Light Reading

Putting a Dollar Sign on Network Security

Carol Wilson

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
From The Founder
The comms industry is rallying to the cause of open, independent interoperability testing.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Interviews
BT Updates on Plans

10|2|15   |   03:16   |   (2) comments

Peter Bell, CIO at Openreach, the access network division at UK incumbent BT, provides an update on the operator's trials and how Openreach is planning to deploy the broadband technology in its street cabinets.
Telecom Innovators Video Showcase
Sonus Shakes Up SD-WAN

10|2|15   |   7:22   |   (0) comments

Sonus CTO Kevin Riley sat down with Light Reading to discuss the trajectory of the company, its SDN ambitions and why Sonus is taking a market-disruptive approve to SD-WAN.
LRTV Interviews
CityFibre's Gigabit Vision

10|1|15   |   03:18   |   (1) comment

Mark Collins, director of Strategy & Public Affairs at competitive UK city network operator CityFibre, talks about his company's plans to help build Gigabit Cities.
Telecom Innovators Video Showcase
Automate, Scale & Create With Juniper's vCPE Solution

10|1|15   |   6:34   |   (0) comments

Join Kireeti Kompella, Juniper Networks CTO, and Steve Saunders, Light Reading Founder and CEO, as they discuss Juniper Networks' approach to NFV showcased with a turnkey vCPE solution, which demonstrates how service providers can use automation to rapidly deploy services.
LRTV Interviews
Gigabit Europe: Day 1 Takeaways

9|29|15   |   05:47   |   (5) comments

Light Reading's Ray Le Maistre and Iain Morris sup a beer and discuss some of the key takeaways from the first day of Gigabit Europe 2015.
LRTV Interviews
Gigabit in Europe

9|29|15   |   04:24   |   (0) comments

At the Gigabit Europe 2015 event in Munich, Heavy Reading's Graham Finnie talks about the availability of gigabit broadband in Europe.
Women in Comms Introduction Videos
AT&T's Band of Women

9|28|15   |   4:36   |   (0) comments

Brooks McCorcle, the president of AT&T's partner solutions divisions and a mathematician by trade, shares stats on AT&T's diversity and advice on how to create your own band of women at work.
Telecom Innovators Video Showcase
Metaswitch's New CEO Martin Lund Discusses His Role

9|25|15   |   11:36   |   (0) comments

Technology industry veteran Martin Lund joins Metaswitch Networks this week as the company's new CEO. In this interview, Lund discusses his new role and the industry's progress with Light Reading CEO Steve Saunders. Lund believes that the industry disruption caused by SDN and NFV is creating opportunities for companies like Metaswitch – network software providers ...
It's All About That App

9|23|15   |   02:15   |   (2) comments

The long-range goal of service providers is to deliver app-specific network performance and that is showing up in technical developments today.
Women in Comms Introduction Videos
Verizon's Healthy Approach to WiC

9|22|15   |   2:30   |   (2) comments

If you think there are too few women in comms, you should see the healthcare industry. Nancy Green, Verizon's healthcare global lead, shares ideas on what we can do about it.
LRTV Huawei Video Resource Center
UBBF 2015 Highlights

9|22|15   |     |   (0) comments

Drilling down deeper into the transformation process will provide network operators with a practical look at building new businesses around a digital virtualized network architecture, and lay out some of the transition steps required, particularly in the struggle to enable more dynamic and focused enterprise network services.
Telecom Innovators Video Showcase
ActiveVideo's Cloud Virtualization Technology

9|22|15   |   7:23   |   (0) comments

ActiveVideo's CMO, Murali Nemani, discusses how virtualized CPE functions can deliver applications from the cloud to various devices at home.
Upcoming Live Events
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
November 17, 2015, Santa Clara, California
December 1, 2015, The Westin Times Square, New York City
December 2, 2015, The Westin Times Square, New York City
All Upcoming Live Events
Communication service providers realize that an ICT transformation is critical to their long-term survival, but most haven't yet committed to making it happen.
Hot Topics
Are Sports Next for Netflix?
Mari Silbey, Senior Editor, Cable/Video, 9/28/2015
Google Gives Huawei a US Device Boost
Dan Jones, Mobile Editor, 9/29/2015
Following the Bouncing Capex Ball
Carol Wilson, Editor-at-large, 9/29/2015
Verizon's Go90 Is Live – Will Anyone Watch?
Mari Silbey, Senior Editor, Cable/Video, 10/1/2015
Good News for NFV Interoperability
Steve Saunders, CEO and founder, Light Reading, 9/29/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
With so many new and exciting communications technologies now under development, it's easy to get caught up in the industry's escalating hype cycle. That's why the ...
Last week saw a big day in the 15-year history of Light Reading when Editor-in-Chief Ray Le Maistre and I were invited to interview the Deputy Chairman and Rotating ...
Cats with Phones
Hold My Calls, Indefinitely Click Here