Welcome!

SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: SDN Journal, @CloudExpo, Cloud Security

SDN Journal: Article

Question Answered. SDN Is Secure | @CloudExpo @Ciena #SDN #IoT #M2M #API

SDN provides a centralized intelligence and control model that is well-suited to provide flexibility to network security

The Question Has Been Answered. SDN Is Secure

Software-Defined Networking (SDN) is one of the most interesting developments in networking to emerge in the last decade. The potential to establish a simplified infrastructure and leverage software to dynamically modify existing flow characteristics has the potential to address many concerns around hardware costs, faster service provisioning, and greater configuration control across diverse networks. However, concern for or lack of information about security is a key inhibitor to SDN adoption in today's rapidly-evolving data centers and connected wide area network environments.

With good reason: there is news of another global data breach almost daily. More than 1,500 data breaches led to 1billion data records compromised in 2014 alone, a 49% increase in data breaches and a 78% increase in data records stolen or lost compared to 2013. While it's easy to focus on all of the security vulnerabilities (actual and perceived) in an open system, there a number of security benefits that SDN can in fact help realize.

It's true that currently available security solutions are difficult to deploy, manage, program, scale, and secure. Policies are tightly coupled to physical resources as opposed to services and applications. Security solutions struggle to provide quick and automated threat mitigation across equipment from multiple vendors. Consistent security policies are difficult to administer across compute, storage, and network domains, and multiple data centers.

What SDN provides is a centralized intelligence and control model that is well-suited to provide much-needed flexibility to network security deployments with a number of complementary attributes that are useful for implementing a highly secure and manageable environment, including:

  • A flow-based paradigm that untethers policies from the physical perimeter. The perimeter security model of "keeping the bad guys out" no longer works in today's dynamic cloud and mobile computing world. Networks and servers will continue to be attacked, despite using best-in-class content inspection, tunneling, and continuous monitoring technologies. The flow paradigm is ideal for security processing because it offers an end-to-end, service-oriented connectivity model that is not bound by traditional routing constraints.
  • Highly granular policy management and enforcement, for diverse, multi-tenant environments. Granular policy management can be based on application, service, organization, and geographical criteria rather than physical configuration. This allows the operator to designate who is authorized to update control information, and by extension exclude unauthorized individuals or groups. It also allows the owner to determine the state of the platform at any time, as well as what changes were made, when, and by whom.
  • Logically centralized control allows for effective performance and threat monitoring across the entire network. In SDN architectures, network intelligence is centralized, so decision-making is facilitated based on a global (or domain) view of the network, as opposed to today's networks, which are built on an autonomous system view where nodes are unaware of the overall state of the network. This gives operators a more efficient way to detect and isolate threats.
  • Programmability which offers far more sophisticated security processing than is available today. SDN networks are inherently controlled by software functionality, which may be provided by vendors or the network operators themselves. Such programmability enables automation and adaption to mitigate risks, as well as for dynamic and flexible adjustment of security policy.

By blending historical and real-time network state and performance data, SDN facilitates intelligent decision making, achieving flexibility, operational simplicity, and improved security across a common infrastructure. And with the proper configuration and integration, you can secure an SDN environment without impact to SDN capabilities. This provides a way to address one of the most common security critiques - that security is bolted on, as opposed to built-in. With SDNs, security can be a core part of the network solution right from the beginning, making the management and implementation of proven security mechanisms easier.

More Stories By Chris Janz

Dr. Christopher Janz serves as Vice President and CTO of Ciena’s Agility business division. Ciena Agility distributes software that enables network operators to deliver and monetize consumption-based services on demand; flexibly, efficiently and at high velocity. As CTO, he is largely responsible for designing Ciena Agility’s forward path in the fast-evolving SDN and NFV technology and market landscape, and for managing Ciena Agility’s contributions to industry organizations and efforts defining and driving those evolutions.

Chris has 20 years of industry experience in roles ranging from primary research, system architecture, and product development team management; to product line management and strategic marketing. He holds a B.Eng. in engineering physics from the Royal Military College of Canada, a Ph.D. in electrical engineering from the University of Alberta and an M.B.A. from Queen's University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
The dream is universal: heuristic driven, global business operations without interruption so that nobody has to wake up at 4am to solve a problem. Building upon Nutanix Acropolis software defined storage, virtualization, and networking platform, Mark will demonstrate business lifecycle automation with freedom of choice and consumption models. Hybrid cloud applications and operations are controllable by the Nutanix Prism control plane with Calm automation, which can weave together the following: database as a service with Era, micro segmentation with Flow, event driven lifecycle operations with Epoch monitoring, and both financial and cloud governance with Beam. Combined together, the Nutanix Enterprise Cloud OS democratizes and accelerates every aspect of your business with simplicity, security, and scalability.
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City. Our Silicon Valley 2019 schedule will showcase 200 keynotes, sessions, general sessions, power panels, and hands on tutorials presented by 150 rockstar speakers in 10 hottest conference tracks of 2019:
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
Andrew Keys is co-founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereum.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.