As companies embrace the agility provided by virtualized IT services, such as cloud computing, they are looking to virtualize other parts of their infrastructure, in particular security. Software-defined networking (SDN) technology can help them deploy security quickly and efficiently to fight cybercrime in an evolving hybrid environment.
Enterprises are increasingly turning to hybrid networks to satisfy their demand for more internet access to use Software as a Service (SAS) solutions, such as Office 365.
“Cloud will increasingly be the default option for software deployment. The same is true of custom software, which increasingly is designed for some variation of public or private cloud,” explains Jeffrey Mann, research vice president at Gartner, who believes hybrid will be the most common cloud usage.
This includes hybrid SDN deployments, where both traditional networking and SDN protocols work together in the same environment. Hybrid SDN means that enterprises don’t have to do a complete overhaul and throw out all their legacy systems. They can either use hybrid switches or move specific high priority applications, such as network intrusion monitoring, across to SDN.
SDN: solving the security puzzle
Traditional network security can’t keep up. Enterprises realize they need to change their security and in so doing they want it more centralized control, which is where SDN comes in, alongside a multi-layered security strategy to deal with increasing threats.
SDN speeds up the deployment of new security services designed to secure networks. It can also provide greater security visibility. But, probably its biggest benefit is the granular approach to data it enables by providing end-to-end visibility over traffic flows, providing your network is built using open standards. Intelligence can be collected and malevolent data traffic can be blocked, whilst allowing normal traffic to continue on its journey. In addition, SDN security applications can divert network flows to specific points or firewalls.
As part of a SDN-enabled security platform, an adaptive firewall makes it much easier to manage threats remotely from a central location. It is future-proof with in-built flexibility and can be immediately updated to meet changes in the threat landscape. IT departments can set and execute rules across all sites, meaning time lost between when a threat is found and taken down. This equals less down time.
An adaptive firewall cuts down on an IT department’s manual workload, enabling it to keep on top of increasing cyber threats. In addition, integrated features, including intrusion protection and URL filtering, can be updated remotely as required.
Growing market share
SDN continues to grow in market share. The analyst firm IDC identifies it as an “innovative architectural model capable of enabling automated provisioning, network virtualization, and network programmability for data centers at cloud providers and enterprise networks”, and forecasts that it will be worth $12.5 billion by 2020.
“Not surprisingly, the value of SDN will accrue increasingly to network-virtualization software and to SDN applications, including virtualized network and security services,” explains Rohit Mehra, vice president, network infrastructure at IDC.
Consistent security policy
Part of the value of SDN will be felt in network security. Why? Because with SDN you have security consistent across all points on the network. SDN provides centralized orchestration and enables the creation of an easy-to-use portal to manage your network. This helps enterprises ensure all security policies are in place – providing efficient management and automated deployment fast – in minutes rather than hours or days.
Orange Business Services is offering a virtual, adaptive enterprise firewall, based on Fortinet Security Fabric technology as part of its Easy Go Network portfolio. Easy Go Network is designed to provide fully-virtualized network functions (VNF) using software defined network (SDN) technology via a self-service portal.
The solution provides virtualized security for small branch office sites of multinationals using internet connectivity with full digital self-service ordering, reporting and customer support through an intuitive portal for rapid application deployment. Features include unified application control, intrusion prevention, web content filtering, spyware prevention and malware defense.
Easy Go Network gives customers control over their connectivity needs. They can remotely apply security policies consistently to every end-point in response to real-time threats from one central location using virtualized appliances. When the security risk is very high, data can be automatically filtered for closer inspection and quarantining, if necessary.
Cybercriminals are getting cleverer. At the same time, networks are getting more complicated, so securing them requires an adaptable solution that can protect them from within their borders and beyond. A virtualized solution is very effective and less expensive – as you don’t have to have expensive boxes on site. SDN promises to provide the answer.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.