Light Reading

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
The New IP is actually bigger even than business. Like another hugely important tech that Light Reading is digging into right now, the New IP has the potential to change the world by fundamentally advancing what it is possible for people to achieve with communications.
LRTV Huawei Video Resource Center
New Ways of Working

3|5|15   |   4:24   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Hong Kong Telecom's Michael Yue explains how the transformation in its business has changed its customer relationships.
LRTV Huawei Video Resource Center
Bridging the Digital Gap

3|5|15   |   4:03   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Boingo's Dr. Derek Peterson explains how ICT can help telcos bring the physical and virtual worlds closer together.
LRTV Huawei Video Resource Center
Making the Internet of Things Affordable

3|5|15   |   2:42   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Telefonica's Dr. Mike Short explains how the Internet of Things demands a new low-cost approach to connectivity from telcos.
LRTV Huawei Video Resource Center
Evolution, Not Revolution

3|5|15   |   2:00   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Heavy Reading's Patrick Donegan explains why telcos can't be too hasty in their efforts to transform themselves.
LRTV Custom TV
Management & Orchestration Enablement Strategies Required for NFV Commercial Success

3|5|15   |   6:22   |   (0) comments


NFV commercial success rests on successful service orchestration strategies which can span heterogeneous physical, virtual, legacy and next-gen networks. Network data and security integrity are additional key aspects. Nakina provides a suite of orchestratable network integrity applications built on an open, scalable MANO enablement platform.
LRTV Huawei Video Resource Center
The Power of Five Convergences in OceanStor OS

3|4|15   |   6:24   |   (0) comments


OceanStor OS is Huawei's brand-new storage operating system. While inheriting the consistent high stability, reliability and performance from the company's previous storage products, OceanStor OS abounds in new converged storage features. Specifically, the new storage operating system achieves "five convergences" to lift storage convergence to a higher level.
LRTV Huawei Video Resource Center
4K Brings Extreme Video Experience

3|4|15   |   8:10   |   (0) comments


4K video is a hot topic in the video industry. It will certainly bring an extreme video experience to end users. At the same time, however, it will also pose a big challenge to operators. Check out this Huawei 4K experts' discussion about how operators can achieve success in 4K video service.
LRTV Interviews
DT's Virtualization Vision for Europe

3|4|15   |   10:23   |   (0) comments


Light Reading CEO Steve Saunders talks virtualization, cloudification and standards with Deutsche Telekom's Axel Clauberg at Mobile World Congress.
LRTV Custom TV
ZTE's Wireline at MWC 2015

3|4|15   |   6:35   |   (0) comments


Light Reading speaks with Jane Chen, ZTE's Senior VP of Wireline Business, about innovations in her product line at Mobile World Congress.
LRTV Custom TV
ZTE at MWC 2015

3|4|15   |   4:24   |   (0) comments


Dr. Dick Chen of ZTE USA gives Light Reading an overview of what's new at ZTE's pavilion at Mobile World Congress 2015.
LRTV Interviews
Ericsson CEO Talks Telco Data Center Tech

3|4|15   |   05:45   |   (0) comments


At Mobile World Congress, Ericsson CEO Hans Vestberg discusses telco data center technology, business models, small cells and more.
Between the CEOs
EXCLUSIVE: Cisco's Chambers on Reinvention

3|3|15   |   8:24   |   (1) comment


Light Reading CEO Steve Saunders talks transformation and virtualization – including Light Reading's independent testing of the vendor's virtualization solutions – with Cisco CEO John Chambers at Mobile World Congress in Barcelona.
Upcoming Live Events
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 10, 2015, Chicago, IL
All Upcoming Live Events
Infographics
Net neutrality, broadband services and the current outlook on data consumption, as presented by the New Jersey Institute of Technology.
Hot Topics
Internet Pioneers Decry Title II Rules
Carol Wilson, Editor-at-large, 3/2/2015
Wheeler: We'll Enforce Title II 'Case-By-Case'
Sarah Thomas, Editorial Operations Director, 3/3/2015
New CenturyLink CTO in Major Overhaul
Carol Wilson, Editor-at-large, 3/4/2015
Verizon Takes Radio Dot to Detroit, VoLTE Overseas
Sarah Thomas, Editorial Operations Director, 2/27/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Check out Light Reading's interview with Jay Samit, the newly appointed CEO of publicly traded SeaChange International Inc. With a resume that includes Sony, EMI, and Universal, Samit brings a reputation as an entrepreneur and a disruptor to his new role at the video solutions company. Hear what he had to say about the opportunities in video, as well as the outlook for cable, telco, OTT and mobile service providers.