Could virtualization be the Holy Grail (or, at least, one of them) for securing the New IP against a slew of old and new hazards? Increasingly, IT executives, engineers and pundits -- particularly those involved with telecommunications and the cloud -- think so.
Indeed, according to QuinStreet executive brief "SDN Growth Takes IT Infrastructure by Storm," 45% of respondents cited "improved security" as a benefit of SDN in the October survey of 466 IT decision makers.
Still, cloud and virtualization FUD persists -- particularly in highly privacy-conscious regions like Europe.
"There [are] so many parties that say, 'That can't be safe because it's running over the Internet,'" Mike Beckers, head of international sales for Luxembourg-based telco and virtual cloud provider TERALINK Solutions, tells The New IP in an interview at last month's Bio-IT World Expo. "I think there is lots of scaremongering going on."
Despite some challenges associated with SDN, its benefits -- including security -- far outweigh any complexities, the QuinStreet study finds.
"[SDN's] multi-layered approach to network security, along with granular insights into traffic and the ability to react in real time[,] simply can't be matched by fixed hard-wired networks with rigid security policies," concludes John Isch, Network & Voice Practice Director at Orange Business Services in The New IP's recent report on SDN and NFV advantages. (See: Top 5 Business Benefits of SDN & NFV.)
Wrapped in Security
Service providers determine virtualization provides more ways to secure corporate and customer networks from internal and external threats.
For major telecoms like AT&T, these real-time network transitions translate to the flexibility, agility and dynamism needed to dodge DDoS attacks.
"If one of our network elements is in over-use, with SDN and NFV, the network is elastic," Rita Marty, executive director of Mobility & Cloud at AT&T's Chief Security Office, explains. "The network is able to scale up and scale down and minimize the impact." (See: Rita Marty: Securing the AT&T Network.)
Sorell Slaymaker, former Gartner analyst who now works as an evangelist at network-security startup 128 Technology, which focuses on telecoms, agrees with Marty's assessment of virtualization's security benefits.
"The DDoS attack comes in from multiple locations, so with NFV it's cheaper and easier to support more security services," Slaymaker tells The New IP. "In the legacy world, most security products are appliances, and appliances have limits on how much they can process -- and they take a while to install. [Conversely], you can deploy software a lot quicker [and] a lot cheaper, and because you can do that you can move it more towards the [network] edge [from the core] because it comes less expensive to do so... and that makes it more effective."
Slaymaker cautioned, though, that virtualization is not an instant security salve.
"Virtualization by itself doesn't improve security, but what virtualization does do is it makes... security cheaper and easier," said Slaymaker.
Not all agree with Slaymaker's disclaimer, however.
"Virtualization provides a great deal of protection, I think, for certain types of threats," Brian Bissett, a federal-government IT executive and senior IEEE member, told Bio-IT World Expo attendees during a presentation on information-security policies. "Sometimes by the time you get a warning that you have a virus or something on your system, it's just too late -- and if you're operating in that virtual environment, you could kill the virtual session and move on."
Ransomware, for instance, can be reverse-engineered in a safe, isolated container, unikernel or other virtual instance if it installs there, says Bissett. Consequently, contemporary ransomware is programmed to not install if it detects a virtual instance being run, he says.
Regardless of the exact nature of the security benefits, virtualization is undeniably helping to secure data, operations and the bottom line. With these tools, AT&T can "instantiate additional security in the network," says Marty of
AT&T Inc. (NYSE: T), "[and] at the same time we... minimize service interruption to our customers." (See: AT&T: Securing the New IP Network.)
— Joe Stanganelli, Freelance Contributor. Follow him on Twitter @JoeStanganelli. Special to The New IP