& cplSiteName &

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
The independent evaluation of Nokia's key virtual network functions (VNFs) was a defining moment for the Finnish giant.
Flash Poll
Live Streaming Video
Charting the CSP’s Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it’s going from two industry veterans.
LRTV Custom TV
Cable & the Move to IPTV

5|31|16   |   04:44   |   (0) comments


Cable operators are looking at transitioning operations to IPTV, and some have already started. What issues do operators face? What opportunities will this bring to customers? These are just a few of the questions Alticast considers in this interview between Alan Breznick and Susan Crouse at INTX 2016.
LRTV Custom TV
Ooredoo at UBBS 2016

5|31|16   |   06:04   |   (0) comments


At UBBS 2016 in Dubai, Light Reading is joined by Ooredoo Qatar's Yann Courqueux for an in-depth interview on their success.
LRTV Custom TV
du's Success Infrastructure

5|31|16   |   11:48   |   (0) comments


At UBBS 2016 in Dubai, Light Reading is joined by du's Jasim Alawadi for an in-depth interview on deploying all types of technology.
LRTV Custom TV
What Is Customer Experience Management?

5|31|16   |   05:53   |   (0) comments


At UBBS 2016 in Dubai, Light Reading is joined by Huawei's Michael Spratt for an in-depth interview on customer experience management.
LRTV Custom TV
UBBS 2016 World Tour Highlight

5|31|16   |   02:43   |   (0) comments


At UBBS World Tour 2016 in Dubai, Light Reading takes an exclusive look at the latest Huawei technology and the future of broadband.
LRTV Interviews
Getting Somewhere With TV Everywhere

5|31|16   |   7:08   |   (0) comments


Comcast's Vito Forlenza describes the progress his company is making with TV Everywhere and the challenges that remain.
LRTV Custom TV
Cisco's Innovations in Cable

5|26|16   |   03:18   |   (0) comments


Marc Aldrich from Cisco discusses the latest in security, the evolution and momentum for CCAP and what the industry will be seeing next from Cisco.
LRTV Documentaries
Leading Lights 2016 Highlights

5|25|16   |   02:26   |   (1) comment


Some of the high points from this year's Leading Lights awards dinner at the Hotel Ella in Austin, Texas.
LRTV Documentaries
Light Reading Hall of Fame 2016

5|23|16   |   05:43   |   (0) comments


Find out who has been welcomed into Light Reading's Hall of Fame this year.
LRTV Custom TV
ZTE TM Forum Highlights

5|23|16   |     |   (0) comments


ZTE showcased its new ICT solutions at TM Forum in Nice.
LRTV Interviews
Gamma's MD on the Emergence of UC2

5|20|16   |     |   (0) comments


Gamma Communications Managing Director David Macfarlane believes the unified communications (UC) market has reached a tipping point.
LRTV Custom TV
The Ultimate 5-Minute Guide to Digital Customer Engagement

5|20|16   |     |   (0) comments


In this short video, you will hear all about how Digital Customer Engagement is the key to meeting customer expectations, keeping them happy, and maximizing revenue. VP Product & Marketing at Pontis, Ofer Razon, breaks down for ...
Upcoming Live Events
September 13-14, 2016, The Curtis Hotel, Denver, CO
December 6-8, 2016,
June 16-18, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
Hot Topics
Cisco's Patel Hails 'Microculture' Successes
Iain Morris, News Editor, 5/26/2016
Cable Is Eyeing Its Retail Options
Mari Silbey, Senior Editor, Cable/Video, 5/25/2016
AT&T's Margaret Chiosi Retires
Ray Le Maistre, Editor-in-chief, 5/25/2016
CenturyLink Targets 'Six Nines' Reliability
Iain Morris, News Editor, 5/31/2016
West Coast Gets Its First 10-Gig City
Mari Silbey, Senior Editor, Cable/Video, 5/26/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
Animals with Phones
Please Pass the Waterproof Phone Click Here
Walruses: more tech-savvy than you might think.
Live Digital Audio

Our world has evolved through innovation from the Industrial Revolution of the 1740s to the information age, and it is now entering the Fourth Industrial Revolution, driven by technology. Technology is driving a paradigm shift in the way digital solutions deliver a connected world, changing the way we live, communicate and provide solutions. It can have a powerful impact on how we tackle some of the world’s most pressing problems. In this radio show, Caroline Dowling, President of Communications Infrastructure & Enterprise Computing at Flex, will join Women in Comms Director Sarah Thomas to discuss the impact technology has on society and how it can be a game-changer across the globe; improving lives and creating a smarter world. Dowling, a Cork, Ireland, native and graduate of Harvard Business School's Advanced Management Program, will also discuss her experience managing an international team focused on innovation in an age of high-speed change.