As technology virtualization became mainstream, it didn’t take long for software-defined monikers to emerge. Although it can be an ambiguous expression, software-defined anything (SDx) describes software that will control and automate a greater range of hardware systems and devices, which ultimately reduces the need to have dedicated hardware devices to perform specialized tasks.
We can easily compare this shift in technology to the home theater industry. You probably recall renting VHS tapes at your local video store. However, with the adoption of streaming services, voice-controlled smart devices and home media servers, everything has changed and you never need step into a video store again. Consumers are now able to consolidate, automate and simplify tasks that were once manual to a software-defined experience.
But SDx incurs greater risks and responsibility, which is where software-defined security (SDSec or SDS) comes in. SDSec can be defined as a type of security model in which the security in a computing environment is implemented, controlled and managed by security software. It is a software-managed, policy-driven and governed security that can consist of firewalls; intrusion detection and prevention; network segmentation; active and passive scanning; user and device identification; application controls; threat prevention; decryption; and much more.
Traditional security architectures for physical data centers fall short in meeting the rapidly evolving needs of digital businesses. SDSec enables the implementation of advanced and automated security controls for securing data and networking resources in software-defined data centers. SDSec is being adopted as the next-generation network security for virtualized data centers. The protection made possible by SDSec is adaptive and independent of any servers and individual security devices.
SDSec is frequently implemented in IT environments that have cloud or virtualization infrastructures. Every time a new device is introduced into the environment, it is automatically covered and controlled by the already established security policies. This also means that environments can be migrated to other data centers without affecting the security policies and controls that are in place.
With SDSec, a security policy can follow the user instead of the device — be it a laptop, smartphone, tablet or virtual desktop. If an employee leaves the office with any of these devices, the same security policies or profiles stand just as if they were in the office. The employee doesn’t have to rely on a cafe or hotel network to provide the security controls. Requirements for SDSec include:
- The architecture must be simple in order to install and manage in a highly dynamic environment.
- SDSec must be cost-effective to ensure the security can be installed everywhere.
- It must be secure in order to effectively protect against advanced threats.
Advantages of Software-Defined Security
Organizations are moving to SDSec for several reasons, including:
- Consistent and efficient security policies across enterprise networks regardless of where resources are located
- Ability to implement, control and manage threats from one location
- Focus on software security instead of worrying about hardware maintenance
- Automation of security, including firewalls, intrusion prevention, intrusion detection, identity/access management, data loss prevention and geolocation
Traditionally, IT departments have specialists in servers, storage, route/switch, PBX, disaster recovery and additional technologies. With SDSec, specialists become generalists and can develop their knowledge and understanding of the modern technology sets within the infrastructure.
Collaboration within the IT business units will be required in order to create and manage these advanced security policies. All groups will need to be involved in determining the who, what, when, where and why of policies before SDSec can be properly implemented. It will require strong efforts in the beginning stages, which will pay off in the long run.
How to Get Started
View Arrow’s Software-Defined E-Book to make sure you understand the business drivers, the technology and what Arrow can do to help you guide your customers in a proactive approach to new IT environments.
If you aren’t already talking to your traditional data center customers about implementing software-defined security, someone else probably is. Arrow has the resources to support you and help you gain entry into this growing market. Arrow engineers are real-world engineers with decades of experience on the front line of end-user organizations or in supplier roles.
If you have any questions about SDS and how Arrow can help you get in the game, contact us.
Last modified: November 18, 2019