This year’s Layer123 SDN & Openflow World Congress in Dusseldorf provided a good measure on the progress made over the last year. Attendance at the event is up, indicating that interests in the technologies are not waning. There was a growing recognition at this year’s event of some of the operational hurdles that are now starting to come into focus. There is widespread acknowledgment that deployments will be hybrid– a mix of physical and virtual networks – partially because service providers have a massive sunk investment in traditional technologies, but also from the frank reality that not everything will be virtual.
There is also a greater realization that the benefits of SDN and NFV are not cost savings, but service agility. SDN and NFV are also now widely perceived to be enabling technologies, and not unrelated to each other. In fact, NFV is becoming the business case for SDN.
It also feels that we’re past the peak in the hype cycle as there is recognition that dramatic cost savings resulting from the move to COTS hardware may not be easily realized. In fact, in some cases, initial costs will be higher as a result of higher operations learning curves and complexity. It is only when there is pervasive wide scale deployment that many of the cost-savings benefits will be realized. Ironically that requires that thee operational complexities be overcome.
An area that is lagging somewhat behind is cybersecurity. While data plane security services, such as virtual firewall as part of a vCPE service chain, is a common use case, securing the network resources themselves is still largely neglected. SDN, and its various points of centralized control, makes the keys to the network kingdom extremely valuable. Complexity introduced by NFV, including: multi-tenancy, relationships between tenants and landlords when hosting virtual network functions, an expanded attack surface, and the need for administrative isolation between various domains highlights that we are only reaching the cybersecurity starting point. These are some of the points we highlighted during our panel debate.
ETSI security working groups have started to study these areas but there remained a general lack of awareness to the potential threats. With privileged users behind virtually every recent high profile cyberattack, developing the right identity access management strategies for insiders, partners, management and orchestration systems, and SDN controllers is necessary.
This is why we introduced NI-DEFENDER, our Secure Network Auditing Platform. It combines privileged identity access management, continuous configuration scanning, and advanced analytics to prevent, pinpoint, and neutralize network cybersecurity threats. At the event we also showcased NI-VIEWER, the solution’s analytics and visualization capabilities.
Contact us for further information.