Software Defined Networking (SDN) is a breakthrough which is seemingly in everyone’s technology roadmap, but not ‘sexy’ enough to command column inches in recent months. At Telco Cloud, Juniper Cloud Automation Architect Scott Alexander argued the use case for security.
Companies who are striving towards 100% secure are likely to be disappointed as most within the industry now accept this is not achievable. Irrelevant of how many advances are made to secure the data centre, there will always be a collection of individuals who dedicate time to find new weaknesses. The new objective for the majority is to remain as secure as possible, consistently, reacting as quickly as possible to new threats which may emerge.
One of the main challenges for the data centre is the traditional defence. A number of data centres have one large firewall around the perimeter, which can be effective at keeping out threats, but on the occasion one breaches defences, traditional data centres are very linear, allowing the threat to roam freely. Larger segments of the data centre will be ring fenced, however the same principle applies here; once you crack that defence you are once again free to roam.
Alexander highlighted once you write various SDN policies, you can define which applications can ‘talk’ to each other. Until this is defined through an effective SDN policy, an application can talk to any other application, create the free roaming problem. Once a threat is in the data centre damage control becomes very difficult.
If every application is a room with several doors, Alexander said though implementing SDN you can keep relevant doors open and close doors to areas a given applications has no need to have access to. Spinning up various applications allows you to retain internal perimeters and create a policy of damage control.
Virtualizing a company’s assets can be a painful process, as it has to be done application by application. This however can be an advantage as Alexander highlighted to understand what doors are open and closed, you have to analyse the applications individually; there isn’t currently a method to do a blanket risk assessment of your applications. As you are migrating the applications individually any case during the virtualization efforts, it shouldn’t be too much of a task to understand what doors are open.
For the most part, the concept of 100% secure has seemingly been irradiated from the industry; most have accepted it is almost impossible. However, segmented security can aid a team in driving towards the objective of remaining secure as possible, consistently.