SDN and security: Impact of network security in the SDN-enabled data center

  • (Network World)
  • 20 September, 2012 20:25

Security is one of the leading challenges for IT professionals. And securing the data center (and related applications) in the era of public, hybrid and private clouds presents a complex set of problems for IT. The rise of SDN technologies will change the dynamics around securing the data center network, offering opportunities for improved automation and as well as new security concerns.

Network infrastructure (e.g., Ethernet switches and routers) operating at Layer 2/3 and network security (e.g. firewalls, intrusion detection and IP VPNs) operating at Layers 4-7 have always been interdependent. Emerging SDN technologies will impact the network stack across Layer 2-7. So changes in underlying network structure brought about by SDN will inevitability impact network security.

MORE: SDN revolution or evolution: Impact on the IT manager

TECH EXPLAINER: Software defined networking

SDNs will split network security into two (somewhat) distinct elements: external data center hardware (the perimeter), and internal data center security (migrating VMs and applications).

What SDN brings to network security is the ability for security policies to logically (not physically) follow a specific application or VM. It is this improved automation enabled by SDN that should allow IT managers to create security policies that "follow" VMs and applications wherever they physically reside. In a more expansive (future) view, the centralized intelligence brought by SDNs will actively monitor traffic, diagnose threats, and mitigate security challenges.

However, like any new technology, SDN should be evaluated and tested for its impact on the network security environment. Here are a few questions to ask as you evolve the network security along with SDN implementations:

* Performance. Can traditional firewalls (and other security appliances) handle the performance requirements in a hyperscale data center? Do virtual security solutions offer additional performance or security benefits?

* Operational and management benefits. Does SDN technology improve the automation, provisioning, and management of network security?

* Control vs. data plane. What new security challenges does SDN open when the network is "split" between control and data planes?

* Muliti-vendor challenges. Network security will be baked into proprietary cloud stacks from VMware, Cisco, IBM, etc. The more vendors that are introduced into a cloud environment (hypervisor, network, or security) the bigger the challenges faced by IT to test, integrate, and secure the network.

It is very early days for SDN and the complete impact on network security is not yet fully know. But SDN will change how organizations design and operate their networks and will offer opportunities for IT to improve the automation and effectiveness of their network security.

Doyle is an independent industry analyst with 28 years of experience in the IT and networking fields. Follow Doyle on Twitter: @leedoyle_dc.

Read more about lan and wan in Network World's LAN & WAN section.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers

NBN Co hits 105Mbps in limited FTTN trial

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia