In our last post, we talked about the benefits of network function virtualization (NFV) for managed service providers. Taking a step further, we’ll now examine how providers that deploy NFV can further benefit from this rapidly growing industry trend of evolving previously hardware-centric networks by leveraging security technologies into software-based services.
A core element of NFV is the virtualized network function (VNF), which is a software-based or virtualized version of a specific function such as a next-generation firewall (NGFW). Employing VNFs goes far beyond just converting from point hardware to virtualized software instances such as an NGFW. VNFs, which are centrally managed, policy orchestrated, zero-touch provisioned and service-chained, address many of the operational challenges noted earlier (that virtualized single instances are still prone to).
Applying NFV (and VNFs) to enterprise security and managed security services results in the ability to software-define security in terms of both form-factor and operations (policy creation and enforcement). These benefits are compounded by the fact that software-defined security (SD-Security) created from NFV de-couples security functions from proprietary hardware, enabling security functions in software to run on commodity x86 servers and appliances.
Another key aspect of SD-Security using NFV is its ability to service-chain to easily achieve multi-layer security. For example, a SD-WAN provider can service-chain a NG Fire Wall and secure web gateway to provide security for direct Internet access. Because the traffic flow has been service-chained centrally, each branch office is easy to deploy using a centralized orchestration tool.
Other advantages to creating a software-defined managed security service or enterprise deployment include:
In summary, the best SD-Security solution is the one that fits your enterprises’ needs. This flexibility is actually one of the widely touted advantages in the move towards SDN, NFV and virtual CPE. So it comes as no surprise that vendors are gravitating towards a software-defined architecture that encompasses all the different needs of the valuable enterprise WAN and branch network market. The recent IHS Infonetics survey is a case-in-point; according to this survey of service providers controlling 43 percent of worldwide telecom CapEx, 95 percent have deployed or evaluated NFV in 2016. One hundred percent will evaluate NFV by 2017.