Connect.jpgThe world’s computer networks are evolving.  They are growing in size, complexity, and speed to meet the insatiable needs for information sharing and online services.  Massive amounts of data traverse corporate and public network environments every minute where it is processed, organized, and stored.  Network designs must continually advance to keep pace with growing demands.  Software Defined Networking (SDN) is the next major leap forward.  Through virtualizing cloud communication infrastructures, Software Defined Networking provides an economical solution for rapid expansion and management of large demanding networks, enabling growth, economic scalability, and supporting the innovation of better services.

 

Technology is powerful.  It connects us.  Drives our businesses.  Services our needs.  Entertains us and brings together the greatest stream of thought mankind has ever experienced.  The benefits touch the lives of everyone. 

 

But there are risks.

 

The control of information is incredibly valuable.  Which makes networks a prime and tempting target.  Every network and business is subject to attack and potentially devastating compromises.  The threats are pervasive and increase with the expansion of technology and the value they hold.  All that power and information requires security.

 

SDN is a powerful architecture.  As a capability, it allows for dynamic setup, teardown, configuration, and management of internal networks.  It allows the flow of data to shift and be controlled in optimal ways by creating a controllable layer enabling a high degree of configurability and autonomy.  SDN promises to open and expand the possibilities for the next generation of computer networking.  The business benefits are straightforward and compelling.  It is cost effective, adaptable to bandwidth needs, easier to manage than physical reconfigurations, and can allow new services and solutions, such as securely connecting synthesized personal and work devices.  On the other hand, it could be used as a powerful tool by those with malicious intent.  Attackers will target SDN in order to covertly compromise the confidentiality and integrity of data, steal content, bandwidth, and enumerate high-value assets, conduct exfiltration of information, redirect users to malicious content, deny access, manipulate social connections, undermine trust and privacy, and effectively control or bring down a network.  Basically a worst-case scenario for administrators. 

 

Don’t panic just yet, as this is the usual challenge for revolutionary compute infrastructure technology.  The lure of great benefits are normally accompanied with the potential risks of great harm.  This is where security comes into the picture to balance the risk equation.  

 

We must learn from the past.  Lessons from the meteoric rise of cloud and virtualization are excellent examples.  Originally, rapid adoption to reap economic benefits far outpaced the development and inclusion of security.  The result was vast environments converted to the new architectures without the benefit of understanding the security risks or preemptively laying the groundwork necessary to secure the assets and operations.  Controls were an afterthought, with limited effectiveness and an aggravating source of unplanned costs.  The risks were simply not understood.  Backlash resulted and the second wave of adopters were very hesitant to make the leap.  Nowadays, security is an integral part of any virtualization conversion or cloud migration.  Only when new technologies are designed, built, and operated with security in mind, from the onset, do they prove to be effective and efficient at mitigating risks.  It is a momentous challenge for the technology sector to overcome, but securing the next generation of networking infrastructure is a necessity. 

 

Technology is moving fast and networks are evolving.  SDN opens the doors to many security opportunities to mitigate threats in new ways.  Security must be present wherever data flows, from devices, through networks, into clouds and data centers.  It is critical to consider the threats, risk exposure, operational impact, performance, scale, and compliance in data centers upgrading to Software Defined Networking infrastructures. 

 

SDN properties can be leveraged to greatly improve security.  Dynamic and transportable security controls are a necessity.  Access controls, firewalls, security sensors, and the power to redirect or isolate malicious data, connections, and compromised systems are all tremendously important security capabilities!  The ability to track and audit where data is being sent, processed, and stored is fast becoming a regulatory requirement.  SDN architecture supports the ability to customize controls and dynamically deploy them in layers or chevrons to protect critical services or highly valued targets.  Why have a static firewall appliance at the perimeter with monolithic policies when instead multiple virtual firewalls could be imbedded within the SDN network, with customizable rules and configurations.  Suspect a node is compromised and looking for other victims?  Spawn a series of honeypots nearby as an early detection sensor web to catch the offender and follow up with isolation to cull the culprit from the herd.  Security must follow data and exist where it lives and flows.  SDN can be the game-changer to make this more of a reality!

 

As security and network vendors partner strategically, SDN can blossom into a tremendous risk management asset and offer comprehensive capabilities across the Defense-in-Depth methodology model.  Innovative security providers will use SDN to support the analytics, attestation, and threat intelligence to Predict where security problems are likely to arise.  They will also apply the Best-Known-Methods of Prevention to the distributive nature of SDN, including anti-malware, firewalls, authentication, encryption, load-balancing, contextual connection filtering, white/black listing, and data-loss inspection.  SDN solutions can be architected to support traditional and new Detection technologies to identify compromises for the connected network and hosts.  Lastly, a number of Response and recovery mechanisms can be developed to insure the network is survivable and losses can be managed swiftly in the event of a successful attack.  The combination of these principles create a powerful set of capabilities to manage the risks of current and emerging threats. Security solutions can align and support the portability and customization of virtualization, economies of scale and accessibility of cloud, and preserve the manageability and auditability of traditional networks.

 

To be successful, the security community must be vigilant and work to incorporate security principles into the architecture and resulting SDN products to keep parity with the threats waiting to pounce.  So far, I have seen security as a strong topic in the SDN community, which is a good sign.  But we must not falter.  Businesses who are looking to invest in SDN also play an important role.  They must be asking for secure solutions before committing.  Such demand fosters competition among SDN solution providers to deliver meaningful and innovative security capabilities and trustworthy products. 

SDN is important and the likely future of networking in modern data centers.  In the short term it makes economic sense for operations.  However, to protect the long term value proposition we must insure security is incorporated into the architecture from the beginning, instead of an afterthought set of patchwork bandages.  We all must strive to change the paradigm and support the integration of security into innovative emerging architectures such as SDN.

 

Twitter: @Matt_Rosenquist    

IT Peer Network: My Previous Posts

LinkedIn: http://linkedin.com/in/matthewrosenquist

My Blog: Information Security Strategy