Maksim Kabakou - Fotolia

Security Think Tank: Cloud tech helps to protect advanced networks

How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?

In today’s technology environment, we have come a long way from the “old days” of IT.  Today, IT consumers expect “always on” networks anywhere they go, whether on the road in the car, on a plane, at work, at a coffee shop – anywhere. 

Companies that provide services for apps have had to find ways to make all of this possible while at the same time making sure that malware is not able to run rampant from one piece of the network to another.

How do they do it? Many companies use techniques known as software-defined networking (SDN) along with containerisation and encryption to keep these state-of-the-art networks always available, uber efficient and, most importantly, secure.

We have all heard a lot about encryption and containerisation, but what exactly is SDN? Many people think it’s the cloud.

While cloud computing is a big part of what keeps the networks up and going, in essence the computing of computers has been taken off physical servers and placed in virtual environments many times over. Simply using cloud doesn’t quite get us all the great benefits of using technology seamlessly and at higher and higher speeds everywhere we go.  

SDN is a concept that has been in the making for the best part of a decade or more, but it has really come into its own over the past few years. SDN takes many of the concepts of cloud computing and applies function virtualisation to the networking equipment and devices that need the network, to make it more efficient and faster than ever.  

SDN has even been applied to make networks more secure by allowing certain traffic to get access to a specific portion of a network and keeping everything else out. Before we go any deeper, let’s take a quick look at how networks used to be and how technologies like SDN make things faster and more secure.  

In the pre-cloud days of IT and by comparison with today, IT costs were relatively high considering that a lot of the technology was new and there were not too many companies providing it. More importantly, networking was slow compared with today’s lighting fast speeds. It was also very expensive for companies to even connect to data networks to pass data to other clients or service providers.

Before the internet, this is how companies moved data. To get the most out of their IT investment, anything that needed the network was smashed together by using techniques such as “multiplexing” to get the most out of available bandwidth for very pricey circuits.  

This helped to allow multiple customers/business units to “use” the available bandwidth, but it was all based on how the circuit was split up. Any changes to allow one customer/business unit more bandwidth would have to be done by a configuration change that didn’t always address “on demand” needs, causing downtime risks.

Fast forward a few years, and telephone companies started to install fast fibre optic cabling underground and undersea all over the world, which would set the stage for faster things to happen. Fibre optics use light waves to transmit data, allowing the door to open for super-fast connectivity.  But simply having faster conduits was not the only problem to solve to increase speeds.  

In datacentres, networking equipment still had to process and inspect every piece of data that came in from these very fast connections. IT engineers also started to incorporate new ways to prioritise certain types of network traffic over others to allow higher-priority traffic to get to the network over lower-priority traffic. Again this helped, but didn’t always allow the available bandwidth to be used. The bottleneck still lived in the datacentres.  

The many uses of SDN

SDN addresses this problem by using concepts similar to cloud computing and applying them to networking equipment. Instead of needing a router or firewall to do what they do on their own hardware, the software is installed on a virtual machine that is connected to a plane with other virtual network equipment, servers and computers, which makes communications much faster and more efficient for the available bandwidth.  

Similarly, SDN addresses security. Now that networks are virtualised, you can set additional controls on how those virtual networks are protected. You can add technologies such as containerisation, which does what it sounds like, place apps in a container on a server that has its own additional security controls, and use encryption that scrambles the data in a secure way to protect it further. In this way, networks are becoming more secure, while also providing the fastest connectivity we have ever seen.

SDN, along with putting apps in containers with stricter security controls while encrypting the data that lives there, makes it much harder for cyber crooks to use malware to spy, steal data, or further open holes in networks for them to accomplish their nefarious goals, which usually end in a breach of someone’s network.

Instead of the traditional route, network engineers can use the application programming interface (API), which gives them more flexibility and visibility to control and manage traffic flow on SDNs. Organisations with an intrusion detection system (IDS) can detect and block traffic at the source and left of the killchain.

Although we cannot quite say that malware will never be a problem on a network, organisations that are using these advanced concepts, along with good cyber hygiene, are making networks faster, more secure, and less vulnerable to attacks.  

Many of us might be too busy to notice these benefits while enjoying our on-demand 4K videos, streaming media, online virtual reality games, or talking in real time to our colleagues across the globe in HD clarity.  But those working behind the scenes know that we all have these true marvels of technology to thank for making it all possible.

Read more on Hackers and cybercrime prevention

Data Center
Data Management