Light Reading
Security concerns are changing procurement strategies, claims ATCA platform vendor.

Kontron Capitalizes on Security Jitters

Carolyn Mathas
News Analysis
Carolyn Mathas
2/20/2014
50%
50%

Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place?

According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening: The company, best known for its AdvancedTCA (ATCA) range of modules, claims it's wrestling business away from (unidentified) competitors that have design and development exposure in Asia/Pacific, particularly China.

And if that's more than just a one-off, the implications could be huge for telecom systems vendors and their suppliers.

Sven Freudenfeld, Business Development, Telecom for North America at Kontron, says that, increasingly, customers initiate discussion on where engineering takes place. "As we go further into cloud computing, trust is necessary to build platforms that will be deployed in the cloud. Moving the central office to the cloud where carriers no longer have access to hardware, they're forced to rely on what they don’t control," says Freudenfeld.

"When carriers owned their network hardware, they could handle situations as they arose -- they could see and identify an actual breach," adds Freudenfeld. "Now, with discovery left to third parties, reaction time is stretched out substantially. Carriers are demanding all network platforms -- interfaces, software, firmware, hardware -- be secure."

And for some (many?), China is regarded as posing a security threat, either directly or indirectly. Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) know all about that: They are on the 'not trusted' list in the US, preventing them from supplying telecom equipment to the federal government or US companies. The main concern is that technology developed in China might include hidden back doors that would be used to either eavesdrop or disrupt networks, though no concrete evidence has been forthcoming. (See Nearly Everyone Trusts Us – Huawei CEO, US vs Huawei/ZTE: The Verdict and China Lashes Out at 'Cold War Mentality'.)

Customer concerns are not limited to just steering clear of China, though. Systems vendors are delving deeper into basic design methodology -- how network products are developed. Freudenfeld says there's a need for greater focus on: the design and creation of platforms with security as a central element; regulatory compliance; and the ability to identify weak points in a network.

There are many such weak points, he claims, and these will become more obvious with the introduction of virtualization, for example, or machine-to-machine (M2M) implementations, as each layer and each machine becomes a potential weakness.

And virtualization is going to happen: Indeed, Kontron is embracing it. (See Kontron Integrates OpenStack.)

There's reason to believe that virtualization is a major security concern. At the 2013 RSA Conference in San Francisco, the Cloud Security Alliance identified the Notorious Nine -- the top nine cloud computing threats for 2013. Of the top three concerns, number one is data breaches. In this case, a virtual machine, for example, could use side-channel timing data to extract private cryptographic keys in use by other virtual machines on the same server. The report indicated that one single client application flaw could allow a hacker access to all of the data -- not just that one client's.

The second top concern is data loss -- the kind where data is here and, then, well, it's not. Finally, account or service traffic hijacking. Once a hacker accesses credentials, eavesdropping on transactions and activities, data manipulation, information falsification, and moving clients to illegitimate sites, are all possible.

What cloud computing has done by concentrating a wealth of assets is magnify the consequences of breaches. On one hand, it's a bastion of data sharing -- on the other, a potential nightmare.

"Regulation will be especially important with telecom equipment and delivering the cloud. While there's great potential for software-defined anything --infrastructure, radio, networks -- there’s always a security element," Freudenfeld explained. While working groups and regulatory bodies exist, more progress will be necessary over the near and long term.

The security threat perception isn't limited to China, though, especially amid the NSA headlines and the FBI’s request for Facebook and Google to enable access for US government surveillance. (See Obama Weighs In on NSA Data Collection, Euronews: Merkel's Mad as Hell at NSA and NSA Humor Tops Congressional Hubris.)

Actually implementing back doors, or deliberately compromised telecom equipment, is very rare. It's the accidental vulnerabilities that are more common. But it's not that difficult to believe that Kontron customers are indeed citing security fears for a shift in procurement processes, especially as technology developments move faster than security advances and implementations can keep up with. Technical defenses may still be inadequate or not sufficiently implemented -- and that may leave non-technical ones, such as specifying that design and development take place in a more trusted environment, as the only immediate way to begin to alleviate fears.

— Carolyn Mathas, contributing editor, special to Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Huawei Video Resource Center
2014 Huawei Electric Power Industry Summit: Interview With Junwei Lu

10|30|14   |   4:50   |   (0) comments


Professor Junwei Lu of Griffith University Australia describes his work with micro grid technology and the future of the power industry.
LRTV Documentaries
The Next-Gen Network Disconnect

10|29|14   |   01:23   |   (0) comments


There's a lot of talk about making networks more simple with SDN, NFV and next-gen broadband technology – but what about the complexity of introducing such capabilities?
LRTV Custom TV
Grow Your VPN Service Revenue

10|27|14   |   4:00   |   (0) comments


Watch how CSP product managers can better differentiate and maximize the value of their Internet, VPN and cloud services for business services customers, by adding premium application performance visibility to their data services.
LRTV Huawei Video Resource Center
Add SmartSense to Make Your Network Ready for 4K

10|27|14   |   3:23   |   (0) comments


To make current networks ready for the coming 4K TV challenges, Huawei SmartSense solution will conveniently add experience and operation capabilities to boost telcos' future business.
LRTV Huawei Video Resource Center
NetMatrix: Orchestrate the SDN & NFV World

10|27|14   |   4:11   |   (0) comments


Orchestrator is important in SDN/NFV world to make Telcom network automate, open and efficient. NetMatrix, as Huawei SDN/NFV orchestrator solution, has been in deployment and is showing its' value in real scenarios.
LRTV Huawei Video Resource Center
Huawei FusionSphere Enabling ICT Transformation

10|27|14   |   3:21   |   (0) comments


Jeffrey Gao, Chief Strategy and Marketing Officer of Huawei West Europe Region, talks about the company's future-oriented cloud strategy. Huawei is providing full portfolio of IT architecture and building an open cloud ecosystem with innovative cloud OS FusionSphere to support customers' ICT transformation.
LRTV Huawei Video Resource Center
Huawei Partner Interview: StorIT

10|27|14   |   4:20   |   (0) comments


An interview with Suren Vendantham of StorIT, a value-added distributor for Huawei in the Middle East region.
LRTV Huawei Video Resource Center
Huawei Partner Interview: Optimus

10|27|14   |   3:14   |   (0) comments


An interview with Nehul Goradia of Optimus, a value-added distributor for Huawei in the Middle East.
LRTV Huawei Video Resource Center
Huawei Partner Interview: Enterprise Solutions

10|27|14   |   4:57   |   (0) comments


An interview with Pouya Parsafar of Enterprise Solutions, a valued distributor partner with Huawei.
LRTV Huawei Video Resource Center
Huawei Customer Interview: OETC

10|27|14   |   2:35   |   (0) comments


An interview with Saif Albadi, of the Oman Electricity Transmissions Company, a government utility in that company that partners with Huawei.
LRTV Huawei Video Resource Center
Huawei Customer Interview: Jannah Hotels & Resorts

10|27|14   |   3:13   |   (0) comments


An interview with Nehmeh Darwish, CEO of Jannah Hotel & Resorts, about his collaboration with Huawei across five hotels in the United Arab Emirates.
LRTV Huawei Video Resource Center
Huawei's Commitment to the Middle East: GITEX 2014 Wrap-up

10|27|14   |   3:41   |   (0) comments


Highlights from the Huawei pavilion at GITEX in Dubai, United Arab Emirates, with interviews with current Huawei customers.
Upcoming Live Events
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 2, 2014, New York City
December 3, 2014, New York City
December 9-10, 2014, Reykjavik, Iceland
February 10, 2015, Atlanta, GA
May 6, 2015, McCormick Convention Center, Chicago, IL
May 30, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
WhoIsHostingThis.com presents six of the world's most extreme WiFi hotspots, enabling the most epic selfies you can imagine.
Hot Topics
Microsoft's Skype Embraces WebRTC on IE
Sarah Reedy, Senior Editor, 10/27/2014
FTC Slaps AT&T With Throttling Lawsuit
Sarah Reedy, Senior Editor, 10/28/2014
China's MVNOs Hit the Wall
Robert Clark, 10/27/2014
Roku Raises $25M, But for What?
Mari Silbey, Independent Technology Editor, 10/23/2014
Let's Not Kill SDN & NFV With Silos
Francois Locoh-Donou, Senior VP, Global Products Group, Ciena, 10/28/2014
Like Us on Facebook
Twitter Feed