Manage Learn to apply best practices and optimize your operations.

What is the role of the security operations center in SDN?

As SDN continues to gain traction, it's important that security keeps pace. Expert John Burke explains the role of the security operations center in a software-defined network.

Software-defined networking promises to ease and speed change in the network, especially the data center network. That’s good for company agility and making sure the network can keep up with the pace of change the business can set. But it could be bad for risk management and security if it is not done right. The security operations center therefore needs to get into the SDN act from day one.

We have been down this road before on the path to the virtualized data center. We saw IT set standing security measures aside in the early waves of server virtualization without new security management and monitoring tools to provide a line of sight into the new environment. Servers were being virtualized onto the same hosts despite having been separated on the network by VLANs or subnets or even firewalls. Eventually the virtualization environment matured enough to allow security partitions to be maintained even when external network separation went away, but in the interim many data centers were either breaking their security or hobbling their virtualization effort to maintain it.

So it may be with SDN, if IT is not careful. This will not be on the actual security side -- network engineers and admins will be able to recreate and even improve on protections they have in place now. It will be on the security operations side that IT has to be careful. Because the engineers are changing how they control and structure the network, security and network operations teams will need to make sure that their monitoring tools can see and accurately portray the new lay of the land. If virtual overlay networks are creating new security zones, for example, or tunneling through existing ones, then the security operations center must be able to see and report on activity within and across those zones as needed. This is true both for active operational monitoring and for testing and auditing.

These are early days for SDN, however. There is still time for those exploring SDN deployment to make sure they understand the importance of the security operations center and that their security operations teams are involved in the process of selecting tools and platforms and in planning the implementation. To do otherwise would be courting disaster.

Next Steps

Why today's networks need SOCs

SDN security: Is there cause for concern?

Challenges found where IT and security operations meet

This was last published in December 2015

Dig Deeper on Network Security