In 2014, SDN gained a lot of momentum and many organizations are already piloting SDN or planning deployment projects for next year. Good news for network security as SDN holds a lot of promise for improving the role of the network with incident prevention, detection, and response.
So who controls SDN infrastructure decisions and who gets input into these decisions? ESG looked into this question by surveying organizations already deploying SDN. According to ESG research (note: I am an ESG employee):
- 41% of organizations say that the networking team owns SDN infrastructure decisions with no input from any other functional IT groups including infosec.
- 35% of organizations say that the networking team owns SDN infrastructure decisions but sought out some input from other functional IT groups including infosec.
- 17% of organizations say that the networking team owns SDN infrastructure decisions but sought out a lot of input from other functional IT groups including infosec.
- 7% of organizations say that SDN infrastructure decisions are owned by a cross-functional IT team including networking and infosec.
SDN is an innovative networking technology that will greatly impact core switching and routing functions so it’s understandable why networking owns technology decisions. That said, SDN could have an equally important influence on the future of network security. Kind of makes you wonder why 41% of organizations consider SDN a networking monopoly -- this makes no sense to me.
I’m not suggesting any power play or malicious intent on the part of the networking team as it makes sense for the VP of network engineering and his or her peers to quarterback the SDN effort. Still, CISOs need to make sure to elbow their way into SDN research, testing, and planning in order to explore SDN network security opportunities and push their own agendas.
From a supply side perspective, Cisco, Juniper, and to some extent VMware straddle the networking and network security worlds so they can facilitate SDN discussions and planning in both areas. Other network security players including Check Point, Fortinet, HP, IBM, McAfee, and Palo Alto Networks should plan on an offensive approach to SDN in 2015. How? By helping CISOs sort through the SDN morass (i.e. hype, standards, proprietary technologies, etc.) and working with customers’ networking teams on SDN infrastructure project planning and deployment sooner rather than later.