The first big SDN data breach is just a matter of time

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computerweekly.com/news/2240232337/The-first-big-SDN-data-breach-is-just-a-matter-of-time

Over 40% of enterprises have plans to deploy software-defined networking
(SDN) by 2019, and where enterprises go, cyber criminals are bound to
follow, raising the possibility of major SDN security breaches in the
future.

Research released by SDN cheerleader Brocade to mark the opening day of IP
Expo Europe 2014 at London’s ExCeL centre suggested that as enterprise
budgets remain flat but demands on the corporate network increase, more
network managers and CIOs are looking to evaluate SDN and network functions
virtualisation (NFV).

Brocade’s headline statistics claimed that 40% of enterprises will deploy
software-defined networks in the next five years and 30% in the next three
years, while 34% of organisations are looking to adopt NFV by 2019 and 27%
by 2018.

According to Brocade's European CTO, Curt Beckmann, early SDN adopters
outside of the world of telcos and cloud service providers will be lines of
business and verticals that do not handle large amounts of sensitive or
confidential data.

“I think almost everyone will be evaluating SDN, but the first to jump I
would expect to be a vertical with a lot of content that is not
hyper-sensitive, such as manufacturing or retail,” said Beckmann.

“This is new technology,” he went on to explain, “and every new technology
will bring some set of exposures to the business. People who have sensitive
data have a responsibility to wait until something is proved robust. It’s
not that SDN is inherently faulty, by any means, but it is new.”

Beckmann suggested a number of ways in which SDN could help improve overall
network security, by giving IT departments more and better means to respond
to volumetric attacks and avoiding brute force responses to attacks and
breaches.

“It is easy to say there will be a breach around SDN, but you still might
be better off with SDN because it may shut down other security holes,” he
said.

Nevertheless, he predicted there will be “a high-profile security event
within the next two years based on SDN”.

The hope among suppliers such as Brocade, which is a member of the Open
Networking Foundation and committed to the supplier-agnostic OpenFlow
industry standard SDN communications protocol, is that a wide community of
open-source developers will be more quickly able to respond to and develop
solutions to any flaws that arise.

A recent report by SearchTelecom.com called for network managers to
integrate security capabilities into their fledgling SDN infrastructure.

The report warned that network architects were overlooking how to provision
and manage security services inside an SDN environment, which would
ultimately lead to an undesirable scenario whereby networking and
datacentre infrastructure was fully virtualised but security remained
hardwired.

The latest release of the OpenDaylight Project’s SDN stack, Helium, now
includes security enhancements around authorisation, authentication and
accounting, as well as a secure network bootstrapping infrastructure
feature.

Brocade emphasised that the possibility of harm should not be a reason for
network managers to shy away from evaluating SDN to find out exactly what
it is and what it does.

The research also revealed that 37% of respondents – all UK IT
decision-makers – did not fully understand SDN, and 45% were not sure about
NFV either.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!