Software-defined networking promises to ease and speed change in the network, especially the data center network. That’s good for company agility and making sure the network can keep up with the pace of change the business can set. But it could be bad for risk management and security if it is not done right. The security operations center therefore needs to get into the SDN act from day one.
We have been down this road before on the path to the virtualized data center. We saw IT set standing security measures aside in the early waves of server virtualization without new security management and monitoring tools to provide a line of sight into the new environment. Servers were being virtualized onto the same hosts despite having been separated on the network by VLANs or subnets or even firewalls. Eventually the virtualization environment matured enough to allow security partitions to be maintained even when external network separation went away, but in the interim many data centers were either breaking their security or hobbling their virtualization effort to maintain it.
So it may be with SDN, if IT is not careful. This will not be on the actual security side -- network engineers and admins will be able to recreate and even improve on protections they have in place now. It will be on the security operations side that IT has to be careful. Because the engineers are changing how they control and structure the network, security and network operations teams will need to make sure that their monitoring tools can see and accurately portray the new lay of the land. If virtual overlay networks are creating new security zones, for example, or tunneling through existing ones, then the security operations center must be able to see and report on activity within and across those zones as needed. This is true both for active operational monitoring and for testing and auditing.
These are early days for SDN, however. There is still time for those exploring SDN deployment to make sure they understand the importance of the security operations center and that their security operations teams are involved in the process of selecting tools and platforms and in planning the implementation. To do otherwise would be courting disaster.
Why today's networks need SOCs
SDN security: Is there cause for concern?
Challenges found where IT and security operations meet
Dig Deeper on Network Security
Related Q&A from John Burke
Organizations may want to consider the effect SD-WAN and edge computing could have when combined. Make sure to consider all options before choosing a... Continue Reading
A half-duplex transmission could be considered a one-way street between sender and receiver. Full-duplex, on the other hand, enables two-way traffic ... Continue Reading
A MAC address and an IP address each identify network devices, but they do the job at different levels. Explore the differences between the two and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.