Securing open distributed architectures
Service providers have gravitated toward open distributed architectures over the past few years with the rise of network functions virtualization (NFV), software-defined networking (SDN), virtual machines, containers and other technologies. Although network operators have been eager to embrace open distributed architectures to decrease costs and deliver differentiated services, they have also been wary about new security challenges the technology poses. What is sometimes overlooked, however, are the different ways open distributed architectures can improve network security.
The role of NFV and SDN in network security
Open distributed architectures are made of several components, with NFV and SDN serving as the backbone. NFV is an innovative way to deliver network services, which involves decoupling software from hardware. SDN balances NFV by providing a platform to implement a chain of virtualized network services (VNS). Both NFV and SDN can be used to make security processes and controls easier. For example, features built into the system could help detect security threats within the network, and then apply security patches to fix the code vulnerabilities.
Open distributed architectures can better support security measures, like encryption, than legacy systems because of NFV and SDN as well. Encryption is a way of keeping data private by making the text unintelligible to the naked eye. As a security tool, it provides confidentiality, authentication, data integrity and non-repudiation services. With NFV and SDN, encryption software can be launched on a switch within the network rather on a hardware appliance. This feature would be particularly beneficial in data centers, where reports of data security breaches seemingly make news headlines every month.
Additionally, with an open distributed architecture, the SDN controller provides a global view of the network in real-time. This is helpful in recognizing and responding to network vulnerabilities. Moreover, security service providers can make quick countermeasures at the peak of online business traffic, like Cyber Monday, by provisioning numerous firewalls. These types of security features can be readily updated with NFV and SDN as cyber attacks change.
Challenges
This isn’t to say NFV and SDN pose no security challenges. The addition of a SDN controller immediately increases the risk of security threats by giving hackers a target to seize upon. NFV also adds a great deal of complexity to the network, giving rise to more attack vectors as a result. Both NFV and SDN demand many layers of abstraction too, which can obfuscate the attack surface. For example, application programming interfaces (APIs) can improve network security, but can just as much conceal certain security issues.