If current trends continue, 2015 will be a good year for software defined networking (SDN). SDN looks set to expand its footprint in the telco and cloud service provider markets and, more critically for VARs, to begin penetrating to the enterprise in earnest. Be prepared to field questions from your customers about the technologies and their implications—especially when it comes to software defined networking security. After a year of major data breaches, organizations will want reassurance that the new networking paradigm won’t weaken their security postures.
They’ll need all the more reassurance because SDN is radically different than old data center architectures. When discussing SDN, many define it as the separation of the “control plane” and the “data plane.” In SDN, the underlying physical hardware exists simply to pass packets. That’s the data plane. Intelligence is abstracted into a centralized software controller and integrated network applications; these software pieces live apart from the network hardware, analyzing traffic, sending instructions to devices, and so forth. This is the control plane. And although the control plane is SDN’s greatest strength, it can also be its biggest weakness.
1. Access privilege hazards
The control plane, as the name implies, exerts a great deal of control over the entire software defined network. Thanks to SDN’s emphasis on policy and automation, an administrator can use the controller to effect significant, network-wide changes in mere minutes. This is a great boon when those changes need to be made and are made by a qualified, trustworthy administrator. It can also be a great hazard if unqualified or unauthorized personnel have access to the control plane and the ability to make changes.
To avoid software defined networking security catastrophes, organizations must ensure that access to the SDN controller is limited to as few administrators as possible and that those administrators are demonstrably qualified and trustworthy. Additionally, robust logging tools and auditing procedures should be in place to maintain visibility of all administrator activities in the controller.
2. Policy and automation risks
It doesn’t take a rogue administrator to create a dangerous software defined networking security issue, however. If unchecked, a poorly designed policy (or a malicious one slipped in by an outside source) can quickly introduce vulnerabilities or cause network problems without any admin intervention at all. That’s the dark side to SDN’s policy-based, automated approach.
Avoiding this risk will require “a system of checks and balances,” as software defined networking resource SDNCentral points out. The robust policy framework that SDNCentral advocates will help prevent bad policies from poking holes in an organization’s software defined network security. Organizations will also need to regularly verify the versions and integrity of controller and network software to ensure that everything is up to date and working correctly.
There’s no doubt, software defined networking security will present new challenges to VARs and their customers. Those challenges can seem daunting at first glance. But the potential benefits of software defined networking are so significant that those who persevere through the challenges stand to reap impressive rewards. The SDN market is growing rapidly, with analyst firm IDC predicting it will surpass $8 billion by 2018. Get on top of the concepts now to claim your share of the revenues later.
What software defined networking security challenges make you nervous? Tell us in the comments.