Steep and muddy learning curve
Comments from experts like these show that deploying NFV/SDN will be a steep - and likely slippery - slope for telcos. The benefits are quantifiable and as Jeff Wilson from Infonetics puts it: “Not since the Beatles [arrived in the USA] to perform on The Ed Sullivan Show has there been so much hysteria - yet few understand SDN and its components. SDN fanatics theorize that enterprises will embrace this technology/solution because it will open the door for other teams outside networking to harness the network’s power, allow the network to automatically flex and efficiently match services to the business’ demand, or be an avenue for lowering capital expenditures by moving to white-box switches.”
All of that may be true, but does this require a steep learning curve for operators used to thinking of security in the traditional telco world of proprietary boxes, or is simply just applying familiar tools and policies in a new way?
“This is going to be a steep learning curve,” declares Ahmed. “Many enterprise networking practices can be leveraged by carriers for their own SDN environments: software engineering, IP networking, open-source, change control and change management skills will be needed. A massive retooling and re-skilling effort will be needed by the carrier.”
“There is certainly a learning curve to plan and deploy security over a SDN/NFV architecture,” says Li from ZTE. “SDN/NFV will evolve as it is adopted into the network, and so will security issues and vulnerabilities. The best defense is to apply currently known effective security solutions over the new SDN/ NFV platform, then adapt and augment as new security issues and vulnerabilities are identified or exploited.”
“With the [current] emphasis on virtual networks, virtual services, and the dynamic growth of high-speed workloads, the monolithic model that operators have been working with for years is rapidly changing,” says Symantec’s Wilkinson. “As the network collapses into a virtualized environment, the roles of individual specialists (servers, networks, storage) will collapse in to a common role. As software assisted administration - i.e. SDN and NFV - improves, communication between application owners and business strategists and those that manage the day-to-day needs of the application may become fuzzy.”
The ability of SDN and NFV to move forward and gain acceptance might not be so much a function of the technology as much as a gap in the number of skilled analysts that bridge three things: the business requirements, the security needs of IT, and the audit requirements of the compliance teams, says Wilkinson. “These skills will be in high demand, and could create a bottleneck that can slow the adoption of SDN and NFV.”
“We can only try to anticipate what the attackers may try to target with SDNs,” writes Hogg. “The deployments are new, the protocols are new, the controller software is new, and the history of past SDN attacks is unknown.”
Before an organization embarks on an SDN deployment project, they should consider how they will secure the system during the early design stage. “Don’t leave security until the final clean-up phase,” cautions Hogg. “Like most things, setting it up right from the start will save organizations many problems down the road.”
This article first appeared on Telecom Asia Security Insights May 2015 edition