Security Services Abstraction via Software Defined Paradigm
bywalkerj02-08-201608:31 AM - edited 02-08-201610:29 AM
The recent explosion of connected devices, big data and cloud computing has led to revolutionary changes in our use of technology. While these innovative technologies have unleashed unparalleled possibilities for government agencies, they have also seriously threatened network security. Every new piece of technology added to the network – from sensors, to laptops, to cloud datacenters, to mobile phones – is a new endpoint that has the potential to be compromised.
Traditionally, security experts have addressed this problem by bolting-on point products such as firewalls, intrusion detection suits and encryption devices to address specific security concerns at the edge of the network. These solutions are often configured and managed individually and unable to coordinate with each other as part of a unified security strategy, leaving major vulnerabilities in regards to an enterprise-wide security framework.
Furthermore, security solutions have traditionally challenged the network so much that a 2015 survey of federal IT managers found that as many as 39 percent of survey respondents cited network performance as a top reason to not encrypt data. Government agencies should not have to sacrifice performance for security.
Modernized networks offer a better approach to network security.
From Desktop to Data Center – A Unified Secure Network
Imagine an IT environment where security solutions are built into the network, where security doesn’t compromise performance and network flow can be automatically optimized for speed and security based on the type of data flowing through the network.
Thanks to advances in software defined networking (SDN), this type of network security is within reach of federal agencies. For example, the Brocade SDN Controller, designed with a multi-faceted, multi-vendor, complex network in mind, is built to tie multiple security products together as part of an end-to-end security service that is managed from a single source – the SDN controller. This allows administrators to create security policies that encompass many security products that can be executed automatically via the SDN controller. These security policies can be fine-tuned depending on the type of data, where it is coming from, and where it is going.
Through SDN, administrators can use the network to identify highly sensitive data and prescribe a set of granular and strict security preferences as this data propagates through the enterprise, with ability to adjust as needed. By contrast, administrators can also use the network to spot low-sensitive data, perhaps data that is designed for public release, and apply less stringent security polices to optimize its network path for speed and access.
With an abstracted security service, managed through SDN, network administrators can see exactly where security gaps lie and what types of security tools are in use. Upgrades become much easier with this insight and in some cases – such as with software security solutions like firewalls – can be managed remotely via the SDN controller itself.
Software Defined Networking is a revolution for networks, allowing for faster, more efficient data travel as well as better management abilities. As agencies begin to take advantage of new and emerging technologies and the network’s reach expands, SDN will play an even more crucial role in securing the network based on centralized security policies that adapt based on application type, availability and information criticality. The tools are in place, it is now time to act to explore the possibilities.