Light Reading
Alarmed at the billions lost in data breaches, enterprises and governments want to write security requirements into their contracts

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
LRTV Documentaries
Sprint's Network Evolution

7|24|14   |   14:59   |   (0) comments


Sprint's Jay Bluhm gives a keynote speech at the Big Telecom Event (BTE) about Sprint's network and services evolution strategy, including Spark.
LRTV Documentaries
BTE Keynote: The Software-Defined Operator

7|24|14   |   18:43   |   (1) comment


Deutsche Telekom's Axel Clauberg explains the concept of the software-defined operator to the Big Telecom Event (BTE) crowd.
Light Reedy
Numbers Are In: LR's 2014 Salary Survey

7|24|14   |   1:25   |   (5) comments


Our fourth annual Salary Survey paints a picture of who's hiring, firing, earning, and yearning for a change in the telecom industry.
LRTV Custom TV
Driving the Network Transformation

7|23|14   |   4:29   |   (0) comments


Intel's Sandra Rivera discusses network transformation and how Intel technologies, programs, and standards body efforts have helped the industry migration to SDN and NFV.
LRTV Custom TV
Distributed NFV-Based Business Services by RAD

7|18|14   |   5:38   |   (0) comments


With the ETSI-approved Distributed NFV PoC running in the background, RAD's CEO, Dror Bin, talks about why D-NFV makes compelling sense for service providers, and about the dollars and cents RAD is putting behind D-NFV.
LRTV Custom TV
MRV Accelerating Packet Optical Convergence

7|15|14   |   6:06   |   (0) comments


Giving you network insight to make your network smarter.
LRTV Custom TV
NFV-Enabled Ethernet for Generating New Revenues

7|15|14   |   5:49   |   (0) comments


Cyan's Planet Orchestrate allows service providers and their end-customers to activate software-based capabilities such as firewalls and encryption on top of existing Ethernet services in just minutes.
LRTV Custom TV
Symkloud NVF-Ready Video Transcoding, Big Data

7|9|14   |   3:41   |   (0) comments


Kontron and ISV partner Vantrix demonstrate high-performance video transcoding and data analytic solutions on same 2U standard platform that is ready for SDN and NFV deployments made by mobile, cable and cloud operators.
LRTV Huawei Video Resource Center
The Evolving Role of Hybrid Video for Competitive Success

7|4|14   |   4:09   |   (0) comments


At Huawei's Global Analysts Summit in Shenzhen, China, Steven C. Hawley from TV Strategies speaks to us about the evolving role of hybrid video for competitive success.
LRTV Huawei Video Resource Center
How CSPs Leverage Big Data in the Digital Economy

7|4|14   |   4:48   |   (2) comments


Justin van der Lande from Analysys Mason shares with us his views on how telecom operators can leverage customer asset monetization with big data. His discusses the current status of big data applications and the challenges and opportunities for telecom operators in the digital economy era.
LRTV Huawei Video Resource Center
Accelerator for Digital Business Future Oriented BSS

7|4|14   |   3:08   |   (0) comments


Mobile and internet are becoming intertwined; IT and CT are integrating; and leading CSPs have begun to transform to information service and entertainment providers. How should the BSS system evolve to enable this transformation? Karl Whitelock, an analyst at Frost & Sullivan, shares his views.
LRTV Huawei Video Resource Center
Orange Tunisia Discusses Multi-Band Antenna With EasyRET Solution

7|4|14   |   2:45   |   (0) comments


As new site acquisition becomes more difficult, Orange Tunisia has requested multi-band antenna to support UMTS and LTE innovation. Some things considered include reducing the cost of antenna maintenance and having high reliability antenna and EasyRET solution.
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
October 29, 2014, New York City
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Packet Design asks network professionals how they handle the cloud, SDN, and network management.
Today's Cartoon
Hot Topics
The Municipal Menace?
Jason Meyers, Senior Editor, Utility Communications/IoT, 7/22/2014
Cisco Puts a Fog Over IoT
Sarah Reedy, Senior Editor, 7/23/2014
GM: 10 Car Models on Road With AT&T's LTE
Dan Jones, Mobile Editor, 7/18/2014
Apple Earnings: Strong iPhone Sales, iPad Sales Slump, $7.8B Profit
Mitch Wagner, West Coast Bureau Chief, Light Reading, 7/22/2014
Like Us on Facebook
Twitter Feed