Brian Jackson - Fotolia
Traditional network security vulnerabilities are bad enough without adding SDN security issues to the mix. But, as organizations deploy SDN, they risk exposing their networks to new types of threats and attacks, especially if they don't have proper plans in place.
A prevalent concern with SDN security focuses on the SDN controller. The controller contains and provides intelligence for the entire network. Whoever has access to the controller has control of the network. This means organizations need to configure policies and design the network to make sure the right people are in charge.
Here are four useful tips to help organizations avoid detrimental SDN security issues and get the most from their SDN deployments.
Addressing SDN security challenges means securing the controller
Deploying SDN doesn't absolve an organization from having to be concerned about network security. If anything, the newer architecture requires networking teams to carefully consider the challenges and vulnerabilities, according to David Jacobs, principal at The Jacobs Group.
The SDN controller is a vital part of the security discussion, because successful attacks on the controller can totally disrupt network operations, he said. To combat these attacks, organizations can configure role-based authentication to make sure the right people get access to applications and data. Microsegmentation is another useful tool to maintain specific policies among workloads.
Explore Jacobs' thoughts on SDN controllers and security.
SDN security involves three factors
Security in SDN means more than network visibility and microsegmentation, according to John Burke, analyst at Nemertes Research. Organizations looking to stay on top of SDN security issues would be wise to address three main points:
- Protect the confidentiality of data.
- Protect the integrity of the system.
- Ensure the availability of network services.
When deploying SDN, networking teams should also be aware of data protection and compliance requirements, like the General Data Protection Regulation. To do this, organizations should be aware of where information resides in the network and how long it stays there.
Check out Burke's recommendations to help ensure SDN security and compliance.
The good, bad and the ugly of SDN security
The SDN controller acts as the heart of the network and is pivotal to SDN security, according to Tom Nolle, president of CIMI Corp. When configured properly, the controller can block paths or requests that are invalid or insecure. The controller also needs to run on a trusted platform and correctly validate new applications.
One of the best steps an organization can take to mitigate SDN security issues is to properly plan before deployment, Nolle said. The right planning, like using explicit route connectivity, can help organizations get the best results from SDN. Hasty deployment can plunge the organization into an insecure environment that's rampant with network vulnerabilities.
Dive into the rest of Nolle's discussion on the pros and cons of SDN security.
How SDN security has evolved
Most people wouldn't consider microsegmentation an SDN security issue because the capability is so pivotal to SDN. But many IT teams find the process of actually segmenting the network and mapping out system permissions more difficult than expected.
To clear some of the confusion, Nemertes' Burke said networking teams can use network analytics tools that provide useful visibility into network traffic. Organizations can also benefit from evolving security capabilities, like enhanced monitoring, defined security zones and automated configuration.
Read Burke's thoughts on how organizations can capitalize on SDN's security features.