034
The Management Layer enables the architecture to fulfill its roles by integrating security
with enterprise business processes.
Enterprise networks undergo frequent changes. This is especially true for virtualized
data centers and Service Oriented Architectures (SOA) where applications move from
host to host, virtual hosts move from one physical server to another, and networks are
reconfigured dynamically via SDN and other APIs. Mobile users and cloud services
extend the reach of the enterprise network. These frequent and fast-paced changes place
an immense burden on security administrators who have traditionally been required to
manage network access controls as a function of network addresses and services.
Furthermore, an increasingly hostile threat environment both within and outside the
organization requires administrators to manage a more granular Least Privilege policy
that takes into account additional attributes such as user identity, role assignments, host
compliance status, data identity, application identity and request parameters.
Network complexity and the requirement for granular policy mean that security
administrators can no longer keep up with rapidly evolving business processes. The SDP
Management Layer addresses this challenge by providing a framework that is:
Modular – security policy administration follows security segment
boundaries and protection types, providing each administrative user with a
simple policy subset that provides only the information and authorizations
necessary to fulfill assigned roles
Open – APIs are used to support automation for synchronizing the
Control Layer with enterprise systems, reducing administrator workload
and ensuring consistency of security policy within the network
Resilient – enterprise visibility allows the business to “fight through” attacks
while maintaining acceptable levels of service by detecting, containing and
repelling cyberattacks, as well as supporting follow-up investigation and
recovery and collaboration
Management
Layer
03
Administrators
can no longer
keep up with
rapidly evolving
business
processes
