Light Reading
Alarmed at the billions lost in data breaches, enterprises and governments want to write security requirements into their contracts

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
Is your network built on 'The Old IP,' or are you part of 'The New IP' revolution?
LRTV Huawei Video Resource Center
Innovating Access Technology With G.fast

10|1|14   |   3.42   |   (0) comments


Exploring the potential of G.fast technology from the point of view of the Broadband Forum, Huawei – and an end-user.
LRTV Documentaries
A Cultural Shift for an OTT World

9|26|14   |   01:41   |   (3) comments


Telcos need to embrace a new approach to partnerships if they are to generate extra revenues quickly and give customers what they want.
LRTV Documentaries
New Skills Needed as Telecom, IT Collide

9|26|14   |   4:07   |   (1) comment


As telecom and IT collide, new technologies are emerging, new skills are needed and new opportunities for women are arising.
UBB Forum News
Do IP Networks Need An Overhaul?

9|25|14   |   02:01   |   (0) comments


As traffic levels ramp, do IP networks need new technologies and topologies?
LRTV Documentaries
Sprint Wields Its Influence in the Valley

9|25|14   |   3:09   |   (11) comments


Anne-Louise Kardas, Sprint's connection to startups in the Valley, explains how telcos can be innovative and find new opportunities with partners.
LRTV Documentaries
SDN, NFV & The Future of XO's Network

9|25|14   |   3:47   |   (1) comment


XO Communications COO Don MacNeil explains how cloud, SDN and NFV are altering its network requirements as well as changing data centers of the future.
UBB Forum News
The OTT Conundrum

9|24|14   |   01:39   |   (0) comments


What is holding back prosperous partnerships between telcos and the OTT players?
LRTV Documentaries
Putting Broadband to Work

9|24|14   |   01:26   |   (0) comments


High-speed broadband network rollout is key to telco strategies, but it's what happens after the network is built that counts.
Light Reedy
Light Reading's Women in Telecom Recap

9|24|14   |   0:55   |   (4) comments


Our first Women in Telecom breakfast was a huge success, and we hope you'll join us in London for the next event on November 6.
UBB Forum News
Monetizing Ultra-Broadband

9|24|14   |   01:43   |   (2) comments


Ultra-broadband networks need to be built, with fiber-to-the-premises the ultimate goal, but they need to be monetized, too.
LRTV Huawei Video Resource Center
Sales Director of INIT on Plug & Play Switch Devices

9|19|14   |   3:21   |   (0) comments


INIT Italy uses both the Huawei S5700 and S7700 series switches for the campus LAN environment. Sales Director Andrea Curti says their company chose these Huawei devices over others because of their performance, flexible scalability and plug-and-play features.
LRTV Huawei Video Resource Center
Saudi Arabia Upgrades Vocational Training System

9|19|14   |   3:31   |   (0) comments


The Technical and Vocational Training Corporation (TVTC) has 100,000 students, 150 government-owned institutions and oversees 1000 private institutes. The CIO of TVTC explains that Huawei devices have allowed them to manage multiple datacenters using just one software program, scientifically tracking the progress of students and teachers, saving them millions.
Upcoming Live Events
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 2, 2014, New York City
December 3, 2014, New York City
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Half of the world's population will be connected to the Internet by 2017, but not just by smartphones and desktops.
Hot Topics
Facebook Pokes Around LTE Direct
Sarah Reedy, Senior Editor, 9/25/2014
Is Redbox Instant Shutting Down?
Mari Silbey, Independent Technology Editor, 9/30/2014
Sprint Wields Its Influence in the Valley
Sarah Reedy, Senior Editor, 9/25/2014
US Ignite Cultivates Gigabit Apps
Jason Meyers, Senior Editor, Utility Communications/IoT, 9/25/2014
SoftBank Eyes a DreamWorks Buy – Report
Sarah Reedy, Senior Editor, 9/29/2014
Like Us on Facebook
Twitter Feed