CYBEREYE
BY BRIAN ROBINSON
Could SDx be the new model for IT security?
IS THIS THE YEAR when software-defined anything (SDx) becomes the tem- plate for federal agency IT security?
It’s been knocking at
the door for a while, and the spending outlook for government IT in President Barack Obama’s recent bud- get proposals could finally be the opening it needs.
The White House has called for increasing cy- bersecurity spending by 35 percent — to $19 billion — and proposed a $3.1 billion revolving fund to upgrade legacy IT throughout the government.
Venting his frustration and no doubt that of many others in the administra- tion and Congress, Obama talked about ancient Cobol software running on Social Security systems, archaic IRS systems and other old, broken machines and soft- ware at federal agencies.
It’s not a new story. Agency IT managers will readily tell you about the problems they have trying to maintain legacy technol- ogy and how that sucks up funds and manpower.
They say they have too little time to focus on what their jobs should really be about, which is deliver- ing better services to their users.
Security is just one item among many they must
address, but it’s become
a much more urgent one after a year that saw major breaches at the Office of Personnel Management and elsewhere.
That point was driven home again this year when the IRS revealed that hackers had succeeded in using stolen Social Secu- rity numbers to generate personal identification numbers used by taxpayers to electronically file and pay taxes.
sophisticated and numer- ous, protecting networks becomes more difficult. With IT staff overwhelmed by the legacy systems they have to keep running, orga- nizations face much greater risk of damage from those attacks.
By simplifying infrastruc- ture management with
the software overlay that software-defined network- ing brings, IT and security managers get a much bet- ter way of identifying when
deal with vulnerabilities and will be too costly.
Those devices are also proving to be more vulner- able than people thought, with Cisco joining Juniper and Fortinet on the list
of manufacturers whose advanced firewalls appar- ently suffer from potential software problems.
Right now, the only vi- able solution in this brave new world of security seems to be some kind of software-defined approach.
10 GCN MARCH/APRIL 2016 • GCN.COM
Cost-effectiveness and scalability are among the main advantages that proponents put forward for SDx architectures.
The revolving IT Modern- ization Fund in the White House budget proposal would pay for projects that would be prioritized based on the extent to which they lower the overall security risk of federal IT systems. The savings achieved by shifting to more cost-effec- tive and scalable platforms would be recycled back into the fund.
Cost-effectiveness and scalability are among the main advantages that proponents put forward for SDx architectures, along with agility in responding to threats. As those threats become more targeted,
they are being attacked and a faster and more focused way of responding.
The future will only bring more security chal- lenges for government as the Internet of Things in- troduces thousands of new avenues that attackers will try to use to penetrate net- works. The trick will lie in securing networks without limiting the IoT’s facility.
One approach that won’t work is throwing the solu- tion du jour at the prob- lem, which has been the traditional answer. Bolting on more point-to-point, single-purpose devices won’t scale fast enough to
It’s not a silver bullet by any means, it must be part of an overall security strat- egy, and it must provide for the kind of subtleties and granularity needed to weed out modern threats.
If — and in an election year, it’s a big if — Obama’s budget proposal makes headway in Congress, SDx could prove to be the best way to tackle the security problems that otherwise threaten to overwhelm the government. •