.

Because this type of question tends to favor well-known suppliers, and to eliminate sample bias, we adjusted the percentage of respondents based on how familiar our sample is with each supplier. The next chart covers the 5 suppliers cited the most.

Cisco does very well across the board (their lowest score is still higher than anyone elses highest score), and we know many buyers go with Cisco because they are a strategic partner delivering on a large vision that involves more than just security. Cisco has rolled out a new set of data center focused solutions in 2012 and has now fully integrated the Sourcefire products. Ciscos main hole when it comes to offering security solutions for service provider data centers is their lack of a DDoS mitigation product, which we expect they will remedy soon.


Exhibit 8 Data Center Security Solution Supplier Leadership n=137

0%

20%

40%

60%

Technologyinnovation

Security Managementsoftware

Price-to-performance

ratio

Price Financialstability

Service& support

Productroadmap

Productreliability

Solutionbreadth

Perc

ent o

f Res

pond

ents

Cisco HP VMware McAfee Juniper


REPORT AUTHOR

Jeff Wilson

Research Director, Cybersecurity Technology IHS Infonetics +1 408.583.3337 | [email protected] Twitter: @securityjeff

ABOUT IHS INFONETICS RESEARCH

Infonetics Research, now part of IHS (NYSE: IHS), is an international market research and consulting analyst firm serving the communications industry since 1990. A leader in defining and tracking emerging and established technologies in all world regions, Infonetics helps clients plan, strategize, and compete more effectively.

REPORT REPRINTS AND CUSTOM RESEARCH

To learn about distributing excerpts from IHS Infonetics reports or custom research, please contact:

The Americas: +1 855 323-3363 +1 719 265-1535 [email protected]

Europe, Middle East, Africa (EMEA): +44 1344 328300 [email protected]

Asia Pacific: +604 291-3600 [email protected]

Documents

Infonetics Datacenter Security Report 2015