New networking technologies such as software-defined networking (SDN) are gaining traction in the enterprise. What security considerations do organizations need to take into account before modifying their infrastructure to adapt these new solutions?
First, let’s look at how SDN works. SDN lets enterprises substitute networking hardware with software. This means that companies can move data centers much more easily, since they just need to install the hardware somewhere else. With SDN, companies would be able to build networks that need less human intervention and are easier to modify. It can also be used to create an overlay network, an extension of an existing LAN, to connect to virtual machines in the cloud.
Since SDN offers network controls independent of the hardware device, organizations gain visibility and flexibility when managing the network. The software defines the network as a whole, not on a per-device level. With SDN, administrators can route all traffic—regardless of internal or perimeter—through one centralized firewall and network analysis tool.
Potential security pitfalls for SDN
Even so, moving to SDN doesn’t mean the security requirements change. The firewalls need to still be able to define the inbound and outbound security policies that regulate traffic for particular services, ports, and addresses. Network analysis tools have to be able to examine packets and traffic regardless of whether they flow through hardware switches or virtual ones.
With with SDN, network administrators can rearrange networks and make changes much more easily than previously possible. This increases the probability of mistakes and unintended consequences arising from a configuration change. Strong configuration management is critical in SDN environments.
SDN will simplify the enterprise’s ability to extend VLANs beyond the building perimeters because administrators are not constrained to physical switches. This means data can be protected for a longer period of time after leaving the four walls of the enterprise, since the corporate network can essentially be extended to cover more ground than was previously possible.
SDN: Lack of standards increases security risks
SDN has gained traction only in the past two or three years, so standards vary and interoperability is virtually non-existent. You’ll want to be careful about buying into the technology and getting locked into one vendor. That is going to change, however, as organizations including Cisco, IBM, Juniper Networks, and Citrix Systems have formed a standards consortium called the OpenDaylight Project.
APIs and standards such as OpenFlow will help define a common interface amongst different switch vendors and SDN providers. OpenFlow is still pretty immature for large-scale deployments, and lack of standards means organizations would have to cobble together custom interfaces and homebrewed solutions. This is always a security risk. Until standards are in place, you’ll do well to avoid large-scale SDN deployments.
The market for SDN is relatively small today, with revenue estimates of about $300 million annually. Considering that the overall networking industry accounts for revenues of about $30 billion annually, this is just a drop in the bucket. Yet, market research firm IDC estimates that SDN can generate annual revenue of $3.7 billion within just three years.
Most of the companies in the space are startups, but bigger giants are quickly snapping them up. VMware shelled out $1.05 billion for Nicira last July. Juniper Networks also scooped up Contrail in December 2012 for a mere $176 million. Established hardware networking giants such as Cisco are also betting heavily on this trend.Tags: Security,Technology