Software-defined networking (SDN) and software-defined storage (SDS) are both enabling technologies for big data. Using SDN and SDS big data architects can design infrastructures that integrate enterprise and cloud resources. SDS alone can extend big data storage capacity and accommodate any data type, but as with all data sources, SDS security has to be a major consideration.
Software defined storage (SDS) is a means of programming storage-related tasks. The physical storage is decoupled from the storage control software so data can be stored and accessed from anywhere using policy-based management.
There is increasing interest in SDS solutions. According to a recent survey by 451 Research, 96 percent of IT respondents are “somewhat or very likely” to adopt some form of SDS. Seventy-seven percent of those surveyed said that at least half of their servers are already virtualized. Of course, virtualization is a real asset when managing big data resources, so using SDS as part of a virtualized storage strategy works well for big data, since resources abstracted using virtualization can be configured as a single infrastructure, regardless of the underlying hardware, storage platform, or physical location.
In the context of big data, SDS is valuable to manage access to massive quantities of data, both inside and outside the enterprise. One of the advantages of applying SDS to big data is that it can handle both structured database data and unstructured data sources, such as social media and wireless devices, and it treats RAID arrays and cloud data storage equally. However, you still need to address concerns about SDS security.
SDS Security Inherent in Virtualization
If you are using virtualization as part of your big data strategy, you are ahead of the game. In some ways, SDS security is built into virtualization. When you create a software-defined data center, network virtualization includes isolation, segmentation, and service insertion and chaining.
Isolation is part of virtualization. Virtual resources, including storage, are isolated from the physical network. Traffic between hypervisors is encapsulated, and physical network devices operate in a different address space so they are less susceptible to attack. Any attack on a virtual workload is going to be isolated from the physical infrastructure.
Network segmentation is also inherent in virtualization. A virtual network can support a multitier network environment, with physical firewalls and access control lists providing segmentation between tiers. What’s more, communication never leaves the virtual environment, which removes the need for segmentation using a physical firewall.
Virtualization also distributes network services into the vSwitch to form a logical pipeline for network traffic. You can use this logical pipeline to insert third-party services, and to build policies to secure those third-party services in the pipeline. This means you can coordinate security for completely unrelated network services from multiple vendors, including storage.
Adoption of SDN, SDS, and virtualization all point toward the adoption of the software-defined data center (SDDC). The SDDC is basically a data center where the entire infrastructure is virtualized, delivering everything as a service controlled by software. Abstracting data center resources is a logical way to incorporate cloud resources, including SDS and SDS security, as though they were native to the enterprise.
By developing a software-defined data center, you can take advantage of software-defined security. Software-defined security abstracts the security resources so you are no longer relying on physical systems such as firewalls. The beauty of software-defined security is you can establish security parameters, including SDS security, without having to modify the physical hardware. Network administrators can extend security policies across a cluster or data center as required.
Software-defined security takes advantage of automated processes to alert organizations about potential security breaches, eliminating much of the need for manual detection and administration. Once policies have been defined, new storage systems and devices are automatically covered under the same security policies.
Software-defined security also supports big data scalability. Since security is no longer specific to the hardware, it can be scaled to support each hypervisor that defines the virtual network. Geography is no longer an issue and the same policies can be applied within the enterprise, or to secure cloud resources.
Therefore, when you create a software-defined infrastructure for your big data resources, you get SDS security as a natural byproduct. There are some network die-hards who will argue that true security requires you to secure the physical hardware that holds the network together, but those working with software-defined networks say that software-defined security is easier to manage and much more resilient.