Savings, Security Need Not Be Mutually Exclusive
Software-defined networking offers speed, reliability and cost savings.
The Department of Defense (DOD) Operational Test and Evaluation Fiscal Year 2016 Annual Report indicates that while there has been significant cybersecurity progress over the past few years, network defense as a warfighting function continues to be undervalued.
Despite the department’s concerted and progressive network modernization efforts, many networks are built on outdated legacy architectures that were never designed to address the challenges posed by continually evolving threat vectors. Neither agile nor flexible enough to be able to adjust, they are vulnerable to the security risks posed by increasingly intelligent, nimble and enterprising hackers.
Recognizing these deficiencies, the DOD is creating more efficient and cost-effective modern networks that will enable enhanced cybersecurity through both flexibility and resiliency. Automation and extensibility give cyber warriors the defensive tools to win the cyber war. This is the essence of true software-defined networking (SDN), where capabilities can adapt at the speed of software.
Cost savings and security benefits
To enhance security and reduce expenses, leading DOD network managers are closely exploring SDN solutions and next-generation network infrastructures. An efficient two-tier network infrastructure with resilient and programmable SDN capabilities enables not only centralized management, eliminating the need for skilled technicians in remote locations, but makes possible immediate remote configuration changes in the face of an imminent threat. Huge operations and cost benefits are realized and the security posture is enhanced simultaneously. Further, modern SDNs are more reliable, stable, easily scaled and adapted, and create an ecosystem upon which new operational toolsets can be created and deployed for threat detection and response.
Complete visibility and greater agility
Real-time network operation analytics enabled by SDN are key to enhanced security. By applying big data technologies and leveraging them against the network as an application, operators can manage enormous telemetric data sets and, through SDN, gain an unfettered and consolidated view of their entire infrastructure. This enhanced visibility provides insight into every facet of network operations, including suspicious activity, active threats,and suboptimal performance. It also makes it much easier for managers to quickly and accurately perform security audits, deploy patches, and monitor workload in a way that was not possible in legacy infrastructures.
SDN provides an ideal foundation for more agile, adaptable and resilient network security because new technologies can be seamlessly inserted into the network transparently without compromising security or adversely impacting critical applications. For example, firewalls—once the province of hardware-only tools—can be virtualized, integrated and deployed quickly and easily, wherever, whenever, and at whatever scale is required, as the need arises. This agility eliminates many of the hurdles associated with implementing new technologies, allowing DOD networks to keep pace with a dynamic technology environment.
Open standards and vendor considerations
Most SDN solutions are built on open standards, keeping with the federal government’s “open first” commitment. These open solutions feature standard application program interfaces written to work in any environment, and with any vendor. This allows administrators to integrate an array of tools, and frees the government from “vendor lock.” Removal of closed and proprietary technologies eases administrative efforts to integrate security profiles from the network to the application.
Network and security administrators still need to carefully select the right vendor and partner to work with to ensure the efficacy of their network deployments. Consideration should be given to past performance within the government vertical, preferably with other federal agencies. Solutions that were developed in foreign markets should be avoided due to the potential of counterfeit or compromised components internal to the systems.
SDN offers many things—more speed, better reliability, significant long-term cost savings—but the prospect of a more sound, responsive and flexible security architecture lies at its very core. This is what makes SDN a powerful weapon in the battle against cyberthreats. DOD agencies that deploy it will be a significant step closer to winning that battle.
Tom Jenkins is senior director, Federal Systems and Commercial Mid-Atlantic for Arista.