Build in security from the get-go
“SDN is an approach to networking that separates the control plane from the forwarding plane to support virtualization [and forms] a new paradigm for network virtualization,” writes Hogg. “Most SDN architecture models have three layers: a lower layer of SDN-capable network devices, a middle layer of SDN controller(s), and a higher layer that includes the applications and services that request or configure the SDN.”
“Even though many SDN systems are relatively new and SDN is still in the realm of the early adopters,” cautions Hogg, “we can be sure that as the technology matures and is more widely deployed, it will become a target for attackers.”
Firms should bake security into their plans from the beginning. “The transition from conventional to software-defined networking is a significant one, so IT must rethink how the network will operate once the control plane is separated from the data plane and centralized in a controller,” writes Greg Ferro, network architect and blogger, on Dark Reading. “Security pros must demand a voice in the SDN adoption process.”
Programmability > paradigm shift
“Few companies are making the move to SDN in one fell swoop,” writes Ferro. But he adds that they will move “to improve service delivery, gain deeper visibility into applications using the network, and achieve higher levels of automation. Enterprise SDN deployments today tend to be tied to private cloud infrastructures and based on OpenStack or VMware vCloud, where SDN is used as the networking component. Programmability is SDN’s forte and key to a successful private cloud.”
“SDN and NFV brought a paradigm shift to the ICT industry,” says Jess Li, principal architect, CTO group, marketing and solutions, strategy & platforms, ZTE. “More network resources will be COTS servers rather than purposely built hardware, and more network functions will be deployed in data center environments instead of telcos.”
The layered architecture benefits of SDN, forwarding, control, and applications rely on centralized control and network programmability, she says. “But they also raise security concerns - any security vulnerabilities related to SDN and NFV open architecture and its software-centric implementation will be exploited just as much as a legacy network, if not more.”
“SDN has many benefits but also poses new threats, particularly with the emergence of open-source and virtualized environments,” says Shahid Ahmed, managing director, Accenture. “It’s critical to consider threats, risk exposure, operational impact, performance, scale, and compliance in the SDN-based data centers of the future.”
Open-source software is a double-edged sword, says Ahmed. “Open source is a threat and opportunity - the threat is that open-source opens up network in ways that legacy proprietary physical hardware do not. [But] at the same time, an open-source platform reduces both opex and capex costs and enables Internet economics - for example, the cost of launching new service is [typically] negligible.”