The highlight of last month’s RSA Conference for me by far was Cisco Systems Senior Vice President, Chris Young’s keynote entitled, Securing the Data Center’s Future Today. I heard of the former RSA VP and VMware exec at the 2012 RSA Conference. The Harvard and Princeton grad is a compelling speaker, and this year’s keynote was no different.
Young focused his attention on software-defined networking which is the “game changer” for the next generation of data centers.
“The future is a lot closer than we all might think. Today rapid changes in the world we live in driven by technology trends, business model changes, and market transitions are profoundly impacting all of our networks, data centers, and the overall IT infrastructure,” he said. “Today I want to explore with you the risks and the opportunities associated with software-defined networking.”
According to Young, software-defined networking (SDN) is a better way to secure our most valuable applications, users, and data. He asked the audience of thousands of infosec geeks how many of them deliver some kind of software defined networking capability in their infrastructure. Not many hands went up, but maybe they were shy.
“One of my goals today is to hopefully give you some education on software-defined networking, some of the opportunities and risks associated with this massive technology trend that’s going to impact us quite significantly,” he said. “Today much of the Internet’s growth is driven by the explosion of global devices. In 1984, there were only 1,000 devices connected to the Internet. In 2008, there were 1 billion. And we estimate by the year 2020 there’s going to 50 billion devices connected to the Internet.”
Young said that as the number of connections increases, so too will the number of applications. He noted that application development happening both in the cloud as well as for the cloud, is exploding.
“Public cloud applications are the ones that are really leading the charge. It’s great to see that a lot of our CIOs are planning to adopt cloud-based applications more and more over time,” he said. “But the reality is that most organizations and most CIOs are being dragged to the cloud by their users in their lines of business who want to run their applications in the cloud, develop for the cloud, or get application as a service models.”
Young said there is rapid growth of the number of things connected to the Internet. He said he got to test drive the new Tesla model S sedan recently and noticed its highly-sophisticated onboard computer, full-on browser, and 3G connection.
“These things like cars are going to increasingly add capability, context awareness, more processing power, even more energy independence like we’re seeing in electric cars today,” he said. “This is the Internet of everything, effectively it’s a network of networks where billions or even trillions of devices are going to connect to one another and ultimately create what we see as unprecedented opportunities; but they’re also going to create a lot of risks.”
Young warned that as we evolve into the era of an Internet of everything, the network itself is going to become increasingly programmable with APIs and new forms of analytics at all layers. This is where security comes in. Young called it the “any-to-any problem.”
“What I mean by that is: you can have any user, on any device, going over any type of connection, to any application that could be running on any data center or any cloud, and if you’re an enterprise or in a public sector organization, increasingly your users are going to connect to applications to get their jobs done without ever directly coming through your controlled network,” he said. “Now regardless of how or where our users are connecting, we all as security professionals have to provide the right level of inspection of transaction and the right level of protection against our adversaries and threats.”
Young explained that our basic security and compliance requirements don’t change, but the playing field that we all work on top of is changing rapidly. These changes to the network as well as the data center that underpin his “any-to-any” model is best described by what the industry calls software-defined networking, not to be confused with self-defending networks Cisco discussed a few years ago.
“Each vendor you’re going to find is going to have a little bit of a different definition of software-defined networking and how the network is changing. You’ll hear software defined data centers, software defined storage,” he said. “Cisco refers to this as application centered networking because we’re introducing programmable APIs that focus on distributed control plane intelligence so that applications can get value directly from the network itself.”
Young said that SDN is going to bring the cloud model that we’re all starting to focus on more and more and put it on steroids.
“We’re going to lower operational costs, we’re going to work quickly and scalably to deploy applications and network services, we’ll be able to do more cloud bursting which is about being able to deliver flexible computing on demand,” he said. “But if you think about it, today’s cloud providers already tell you they have a lot of these capabilities, but what they don’t tell you a lot of times is that the network can actually be a bottle neck to realizing the full value of it.”
Young explained that SDN is really the last mile to unlock the full value and benefit that we expect to get from the cloud, but we get additional advantages with software-defined networking. One of those is the ability for applications to interact directly with the underlying network infrastructure in ways that we are not able to do today. He offered an example, applications will be able to query the network for location or identity of users to be able to manage quality of service and ultimately be able to deliver targeted content down to a user or device level.
“Ultimately, from a security perspective, this model is going to deliver us powerful new ways to detect as well as defend against attacks by being able to tap into the network capabilities for high scale visibility and enforcement.”