SDN and security: Impact of network security in the SDN-enabled data center
- 20 September, 2012 20:25
Security is one of the leading challenges for IT professionals. And securing the data center (and related applications) in the era of public, hybrid and private clouds presents a complex set of problems for IT. The rise of SDN technologies will change the dynamics around securing the data center network, offering opportunities for improved automation and as well as new security concerns.
Network infrastructure (e.g., Ethernet switches and routers) operating at Layer 2/3 and network security (e.g. firewalls, intrusion detection and IP VPNs) operating at Layers 4-7 have always been interdependent. Emerging SDN technologies will impact the network stack across Layer 2-7. So changes in underlying network structure brought about by SDN will inevitability impact network security.
TECH EXPLAINER: Software defined networking
SDNs will split network security into two (somewhat) distinct elements: external data center hardware (the perimeter), and internal data center security (migrating VMs and applications).
What SDN brings to network security is the ability for security policies to logically (not physically) follow a specific application or VM. It is this improved automation enabled by SDN that should allow IT managers to create security policies that "follow" VMs and applications wherever they physically reside. In a more expansive (future) view, the centralized intelligence brought by SDNs will actively monitor traffic, diagnose threats, and mitigate security challenges.
However, like any new technology, SDN should be evaluated and tested for its impact on the network security environment. Here are a few questions to ask as you evolve the network security along with SDN implementations:
* Performance. Can traditional firewalls (and other security appliances) handle the performance requirements in a hyperscale data center? Do virtual security solutions offer additional performance or security benefits?
* Operational and management benefits. Does SDN technology improve the automation, provisioning, and management of network security?
* Control vs. data plane. What new security challenges does SDN open when the network is "split" between control and data planes?
* Muliti-vendor challenges. Network security will be baked into proprietary cloud stacks from VMware, Cisco, IBM, etc. The more vendors that are introduced into a cloud environment (hypervisor, network, or security) the bigger the challenges faced by IT to test, integrate, and secure the network.
It is very early days for SDN and the complete impact on network security is not yet fully know. But SDN will change how organizations design and operate their networks and will offer opportunities for IT to improve the automation and effectiveness of their network security.
Doyle is an independent industry analyst with 28 years of experience in the IT and networking fields. Follow Doyle on Twitter: @leedoyle_dc.
Read more about lan and wan in Network World's LAN & WAN section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- NAB plans customer migration to NextGen platform
- A/NZ College of Anaesthetists to expand campus security monitoring
- Credit Union Australia signs Good Technology to secure 400 devices
- Taxi startup ingogo hails $3.4 million in latest funding round
- Updated: Federal Court dismisses Aust Post trade mark appeal
Amazon drones are 'fantasy,' says eBay CEO
Training critical to Australia tapping broadband potential: CSIRO
US faces major Internet image problem, former gov't official says
Why CIOs stick with cloud computing despite NSA snooping scandal
Telstra hits 300 Mbps in LTE-A trial