<- googleoff: index -> <- googleon: index ->
Software-defined networking (SDN) seems to be the holy grail of the IT world. If you basing everything on software, it is possible to increase the flexibility and scalability and to automate various processes. This is – so say the advocates of sdn -. To better respond to the dynamics faced by organizations today have
The programmable infrastructure undeniably important advantages. For example, to support DevOps easier. In organizations with many daily updates – such as Facebook, which implements thirty updates per day – sdn is actually already a requirement. It is impossible to make those numbers updates in a hardware-based environment
Threats
.
Nevertheless, it is also good to look important the risks of sdn. Precisely because this development is at the beginning of its life cycle, there is in the industry very little understanding of the threats. Indeed, sdn as broad movement has from the start not very much concerned about security
In the traditional security sector is securing the infrastructure relatively uncluttered.. You simply connect network ports, and know that you are as protected from threats. In a sdn environment software is leading. Because application access is the key to doing business, you have to put the infrastructure is open. This may pose a security problem, because the environment is also open to unauthorized access
Three pillars
.
The question is whether the basic principles of protection also apply to sdn environments. The answer is yes. Information at the end it is the data. The three pillars of data protection in that respect are: confidentiality, integrity and availability. These three are also relevant in securing a programmable infrastructure. Policy is the first step.
Who are considering putting in a programmable infrastructure must first update its security policy. Then it is important to choose the correct security means for protecting the infrastructure. In a software-defined area are those resources software oriented. This means that increase the attack surface. Software-based systems are indeed configure remotely. So you need to deploy more security around the access to software, for example to avoid adding unauthorized or malicious code
Virtualization
.
How to exactly must, is not yet certain. It is clear that sdn offers interesting possibilities for security. There are already firewall and intrusion detection solutions, entirely in the form of software. It allows you to program tools in an optimal way, set up, install and automate. That’s important when you consider that the virtual machine is the main building block of modern computing environments.
There is currently no real easy way to protect a virtual machine properly. You can secure the entire network or segments of the data center, but granular security for a virtual machine is not so easy. When the security is included in the software is a virtual machine to apply a security policy which makes it instantly protected.
Then you can also move along with the security of the virtual machine, whether in or out of the data center or go to the cloud. There are several security vendors who choose this approach. That’s good news, because securing such a fast moving dynamic environment in the past has proved difficult
On-demand
.
Another advantage of software-based security is the possibility of on-demand and on the basis of a policy to protect highly sensitive data streams dynamically. Think of credit card information or sensitive personal data. You can then apply different encryption capabilities to protect a part of the traffic, while you let flow the other part in cleartext. You would share data even on a separate network link can run. In this way is to check the network traffic and adjust your policy’s effective and efficient increasing. Clearly sdn offers many opportunities, but also must be able to provide adequate security
Mohamed Al Ayachi, line of business manager Network Integration & amp.; Security at Dimension Data
No comments:
Post a Comment