SDN Impact on Information Security

Software Defined Networking or SDN brings a paradigm shift and new promises about how networks are designed and operated. The biggest change is separating the control plane from the data forwarding plane, which, in the current network paradigm are tied together on the same box. This will allow not only ease of management from a centralized location but will also make plumbing of new protocols easy.

While SDN is focussed on networking, it also brings added advantages for information security, some of which are listed below.

  • For SDN networks, security can be baked into network forwarding plane, whereas it is an add-on feature in traditional networking.
  • Security Policy managed by a centralized controller
  • Network Function Virtualization (NFV) provides a huge advantage
    • Enables virtualization of security functions (e.g. Firewalls, IPS, Anti-Malware, etc)
  • SFC or Service Function Chaining
    • Enables security functions (Firewall, IPS, Web filtering, Anti-Malware etc) to be placed in-line of data path
    • Easy to plug in new functions or plug out functions not needed
  • Granular Controls (Applying policies on each virtual interface instead of network segments)
  • Simple quarantine of individual workloads in case of security incidents
  • Security Policy follows workloads when migrating in Cloud environments
  • Speed, Agility, and Cost Benefits
  • Achieving and demonstrating compliance is relatively easy
  • Enables inspecting all network traffic compared to traditional network security technologies where high volume inside traffic inspection is difficult

SDN and Information Security

About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in InfoSec and tagged . Bookmark the permalink.

Comments are closed.