Software-defined networking is gaining new momentum, with top enterprises adopting the approach in a big way because of its advantages in ensuring capabilities around measuring operating expenditures vs. capital expenditures, flexibility, scalability and cost savings.
However, Anthony Lim, senior cybersecurity adviser for Frost & Sullivan and vice chairman of the application security council at (ISC)Â², states that the because SDN is a relatively new approach, most enterprises are still learning to understand its nuances in the real-world operations environment.
"Since CISOs are still finding ways to identify and address security issues related to SDN, hackers are finding this route their new entry to penetrate into the networks to discover server vulnerabilities," Lim says.
Lim advises CISOs to understand the basic topology of SDN security challenges, such as protocol weaknesses, information disclosure through interception, debug ports and open flow switches that can be impersonated.
In this interview with Information Security Media Group, Lim, a speaker at RSA Conference Asia Pacific and Japan, to be held July 22-24 in Singapore, shares insights on his presentation, "Security Risks in SDN and Other New Software Apps," and highlights the preliminary cautions CISOs must take around SDN to enable businesses and IT to take advantage of the centralized control mechanisms.
Lim emphasizes the importance of integrating SDN security with application security in securing the code during the software development cycle to create layers of defence in the SDN environment.
He provides insights on:
- How to involve stakeholders in the SDN security strategy;
- How to align SDN security with application security;
- Ways to secure the SDN environment.
Lim is a pioneer holder of the (ISC)Â² Certified Secure Software Lifecycle Professional certification and recipient of its senior professional and president's awards. A 20-year veteran in Asia Pacific cybersecurity business development management, practice and advocacy, Lim was a regional security business leaders at the Whilehat, IBM, CA, Check Point and other U.S. vendors.