Securing programmable infrastructure: It’s back to basics
It’s so easy to get caught up in the hype around new technology, particularly if it’s widely called a ‘revolutionary’ new direction in the market
Of course, I’m speaking about programmable infrastructure, or software-defined networking. But when deploying any new technology, it’s important not to lose sight of the fact that basic security principles still apply.
The challenge is that security has been lagging behind the market where programmability is concerned. The industry can’t yet gauge the full extent of the threats against which programmable networks would be vulnerable. Much of the technology we’ve seen to date hasn’t been developed and deployed with security in mind. In fact, software-defined infrastructure hasn’t involved security considerations from the outset.
However, while programmable infrastructure will have a major impact, the underlying security aspects you need to consider will stay constant. It’s back to basics: information security is all about the data. And the three cornerstones of data security are still confidentiality, integrity, and availability.
In the most practical sense, this means that if you’re considering a programmable infrastructure, you need to update your security policy to include that. Then you need to consider the appropriate security controls to protect the infrastructure. With software-defined infrastructure, the control is moving from hardware to software. The attack surface therefore grows because software-based systems can be configured remotely. So you’d need to implement more security around access to the software, to prevent, for example, the insertion of unauthorised or malicious code.
However, the industry still needs to define and determine how best to do that. The focus until now has been on using software-defined networks to move data faster and easier. Not much thought has yet been given to how to do that more securely. One possible answer is programmable security infrastructure, in fact, we’re already seeing security products such as firewalling and intrusion prevention in software form. This allows us to programme the tool, provision it, deploy it, and automate it in the most appropriate way, as and when it’s required. Now that’s a truly exciting new direction!
Read this latest thinking article for more on what may lie ahead in software-defined security.