As you solidify your position with your customers as a trusted security advisor, you may find them asking more forward-thinking questions and looking for more long-term guidance or security training. One of the topics that you’ll encounter more frequently moving forward is that of Software Defined Networking (SDN), which has the potential to revolutionize enterprise networking and data center infrastructure. SDN is so new, however, that there are often more concerns than there are answers. Some of the most pressing concerns around SDN have to do with security—and SDN does come with security challenges. Here are three.
1. Migrating from a hardware-centric to a software-based model
SDN and its close (and more common) cousin, virtualization, turn the traditional IT model on its head by moving the emphasis away from physical devices and onto an often separate software layer that manages, controls, and often secures those devices. Additionally, virtualization brings with it the possibility of large numbers of virtual devices being provisioned and decommissioned at any time and the necessity of securing those virtual devices as long as they’re in action. While the software layer often makes policy deployment and resource provisioning much easier, network and security administrators used to a more traditional approach may have a difficult time with the shift. Make policy development and implementation a key part of SDN security training in order to help administrators get up-to-date on the skills they’ll need.
2. Vulnerabilities of an ultra-programmable network
The key draw of SDN is the programmability it provides for networks and network devices. But there’s problem with this ultra-programmability. In an infrastructure controlled (and often configured and reconfigured on the fly, according to the needs of the moment), the risk can run high of a rogue or badly written policy creating security vulnerabilities that open the network up to intruders. Policy conflicts can also create vulnerabilities. Part of the SDN security training you provide should therefore center around ways of validating policies before implementation and ways of checking for policy conflicts.
3. User and administrator access
Speaking of programmability of the software defined network, SDN also incurs the risk of either rogue or unqualified users making undesirable changes to the network, potentially introducing security holes or vulnerabilities to the environment. SDN security training should always cover access and administrative privileges and the importance of limiting them only to those personnel truly required and qualified to implement policies and make changes to the network. A network that can be adjusted or configured by too many people is one that provides too many chances for mistakes.
VARs who provide security training often find themselves in a good position to help their customers optimize their security environment. The same will hold true in the SDN era, but the specifics of how to secure a software defined environment will certainly change. To prepare for those changes and ensure that you are ready to offer up-to-date security training on the most advanced technologies, consider beefing up your own SDN security knowledge today.