In a traditional network environment, internal data was protected by firewalls and security breaches were easy to identify. However, in a hybrid or cloud environment, potential threats and rising issues become much less visible. Yarob Sakhnini, Regional Director MEMA at Brocade shares his opinion on the various advantages of deploying SDN and creating a centralized controller for the networks.
SDN and Security Challenges
One of the major advantages of deploying SDN is that the management of all systems within the network has a centralised controller. This single plane of control acts as a decision point for the whole network as access can be granted to all equipment in the network, easing and speeding up the management process.
However, by centralising the control, you also create a significant target for any malicious activity. For telecoms operators, making sure that this central controller plane isn’t comprised therefore needs to be a top priority. Without sufficient protection, the controllers could be compromised which would pose a significant threat to the network and the data being interacted with it.
Secondly, SDN poses challenge in terms of the roots of trust (RoT) that are used to validate control signals within the network. In a traditional infrastructure, it is possible to manage this verification process by locking software to specific pieces of hardware. With SDN this simply doesn’t work and it therefore raises a question of how to manage the roots of trust. The processes for this are still in development and it is likely to require collaboration from across the industry in order to agree on an appropriate mechanism.
Safeguarding customer data and applications with the Advent of Cloud
In a traditional network environment, internal data was protected by firewalls and security breaches were, relatively speaking, easy to identify. However, in a hybrid or cloud environment, potential threats and rising issues become much less visible.
The onus falls very much on the service providers to make sure they have rigorous processes and robust technologies in place to safeguard their customers’ data and application. Telecoms companies should therefore be building security measures into every layer of the network. Analytics is particularly important here. Operators should be automatically identifying any traffic abnormalities. Deviation from normal activity, such as peak-flows and behavioural changes, can often be a good indicator that there is an attack on the application layer or a break into the network.
Again, cross-industry collaboration will be very important here. Telecoms companies should be sharing data about threats they have encountered and new approaches to dealing with them. This pooling of knowledge will help the industry to adapt to emerging threats much faster, which is essential to protecting customers.
Industry Collaboration – Putting a Security Framework in place
Ultimately, the move towards SDN will result in significant security advantages for telecoms firms and their customers. SDN makes it possible to create very granular virtual networks and very secure multi-tenant environments. This is highly desirable from a security standpoint since it means that any malicious entity entering the network will only be able to access very limited internal resources.
However, there is no doubt that progress needs to be made in order for this to become a reality. Industry collaboration is absolutely essential in order to create workable roots of trust that are standardised and reliable. I would like to see the industry working together across all levels to make sure that a robust, consistent security framework is put in place.
