The Benefits of a “Deny All” Approach to Security

Jan. 4, 2021
Software-Defined Networking (SDN) has typically been used to protect and manage IT networks, but its device-based, zero-trust security, and administration benefits can provide real value for operational technology (OT) spaces as well.

The OT space has been historically slow to adopt networking changes, but SDN’s benefits will impel its increased use across the industry. SDN creates an abstract version of your physical network. This virtual network uses a central controller to control and manage switches, moving the control plane from individual switches to a central controller. With SDN, instead of having to change policies individually at each switch, the entire network can be managed from one screen. SDN makes managing networks simple, and its robust security offerings are attractive for OT spaces that require network resiliency and safety.

Why SDN Makes Sense for OT
The benefits are clear. SDN can provide OT networks with zero-trust security, easier management and maintenance, and increased flexibility.

  • Security. One of SDN’s main advantages is the additional visibility and control provided through the controller. Instead of traditional port-based security and VLAN segregation, SDN features device-based security. This brings zero-trust concepts to networking, denying any communication unless specifically defined. Since OT-specific networks are typically very static in nature, SDN makes complete sense for OT networks. It protects above and beyond traditional firewalls and allows protection of East/West traffic in addition to North/South traffic. 
  • Management and Maintenance. SDN can make managing networks simple. Instead of looking at multiple tools for firewalls, network servers, etc., SDN consolidates those tasks into one product. On the maintenance side, SDN inherently takes the fastest path available. This means if a network or connection breaks, SDN will automatically take a different path on its own as long as there’s a physical connection. Instead of having to touch 100-200 switches, you can make the change centrally on a single pane of glass, giving you substantial cost savings when considering time and labor.
  • Flexibility. A good SDN product should be able to interact with many different switch vendors. You can apply SDN to an existing network or a new network – how you roll it out depends on your specific needs and budget. With an existing facility, you can add SDN to one section at a time and grow into your SDN deployment.

Who Needs to Be Convinced?
The specific benefits of SDN in OT spaces are different depending on who is concerned. To get total buy-in from each group, you need to understand what SDN can do for them.

  • Plant-Level Controls Engineers. If it’s not broken, don’t fix it – right? Plant controls engineers might be change-averse, but SDN’s policy-based rules are attractive to people who are constantly having to engage IT to reconfigure devices to different switches or ports. With user-friendly SDN, devices can be moved to other switches or networks by the controls engineers, giving them more freedom.
  • IT/OT Administrators. While these groups may have a history of conflict, SDN allows them to work together. Both groups can have visibility and control of networks.
  • C-Suite/CISO. High-level management roles will be most interested in SDN’s security offerings, which will go beyond what they already have in place. Implementing zero-trust gives a cybersecurity executive job security. They can have confidence that what is on their network is supposed to be there. From a financial perspective, your total cost of ownership between deployment and support should go down because of increased automation and networks being managed in a central location versus individually.

This product currently makes sense for larger companies with multiple facilities and complex network systems. Small companies like grain elevators or single feed mills with just a few devices on their networks can still find value with SDN if they can afford it. They don’t have big network teams working for them, so an affordable SDN solution that is easy to maintain and operate will greatly increase their security. As more SDN products reach the market, prices will even out, and companies of any size can adopt them and reap benefits.

If you’re searching for a complete zero-trust network, SDN could be the answer. Reach out to a trusted systems integrator with OT experience to explore the specific benefits SDN can bring to your operations.

David Smit works in OT Infrastructure and Security at Interstates, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates, visit its profile on the Industrial Automation Exchange.

Sponsored Recommendations

Strategizing for sustainable success in material handling and packaging

Download our visual factory brochure to explore how, together, we can fully optimize your industrial operations for ongoing success in material handling and packaging. As your...

A closer look at modern design considerations for food and beverage

With new and changing safety and hygiene regulations at top of mind, its easy to understand how other crucial aspects of machine design can get pushed aside. Our whitepaper explores...

Fueling the Future of Commercial EV Charging Infrastructure

Miguel Gudino, an Associate Application Engineer at RS, addresses various EV charging challenges and opportunities, ranging from charging station design strategies to the advanced...

Condition Monitoring for Energy and Utilities Assets

Condition monitoring is an essential element of asset management in the energy and utilities industry. The American oil and gas, water and wastewater, and electrical grid sectors...