Sergej Khackimullin - Fotolia


SDN will play key role in mobile network security

SDN will serve as a critical tool in the fight to secure the mobile network, thanks to its adaptability, which will allow it to address new threats as they emerge and evolve.

Mobility arrived at the center of IT strategy, technology, planning and operations about a decade ago, and continues to drive IT spending and evolution in almost every organization today. Key activities include implementing mobile operating policies; monitoring network (particularly Wi-Fi) capacity; and managing devices, applications, content and remote access.

But no IT requirement is more important than security -- without security, we never have a valid IT approach. In an era of hackers, breaches, data theft and an increasingly demanding regulatory environment (corporate governance, Sarbanes-Oxley, PCI DSS and HIPPA, just to name a few), we need to extend the security capabilities implemented within networks and their management systems to mobile-centric organizations. Why? Because endpoint security alone, the traditional focus of mobile network security, is proving insufficient at best.

Even with today's evolved mobility-management solutions, endpoint security remains difficult due to the diversity of devices, users, applications and networks -- and is inadequate, given the requirements for end-to-end security needs. The network itself must therefore play a key role in mobile security.

Policy-based SDN is an ideal vehicle for implementing ... security across the entire network, right to the mobile edge.

Core mobile network security requirements include policy enforcement, authentication (identity management, the successor to AAA, for both the device and the network) and encryption of sensitive data (whether on a device, on a server or in transit). Organizations must also secure device updates, protect against malware, and maintain overall network and service integrity. Mobility introduces another complication: the use of third-party networks from cellular to guest-access Wi-Fi.

Fortunately, today's organizational networks can address many of these issues, with centralized authentication, VPNs and mobile network security policy enforcement capabilities. But a major challenge remains: Security threats are not static -- they change and evolve with frightening regularity. So, traditional network-centric security is going to have to evolve to meet these new challenges.

Again fortunately, though, we have at least a conceptual framework for the future of mobile network security: software-defined networking (SDN). SDN's most visible appeal is that it extends the traditional mix-and-match interoperability that has defined networking to date with a degree of programmability and adaptability that brings new cost, management and operational benefits. Key among these is the introduction of new security methodologies that fit perfectly with today's mobile-centric IT strategies. SDN can adapt to changing conditions, including fluid and unpredictable security threats.

What's more, SDN is becoming a major factor in the evolution of networking as a service, moving key networking functionality, including security, into the cloud -- the same cloud that is also central to mobility. In fact, SDN-based network functions virtualization (NFV) will likely form the backbone of a very large number of organizational networking initiatives going forward. Want to check for malware, look for traffic patterns that might represent an attack or dynamically re-configure the network to repel or at least counter a security threat in a mobile-centric world? Think SDN, NFV and cloud. Oh, yes -- all of this also works for the wired portions of the network.

The bottom line? First, SDN is the key direction for networking today, and, while the benefits of SDN extend far beyond security alone, security needs may very well provide the key justification for its implementation. Policy-based SDN is an ideal vehicle for implementing -- and updating as new threats are identified -- security across the entire network, right to the mobile edge. Virtualization enables the transparent and universal implementation of key security functionality. Ultimately, there is no easier or more effective strategy for mobile security -- and security overall.

A cautionary note: The programmability that is essential to SDN requires its own security; the viability of SDN itself is called into question if, for example, an SDN controller is hacked. But, again, when it comes to security, no one is ever "done," and the likelihood that good solutions to the infrastructure integrity challenge will become common is high.

SDN's fundamental adaptability will play a central role in the future of mobile network security, whether in-house, in the cloud or in a hybrid setting. SDN will, in fact, reshape the very nature of mobile security, and may even become the only -- not just dominant -- security strategy going forward.

Next Steps

The dark side of SDN security

software-defined security: What you need to know

SDN's security vulnerabilities

This was last published in October 2015

Dig Deeper on Network Security