SDN and security: Impact of network security in the SDN-enabled data center

Security is one of the leading challenges for IT professionals. And securing the data center (and related applications) in the era of public, hybrid and private clouds presents a complex set of problems for IT. The rise of SDN technologies will change the dynamics around securing the data center network, offering opportunities for improved automation and as well as new security concerns.

Network infrastructure (e.g., Ethernet switches and routers) operating at Layer 2/3 and network security (e.g. firewalls, intrusion detection and IP VPNs) operating at Layers 4-7 have always been interdependent. Emerging SDN technologies will impact the network stack across Layer 2-7. So changes in underlying network structure brought about by SDN will inevitability impact network security.

MORE: SDN revolution or evolution: Impact on the IT manager

TECH EXPLAINER: Software defined networking

SDNs will split network security into two (somewhat) distinct elements: external data center hardware (the perimeter), and internal data center security (migrating VMs and applications).

What SDN brings to network security is the ability for security policies to logically (not physically) follow a specific application or VM. It is this improved automation enabled by SDN that should allow IT managers to create security policies that "follow" VMs and applications wherever they physically reside. In a more expansive (future) view, the centralized intelligence brought by SDNs will actively monitor traffic, diagnose threats, and mitigate security challenges.

However, like any new technology, SDN should be evaluated and tested for its impact on the network security environment. Here are a few questions to ask as you evolve the network security along with SDN implementations:

* Performance. Can traditional firewalls (and other security appliances) handle the performance requirements in a hyperscale data center? Do virtual security solutions offer additional performance or security benefits?

* Operational and management benefits. Does SDN technology improve the automation, provisioning, and management of network security?

* Control vs. data plane. What new security challenges does SDN open when the network is "split" between control and data planes?

* Muliti-vendor challenges. Network security will be baked into proprietary cloud stacks from VMware, Cisco, IBM, etc. The more vendors that are introduced into a cloud environment (hypervisor, network, or security) the bigger the challenges faced by IT to test, integrate, and secure the network.

It is very early days for SDN and the complete impact on network security is not yet fully know. But SDN will change how organizations design and operate their networks and will offer opportunities for IT to improve the automation and effectiveness of their network security.

Doyle is an independent industry analyst with 28 years of experience in the IT and networking fields. Follow Doyle on Twitter: @leedoyle_dc.

Read more about lan and wan in Network World's LAN & WAN section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lee Doyle

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts