Earlier this year, ESG published a research report titled, Network Security Trends In the Era of Cloud and Mobile Computing (note: I am an ESG employee). As part of this report, ESG surveyed 321 security professionals working at enterprise organizations (i.e. more than 1,000 employees) about their networking and network security strategies.
It turns out that SDN is front-and-center. When asked if their organizations were deploying or planning to deploy SDN technology, 22% said that SDN was already deployed to some extent, 39% were currently testing SDN technology, 23% were planning to deploy SDN within the next 24 months, and 12% had no plans but were interested in deploying SDN in the future.
So SDN is coming quickly, yet there’s no getting around the fact that it is nascent technology. Given this, how will organization’s roll out SDN, and where does network security fit in the plan?
It turns out that the networking team will act as the primary custodian and sole proprietor of SDN technology when it is first deployed. ESG research reveals that:
- 16% of organizations will give the networking team a year or more to get acquainted with functionality and operations of SDN before entertaining any SDN security use cases.
- 41% of organizations will give the networking team 6 to 9 months to get acquainted with functionality and operations of SDN before entertaining any SDN security use cases.
- 28% of organizations will give the networking team 3 to 6 months to get acquainted with functionality and operations of SDN before entertaining any SDN security use cases.
So SDN will be phased into the enterprise, starting with data communication and then proceeding to network security. That makes sense and provides an intuitive roadmap for CISOs. Given this, smart CISOs should:
- Plan SDN projects 3 to 6 months behind the networking team. The minute the VP of network engineering schedules a date for an SDN proof-of-concept (POC), CISOs should push network security architects to start their research, select the most attractive SDN security use cases, and create a formal project plan. The objective here is to be ready to take advantage of SDN for security benefits as soon as the networking team allows.
- Think outside the box. SDN could introduce major changes to network security. For example, SDN could bring highly virtual and dynamic network security controls a la VMware NSX or vArmour, and introduce a network security role for intelligent security-oriented NICs from Emulex, Intel, and Solarflare. Yes, organizations must walk before they run, but SDN creates a plethora of new network security architecture options. Smart CISOs should open their perspectives and explore any new technologies that can improve security efficacy, enhance security operations efficiency, and help them enable secure business processes.
- Network security professionals must push vendors for product roadmaps and project support. SDN remains a nebulous topic, especially in the security domain. Some security vendors are offering vague vision statements and marketing hype, but that’s not nearly enough information for real project planning. Rather than sort through the rhetoric, smart CISOs will push vendors to expose their SDN product plans and strategies. Security executives should be open-minded and cast a wide net during this timeframe. Remember that SDN has the potential to truly impact lots of areas of network security, so CISOs should approach vendors with an SDN security Tabula Rasa.
Cisco and Juniper are well prepared for SDN security as it will closely follow their strategies for SDN networking hardware and software. Other network security vendors must recognize this and ensure they are prepared with the right products, services, and partnerships. Many customers will need lots of hand-holding, training, and support. Network security vendors that provide quality SDN security help upfront will see revenue benefits soon afterward.