How Software-Defined Networking Can Improve Data Security

By: Fran Howarth| - Leave a comment


The use of software-defined networking (SDN) is growing rapidly. According to Infonetics Research, 79 percent of data centers in the U.S. will deploy SDN by 2017, up from 65 percent that were conducting trials in 2015. SDN provides greater business agility, which helps drive business innovation, and also has far-reaching benefits for security.

Creating Highly Flexible Network Environments

With the concept of SDN, networks are separated into different planes. The control plane, which manages where packets are sent, sits above the data plane, which works to forward traffic to its intended destination. In this way, the intention is to achieve scalability and agility in a virtualized world.

Above those two planes is the separate application layer. Changes can be made to the network as needed, with the addition of new routers, firewalls and virtual LAN segments. This gets around problems with open perimeter-less networks by consistently applying firewall and content-filtering policies to constantly morphing network environments. With SDNs, controls such as firewalls can be provisioned as they are needed and where they are needed. This also makes them well-suited to highly flexible environments, including bring-your-own-device environments, where people are using multiple devices.

Software-Defined Networking Provides Enhanced Security

This type of network environment takes a policy-based approach, which helps address security and compliance concerns. Owing to its centralized control, administrators can create a policy and push it out uniformly across the network. This saves them the trouble of having to manually define security definitions for each device and allows controls such as firewalls, encryption technologies and authentication processes to be implemented automatically and uniformly.

Further, this approach allows all traffic to be routed through one central firewall, which facilitates the real-time capture and analysis of data, such as that from intrusion detection systems. Thanks to this improved process, data breaches can often be detected faster.

Saving Money With Faster Breach Detection

The longer it takes to detect a data breach, the more costly it is to resolve. According to the 2016 Cost of Data Breach Survey, breaches that are identified in less than 100 days cost an average of $3.23 million to resolve, whereas those found after 100 days cost more than $1 million more per incident, averaging $4.38 million.

With the policy-based approach of SDN, rules can be created to flag suspicious patterns of activity, which can then be dealt with automatically by shutting down an anomalous service or isolating a particular user or device. Details of all activity are collected in a central database, allowing for threats to be better investigated and for more efficient reporting and audits.

Facilitating Better Endpoint Control

With SDN, endpoints can be more effectively controlled, as security is enforced when devices connect to the network. When a new device connects, it is only able to communicate with other whitelisted devices and applications. SDN also allows endpoints that have been infected with malware to be automatically quarantined so the infection cannot be spread and data cannot be compromised. This provides secure access for all users, regardless of their location, enabling greater flexibility and productivity while ensuring high standards of data security.

In SDN environments, security can be implemented across even the most virtualized networks in a uniform manner. Data breaches can be more easily detected, allowing for faster remediation, and endpoints can be more easily controlled, regardless of what they are. This allows organizations to securely achieve their key business objectives, embrace hybrid cloud environments for agility and cost benefits and achieve operational efficiency and business innovation.

Topics: , ,


About The Author

Fran Howarth

Freelance Writer

Fran Howarth is an industry analyst and writer specializing in cybersecurity. She has worked within the security technology sector for more than 25 years in an advisory capacity as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include cloud security, data security, identity and access management, network and endpoint security, security intelligence and analytics and security governance and regulations. Fran can be reached at

Articles by Fran Howarth
See All Posts