A recent report from Technology Business Research (TBR) found that the software-defined networking (SDN) and Software-Defined Data Center market is maturing thanks to expanded vendor offerings and the adoption of open standards. TBR estimates that the SDN market will see a compound annual growth rate of 86% through 2019, and will account for an ever-larger share of the overall enterprise network infrastructure market.
SDN growth will occur despite a number of implementation challenges. Many organizations are not ready to transition to SDN technology, in which the network data plane is separated from the control plane, and the flow of data is managed dynamically through centralized software. Manual, device-specific administration is replaced by automation, which is enabled by policies that are programmed into the SDN controller.
SDN Security Concerns
However, security concerns could present an obstacle to more widespread adoption of SDN. If network devices and applications aren’t properly configured, hackers could gain access to the SDN controller and override policies or execute a denial of service attack. And new forms of attack are likely to evolve as SDN sees more widespread adoption.
Traditional security solutions are inflexible and tend to focus on the network perimeter. They are also hardware-specific, lacking the automation and orchestration needed for a software-centric platform. In order to protect the SDN environment from attack, organizations need fine-grained IT security and policy enforcement distributed throughout the network, a concept known as micro-segmentation.
Because most networks are flat and open, any breach of the perimeter will give an intruder access to virtually all resources and data.
Network Security via Segmentation
Network segmentation helps to minimize an intruder’s movements across the network, and controls user access to certain applications and data. Micro-segmentation subdivides the network into smaller zones, and enables IT to provision security closer to applications and individual systems. In the event of a security breach, micro-segmentation can automatically quarantine compromised assets, preventing the attacker from accessing other systems while IT works to close the vulnerability.
Micro-segmentation also gives IT more fine-grained control over security, with policies based upon application and workload requirements rather than rigid network addressing schemes. Automated management and deeper visibility improve operations and enable faster breach detection.
Cisco Has an Answer
Cisco recently announced that it has enhanced its Application Centric Infrastructure (ACI) with micro-segmentation for both physical and virtualized applications. The enhancements also extend ACI across multisite environments so that policy-driven automation can be delivered to multiple data centers for application mobility and disaster recovery. ACI is Cisco’s comprehensive SDN portfolio built on open APIs, open standards and a broad ecosystem of partner solutions.
Cisco’s micro-segmentation solution allows granular and dynamic enforcement of endpoint security policies and quarantine of compromised or rogue endpoints. The solution also enables organizations to isolate workloads within the same policy group. For example, communication between all endpoints within the same web tier can be disabled through policy-based automation, which prevents security threats from moving laterally within the data center.
Organizations that are looking to adopt SDN must take a fresh look at their security strategies in order to prevent a new breed of security threats. Technologent’s experts can help you explore micro-segmentation and other techniques that address the security challenges of SDN.
Questions about your own SDN security?
January 11, 2016