Welcome!

SDN Journal Authors: TJ Randall, Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski

Related Topics: SDN Journal, @CloudExpo, Cloud Security

SDN Journal: Article

Question Answered. SDN Is Secure | @CloudExpo @Ciena #SDN #IoT #M2M #API

SDN provides a centralized intelligence and control model that is well-suited to provide flexibility to network security

The Question Has Been Answered. SDN Is Secure

Software-Defined Networking (SDN) is one of the most interesting developments in networking to emerge in the last decade. The potential to establish a simplified infrastructure and leverage software to dynamically modify existing flow characteristics has the potential to address many concerns around hardware costs, faster service provisioning, and greater configuration control across diverse networks. However, concern for or lack of information about security is a key inhibitor to SDN adoption in today's rapidly-evolving data centers and connected wide area network environments.

With good reason: there is news of another global data breach almost daily. More than 1,500 data breaches led to 1billion data records compromised in 2014 alone, a 49% increase in data breaches and a 78% increase in data records stolen or lost compared to 2013. While it's easy to focus on all of the security vulnerabilities (actual and perceived) in an open system, there a number of security benefits that SDN can in fact help realize.

It's true that currently available security solutions are difficult to deploy, manage, program, scale, and secure. Policies are tightly coupled to physical resources as opposed to services and applications. Security solutions struggle to provide quick and automated threat mitigation across equipment from multiple vendors. Consistent security policies are difficult to administer across compute, storage, and network domains, and multiple data centers.

What SDN provides is a centralized intelligence and control model that is well-suited to provide much-needed flexibility to network security deployments with a number of complementary attributes that are useful for implementing a highly secure and manageable environment, including:

  • A flow-based paradigm that untethers policies from the physical perimeter. The perimeter security model of "keeping the bad guys out" no longer works in today's dynamic cloud and mobile computing world. Networks and servers will continue to be attacked, despite using best-in-class content inspection, tunneling, and continuous monitoring technologies. The flow paradigm is ideal for security processing because it offers an end-to-end, service-oriented connectivity model that is not bound by traditional routing constraints.
  • Highly granular policy management and enforcement, for diverse, multi-tenant environments. Granular policy management can be based on application, service, organization, and geographical criteria rather than physical configuration. This allows the operator to designate who is authorized to update control information, and by extension exclude unauthorized individuals or groups. It also allows the owner to determine the state of the platform at any time, as well as what changes were made, when, and by whom.
  • Logically centralized control allows for effective performance and threat monitoring across the entire network. In SDN architectures, network intelligence is centralized, so decision-making is facilitated based on a global (or domain) view of the network, as opposed to today's networks, which are built on an autonomous system view where nodes are unaware of the overall state of the network. This gives operators a more efficient way to detect and isolate threats.
  • Programmability which offers far more sophisticated security processing than is available today. SDN networks are inherently controlled by software functionality, which may be provided by vendors or the network operators themselves. Such programmability enables automation and adaption to mitigate risks, as well as for dynamic and flexible adjustment of security policy.

By blending historical and real-time network state and performance data, SDN facilitates intelligent decision making, achieving flexibility, operational simplicity, and improved security across a common infrastructure. And with the proper configuration and integration, you can secure an SDN environment without impact to SDN capabilities. This provides a way to address one of the most common security critiques - that security is bolted on, as opposed to built-in. With SDNs, security can be a core part of the network solution right from the beginning, making the management and implementation of proven security mechanisms easier.

More Stories By Chris Janz

Dr. Christopher Janz serves as Vice President and CTO of Ciena’s Agility business division. Ciena Agility distributes software that enables network operators to deliver and monetize consumption-based services on demand; flexibly, efficiently and at high velocity. As CTO, he is largely responsible for designing Ciena Agility’s forward path in the fast-evolving SDN and NFV technology and market landscape, and for managing Ciena Agility’s contributions to industry organizations and efforts defining and driving those evolutions.

Chris has 20 years of industry experience in roles ranging from primary research, system architecture, and product development team management; to product line management and strategic marketing. He holds a B.Eng. in engineering physics from the Royal Military College of Canada, a Ph.D. in electrical engineering from the University of Alberta and an M.B.A. from Queen's University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
DevOps is a world surrounded by information, starting from a single commit and ending in roll out to production. In this talk, I'll introduce you to the world of Taboola DevOps data collection, to better understand what goes on under the hood. The system we've developed in-house helps us collect and analyse the entire DevOps process from the very first commit all the way to production. It provides us a full clear view with a drill-down toolset that helps keep us away from the dark side. Our KPI's moved from being abstracted ideas to data driven goals, which we can measure and act upon. We're living in a data driven world when all business components are based on our clients action and reaction, why not doing the same thing within our DevOps eco-system?
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing more than 27 million enterprise cloud subscriptions valued at more than $1 billion in revenue.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, will discuss how to use Kubernetes to setup a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. His expertise is in automating deployment, management, and problem resolution in these environments, allowing his teams to run large transactional applications with high availability and the speed the consumer demands.
Containerized software is riding a wave of growth, according to latest RightScale survey. At Sematext we see this growth trend via our Docker monitoring adoption and via Sematext Docker Agent popularity on Docker Hub, where it crossed 1M+ pulls line. This rapid rise of containers now makes Docker the top DevOps tool among those included in RightScale survey. Overall Docker adoption surged to 35 percent, while Kubernetes adoption doubled, going from 7% in 2016 to 14% percent.
In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, as they represent yet another frontier for cyber-attacks. Complete visibility has never been more important-or more difficult. Powered by AI, Darktrace's Enterprise Immune System technology is the only solution to offer real-time visibility and insight into all parts of a network, regardless of its configuration. By learning a ‘pattern of life' for all networks, devices, and users, Darktrace can detect threats as they arise and autonomously respond in real time - all without impacting server performance.