Software Defined Networking - "The Biggest Thing Since Ethernet"

SDN Journal

Subscribe to SDN Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SDN Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


SDN Authors: Pat Romanski, Destiny Bertucci, Liz McMillan, Elizabeth White, Yeshim Deniz

Related Topics: Cloud Computing, Security Journal, SDN Journal

Article

Question Answered. SDN Is Secure | @CloudExpo @Ciena #SDN #IoT #M2M #API

SDN provides a centralized intelligence and control model that is well-suited to provide flexibility to network security

The Question Has Been Answered. SDN Is Secure

Software-Defined Networking (SDN) is one of the most interesting developments in networking to emerge in the last decade. The potential to establish a simplified infrastructure and leverage software to dynamically modify existing flow characteristics has the potential to address many concerns around hardware costs, faster service provisioning, and greater configuration control across diverse networks. However, concern for or lack of information about security is a key inhibitor to SDN adoption in today's rapidly-evolving data centers and connected wide area network environments.

With good reason: there is news of another global data breach almost daily. More than 1,500 data breaches led to 1billion data records compromised in 2014 alone, a 49% increase in data breaches and a 78% increase in data records stolen or lost compared to 2013. While it's easy to focus on all of the security vulnerabilities (actual and perceived) in an open system, there a number of security benefits that SDN can in fact help realize.

It's true that currently available security solutions are difficult to deploy, manage, program, scale, and secure. Policies are tightly coupled to physical resources as opposed to services and applications. Security solutions struggle to provide quick and automated threat mitigation across equipment from multiple vendors. Consistent security policies are difficult to administer across compute, storage, and network domains, and multiple data centers.

What SDN provides is a centralized intelligence and control model that is well-suited to provide much-needed flexibility to network security deployments with a number of complementary attributes that are useful for implementing a highly secure and manageable environment, including:

  • A flow-based paradigm that untethers policies from the physical perimeter. The perimeter security model of "keeping the bad guys out" no longer works in today's dynamic cloud and mobile computing world. Networks and servers will continue to be attacked, despite using best-in-class content inspection, tunneling, and continuous monitoring technologies. The flow paradigm is ideal for security processing because it offers an end-to-end, service-oriented connectivity model that is not bound by traditional routing constraints.
  • Highly granular policy management and enforcement, for diverse, multi-tenant environments. Granular policy management can be based on application, service, organization, and geographical criteria rather than physical configuration. This allows the operator to designate who is authorized to update control information, and by extension exclude unauthorized individuals or groups. It also allows the owner to determine the state of the platform at any time, as well as what changes were made, when, and by whom.
  • Logically centralized control allows for effective performance and threat monitoring across the entire network. In SDN architectures, network intelligence is centralized, so decision-making is facilitated based on a global (or domain) view of the network, as opposed to today's networks, which are built on an autonomous system view where nodes are unaware of the overall state of the network. This gives operators a more efficient way to detect and isolate threats.
  • Programmability which offers far more sophisticated security processing than is available today. SDN networks are inherently controlled by software functionality, which may be provided by vendors or the network operators themselves. Such programmability enables automation and adaption to mitigate risks, as well as for dynamic and flexible adjustment of security policy.

By blending historical and real-time network state and performance data, SDN facilitates intelligent decision making, achieving flexibility, operational simplicity, and improved security across a common infrastructure. And with the proper configuration and integration, you can secure an SDN environment without impact to SDN capabilities. This provides a way to address one of the most common security critiques - that security is bolted on, as opposed to built-in. With SDNs, security can be a core part of the network solution right from the beginning, making the management and implementation of proven security mechanisms easier.

More Stories By Chris Janz

Dr. Christopher Janz serves as Vice President and CTO of Ciena’s Agility business division. Ciena Agility distributes software that enables network operators to deliver and monetize consumption-based services on demand; flexibly, efficiently and at high velocity. As CTO, he is largely responsible for designing Ciena Agility’s forward path in the fast-evolving SDN and NFV technology and market landscape, and for managing Ciena Agility’s contributions to industry organizations and efforts defining and driving those evolutions.

Chris has 20 years of industry experience in roles ranging from primary research, system architecture, and product development team management; to product line management and strategic marketing. He holds a B.Eng. in engineering physics from the Royal Military College of Canada, a Ph.D. in electrical engineering from the University of Alberta and an M.B.A. from Queen's University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.