Light Reading
Alarmed at the billions lost in data breaches, enterprises and governments want to write security requirements into their contracts

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
LRTV Custom TV
Why SPs Should Consider Cisco's EPN

8|27|14   |   5:40   |   (0) comments


Sultan Dawood from Cisco discusses Cisco's EPN, which enables SPs to build agile and programmable networks delivering new network virtualized services using Cisco's Evolved Services Platform (ESP).
LRTV Huawei Video Resource Center
Huawei’s Showcase @ Big Telecom Event 2014

8|26|14   |   2.56   |   (0) comments


SoftCOM is Huawei's framework for telecom business and network transformation. Haofei Liu, Solution Marketing Manager, Carrier Business Group, Huawei, showcases Huawei's SoftCOM architecture in this video.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of Integrated Solutions on SoftCOM & NFV Monetization

8|26|14   |   4.43   |   (0) comments


Libin Dai, Director of Integrated Solutions, Carrier Business Group, discusses Huawei's SoftCOM and NFV monetization. Huawei believes that NFV monetization should be service-driven rather than network-driven, and that operators should have network transformation, service transformation and a compatible and collaborative ecosystem in place in order to deploy NFV.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of US NFV Lab on CloudEdge & the Future of NFV

8|26|14   |   4.06   |   (0) comments


Sean Chen, Director of US NFV Lab at Huawei, discusses Huawei's new approach to NFV in open collaboration. Huawei believes that through Proof of Concept tests, it could help operators learn and communicate with the industry more effectively. Sean believes that successful implementation of NFV should have its values reaching to end users and discusses how Huawei's ...
LRTV Huawei Video Resource Center
Huawei's Highlights @ Big Telecom Event 2014

8|26|14   |   3.34   |   (0) comments


At the Big Telecom Event in Chicago Huawei showcases its high-level strategy, the SoftCOM architecture, which helps operators reduce the cost of ownership of their network infrastructure and generate additional revenue in the ICT service environment. Huawei showcases over 30 pilot programs from across the globe, focusing on the industry-leading commercial ...
LRTV Custom TV
VeEX – Live from the Show

8|21|14   |   5:58   |   (0) comments


An overview of VeEX Test and Measurement solutions including TX300S multi-service test set with VeExpress cloud-based management system, UX400 universal modular platform supporting 100G testing, and the redesigned RXT modular platform.
LRTV Custom TV
Transitioning CE 2.0 Networks Into the SDN & NFV Era With Telco Systems

8|19|14   |   5:19   |   (0) comments


Telco Systems' Ariel Efrati (CEO) and Moshe Shimon (VP of Product Management) discuss virtualization and how the company's new Open Metro Edge solution utilizes the SDN and NFV concepts to accelerate and orchestrate service delivery through its innovative product portfolio and software applications.
LRTV Custom TV
NFV Myths: Is NFV Still Several Years Away?

8|11|14   |   1:13   |   (0) comments


Some say that NFV (network functions virtualization) is still several years away from being implemented on mobile operator networks. This isn't the case. Operators can get started on their paths to NFV now, as this short video from Skyfire shows.
LRTV Custom TV
A New Security Paradigm in SDN/NFV

7|28|14   |   02:54   |   (0) comments


Paul Shaneck, Global Director Network Solutions for Symantec, discusses the evolving virtualized network, explaining how Symantec is leading the security discussion as it relates to SDN and NFV, and helping to ensure the network is protected and compliant.
LRTV Documentaries
Sprint's Network Evolution

7|24|14   |   14:59   |   (0) comments


Sprint's Jay Bluhm gives a keynote speech at the Big Telecom Event (BTE) about Sprint's network and services evolution strategy, including Spark.
LRTV Documentaries
BTE Keynote: The Software-Defined Operator

7|24|14   |   18:43   |   (1) comment


Deutsche Telekom's Axel Clauberg explains the concept of the software-defined operator to the Big Telecom Event (BTE) crowd.
Light Reedy
Numbers Are In: LR's 2014 Salary Survey

7|24|14   |   1:25   |   (7) comments


Our fourth annual Salary Survey paints a picture of who's hiring, firing, earning, and yearning for a change in the telecom industry.
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
September 23, 2014, Denver, CO
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Hot Topics
Comcast Streams Back to School
Mari Silbey, Independent Technology Editor, 8/21/2014
T-Mobile: Small Cells? We're Dense Already
Dan Jones, Mobile Editor, 8/22/2014
Level 3 Does Big Data Differently
Carol Wilson, Editor-at-large, 8/21/2014
Verizon Launches QR Code Security Solution
Carol Wilson, Editor-at-large, 8/26/2014
Utilities to Pump $11.2B Into Smart Grid – Study
Jason Meyers, Senior Editor, Utility Communications/IoT, 8/26/2014
Like Us on Facebook
Twitter Feed