Security implications of software-defined networks

With only a handful of very small software-defined networks actually in production around the world, most SDN conversations are purely academic. But that hasn't impeded the interest and announcements that seem to be on an accelerated pace in recent weeks and months (see sidebar below). Why the flurry of announcements? The reason is because of the enticing potential of SDNs.

By separating the control plane from the data plane, which essentially removes and then centralizes the "brains" from the "muscle" of the network, you can quickly make changes to improve the speed, reliability, efficiency and even security of that network. You control the network's layout and flow, so you can define and distribute loads, optimize and prioritize traffic, and scale services or capacity up or down with just a few clicks, that is in theory. That's the key. Commercially available solutions that enable you to realize the potential of SDNs are simply not there yet. Assuming they are on their way, from vendors, such as IBM (NYSE: IBM), NEC, HP (NYSE: HPQ), Big Switch, Nicira, and still unknown/unannounced players, it's important to think through some of the security implications of this new architecture.

May 14, 2012

Continue