The Software Defined Data Center Needs Software Defined Security

As Bogdan Botezatu wrote in his post Here Come Software-Defined Data Centers - What are the Security Implications? — the software defined data center is here to stay and is expected to grow from $25.61 billion in 2016 to $83.21 billion by 2021, at nearly a growth rate of about 30% annually.

As Bogdan covered, there are significant benefits as well as security implications in the move to the software defined data center. One of the most important is to think of security even more as being software-defined. I know that this is a buzzword that has been tossed around somewhat. But the digital enterprise is continuously changing today and at a speed that requires as many security functions as possible to be enforced automatically through scripts, APIs and automated software responses.

The rise of virtualized systems has already changed the nature of security in the data center. Because the increase in traffic within data centers has increased exponentially, more confidential and other important data travels within the data center and is never examined by perimeter security technologies. This explains the need for more security capabilities delivered as virtual appliances within the data center — not at its edges.

When it comes to security, it’s certainly not all bad: the software-defined data center also offers many security benefits. Many enterprises have already virtualized their environments and they are utilizing Network Functions Virtualization services as they strive to improve their own IT resiliency, provide new services to the business, and improve overall uptime and operations.

The move to the so-called software defined data center, including Software Defined Networking (SDN) and NFV will (and already are) dramatically changing everything with how networks are deployed, managed, and secured. Some of the security concerns are obvious and not different than the type of vulnerabilities in enterprises today in both virtualized and traditional architectures. These include hypervisor vulnerabilities; controllers that are vulnerable to denial-of-service attacks and juicy targets such as the SDN controller which, if compromised, promises to be the modern version of a Disney E Ticket that gives attackers the full access to everything the network offers. Not good.

An important ambition of SDN is to get IT teams an infrastructure that is programmable. And as the network becomes programmable, it becomes (or should become) more straightforward to automate and orchestrate. An example of how this is done is through NFV, which I covered in What is NFV? And what does it mean to security? in some detail. In short, NFV is a way to build and deliver network services without having to worry about underlying hardware, and it’s another step toward software defined security.

The research firm IHS Market predicts the NFV market will grow 42% annually and reach $15.5 billion by 2020.

As Bogdan wrote, with software-defined security the main goal should be to make sure the appropriate security controls automatically remain in place, regardless of whether an application resides in the cloud or in an on-premises data center. This makes software defined security more efficient because it is centralized and highly automated and can more rapidly adjust to changing network and infrastructure conditions.

There are plenty of security professionals who are wary of automating too much of their security efforts — and for good reason — when bad processes and controls are automated they just occur more quickly. However, this is the way the world is moving and security must follow the technological lead.