SDN is a hot topic in the industry. The ability to centrally manage traffic flows through a choice of paths within the network is a huge benefit. And made even easier through the addition of orchestration tools which tie all SDN component workflows together. Add into this the additional programmability available via open APIs (which allows a controller to automatically adjust the behaviour and performance of the network based on the active applications), and we begin to see the benefits of automation which SDN networks allow. To be clear, SDN promises automatic redirection of an application through an alternative path to avoid any areas of network congestion. And this maximises performance.
The programmability of SDN also allows for easy security automation including the automation of configuration and policy management. Paving the way for dynamic, secure and responsive networks. This technology is already in place. But security devices themselves need to begin playing catch up to ensure the overall success and uptake of SDN.
The need to deploy and maintain a growing volume of more demanding applications with ever-increasing requirements means more demands are being placed on firewalls and security devices which need to be capable of responding. Previously, specific physical security devices were responsible for creating and maintaining static security zones. But with dynamically moving network traffic and applications, security devices must be capable of maintaining shifting security zones and application-specific traffic flows.
It is unrealistic and, indeed, dangerous to expect manual updates of rules and policies in the face of rapid real-world changes. The answer, then, lies in the orchestration and security automation. Just as SDN allows automatic responses to changing network demands, security automation would enable firewalls to concurrently manage the ever-changing security demands. Updating devices to follow the active flow of data and ensure applications are kept up and running and, more importantly, secure.
For this to work, broader context information and data will be required to define security policies. The traditional source or destination-based IP addresses will need to be reinforced with application-specific context. Plus user information, devices and network characteristics, in order to provide the necessary automation triggers.
Another important thing to remember is that, where security is concerned, control and correct governance are vital. Whatever level of automation is in place. Meaning regulatory compliance must be at the forefront of any new developments.
The security automation for SDN networks is not yet a fully-fledged technology. But the requirement for this dynamic programmability is something to bear in mind in any new security solution being implemented.
It is not just an additional layer of security that is required. But an integration of security into all IT, development and business operations. IT teams should not just be looking to build performance, capacity and speed. They should also be looking to build security into every aspect of the network. IT and security specialists may well find themselves becoming experts across the board as these areas become more closely entwined.
Without an integrated security automation platform, the full benefits, responsiveness and agility of a software-defined network, simply cannot be realised.