Light Reading
Alarmed at the billions lost in data breaches, enterprises and governments want to write security requirements into their contracts

Putting a Dollar Sign on Network Security

Carol Wilson
12/6/2012
50%
50%

ORLANDO -- Management World Americas -- Wouldn't you think network service contracts would include security requirements?

It may seem like a no-brainer, but most contracts are built around availability and performance, not security. One of the more intriguing TM Forum Catalyst Projects on display here this week is aimed at helping enterprises and governments create contract terms that build in security requirements.

The idea is to create financial incentives to improve security. As network threats become more sophisticated -– most are currently the work of organized crime –- enterprises and governments want more assurance that network operators are working on the problem. The move to cloud services can make it even harder for enterprises and governments to easily track where their applications and data are, and if they are secure, according to Martin Huddleston of the U.K. Defence Science and Technology Lab, which is a participant in the Catalyst.

The key, being pursued in the Catalyst, is to find metrics and targets for the level of security. According to the other participants in the project, including CA Technologies (Nasdaq: CA), McAfee Inc. (NYSE: MFE) and Sooth Technology , the early metrics will be based on well-defined mitigations already established by the computer emergency response teams (CERTs) that operate in most countries. (Common CERTs include the Defence Signals Directorate of the Australian government, the National Institute of Science and Technology and the SANS Institute Top 20 in the United States. Verizon Enterprise Solutions 's annual Security Breach Report is another source of key mitigation data.)

Just implementing CERTs's basic advice could prevent 85 percent of security breaches, says Christy Coffey, the Government/Defense Market Support Center Head for TMForum. These "low-hanging fruit" include implementing patches for operating systems and applications; practicing mobile device management; improving training to reduce human errors; implementing defenses against denial of service attacks; and hardening servers to prevent data leakage.

Take patch management as an example. Contracts could require the network operator to document the time of exposure; the percentage of devices patched and the degree to which they have been patched; the criticality of patch exposure; the audited degree of systems that are susceptible to attack; the percentage of patches resulting in further problems; and the number of patches.

To date, the Catalyst has shown it is possible to monitor almost all of those things; the one that's been elusive to measure is the audited degree of systems that are susceptible to attack. That's basically an identification of those systems which aren't vulnerable and therefore don't require the same vigilance about patching.

All that detail would give enterprises or governments more confidence in the networks they are using. In the future, the data could be collected and benchmarked to establish industry standards, says Coffey.

If the telecom industry doesn't create ways of quantifying network security and building it into contracts, there is the possibility governments will choose to impose some tighter restrictions, to prevent the negative economic impact of continued security breaches, say the Catalyst participants.

— Carol Wilson, Chief Editor, Events, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
From 4G to 5G: Alcatel-Lucent's Dave Geary

11|25|14   |   09:09   |   (1) comment


Dave Geary, President of Wireless at Alcatel-Lucent, talks about the evolution of the 4G market, small cells, partnerships, 5G and the IoT.
LRTV Huawei Video Resource Center
Building a Secure Telefonica Network With Huawei's High-End Firewall

11|24|14   |   4:37   |   (0) comments


Andrew Davies, IP architect of the Telefonica, a leading digital communications company, discusses the Huawei security gateway solution and putting the solution into the testbed.
LRTV Huawei Video Resource Center
Huawei Partners with Spirent to Verify CE12816's 10GE Port & TRILL Networking Capabilities

11|24|14   |   2:50   |   (0) comments


Spirent Communications is the world's leading supplier for telecom testing appliances and solutions. Spirent has been in a close partnership with Huawei for a long time.
LRTV Huawei Video Resource Center
Saudi Airlines & Its ICT Transformation

11|24|14   |   2:07   |   (0) comments


In this video, Saudi Airlines discusses its network problems and how Huawei's Agile Network is its all-in-one solution.
LRTV Huawei Video Resource Center
Huawei's Agile Switch Benefiting Saudi Arabia's Yamamah Hospital

11|24|14   |   2:40   |   (0) comments


Saudi Arabia's Yamamah Hospital speaks about how Huawei's Agile Switch has improved the medical service's network infrastructure.
LRTV Huawei Video Resource Center
FanPlay & Huawei Build a Wireless Agile Smart Stadium

11|24|14   |   2:13   |   (0) comments


FanPlay is a cloud-based white label service, which is effectively a football fan engagement platform underpinned by mobile payment technology.
LRTV Huawei Video Resource Center
Building an Agile Stadium

11|24|14   |   3:54   |   (0) comments


Stadiums may be thousands of tons of concrete and steel, but they now need to be agile. Being at the stadium may not be as alluring as it once was. Sports franchises and stadium operators discuss how to get fans back.
LRTV Huawei Video Resource Center
Huawei Helps ChinaCache Tackle Challenges in the Internet Industry

11|24|14   |   3:09   |   (0) comments


ChinaCache is China's largest content distribution network supplier. Huawei's CE12800 has provided ChinaCache with very strong support in its establishment of an infrastructure network.
LRTV Huawei Video Resource Center
Cefinity on Managed Security Services & Next-Generation Firewall

11|24|14   |   7:05   |   (0) comments


Cefinity is a cloud management service provider in Southeast Asia. Ivan Zhang, CEO of the company, discusses the implementation of security service management in the cloud era.
LRTV Huawei Video Resource Center
Huawei's Agile Gateway in the Eyes of Cefinity

11|24|14   |   2:11   |   (0) comments


Cefinity is a managed service provider for enterprise networks. The company currently uses Huawei's AR series routers for the most complete range of functions. CEO Ivan Zhang speaks about the advantages of the AR series routers.
LRTV Huawei Video Resource Center
CTO of Bus-Online Talks About Huawei's Agile Gateway

11|24|14   |   2:53   |   (0) comments


Bus-Online covers around 100 million users everyday. In addition to providing mobile TV, and advertising services to the public, Bus-Online has also entered the field of mobile Internet.
LRTV Huawei Video Resource Center
Amsterdam ArenA as an Agile Campus

11|24|14   |   3:31   |   (0) comments


The Amsterdam ArenA, home of the Ajax soccer team, can be a crowded space. ArenA has partnered with Huawei to work on bringing ample bandwidth to 53,000 people at the same time.
Upcoming Live Events
December 2, 2014, New York City
December 3, 2014, New York City
December 8-10, 2014, Reykjavik, Iceland
February 10, 2015, Atlanta, GA
April 14, 2015, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
Irish Telecom outlines the rise of VoIP technology, including its adoption within businesses and their perception of its quality.
Hot Topics
$38.3M: Ain't That a Kik in the SMS
Sarah Reedy, Senior Editor, 11/20/2014
Do You Have a 2020 Vision?
Dennis Mendyk, Vice President of Research, Heavy Reading, 11/21/2014
Operators Should Block Ads to Get Their Cut, Startup Says
Sarah Reedy, Senior Editor, 11/24/2014
$35B+ Spectrum Auction Dings Verizon, Shines Dish
Dan Jones, Mobile Editor, 11/24/2014
Amazon Eyes Ad-Supported Video – NY Post
Mari Silbey, Independent Technology Editor, 11/25/2014
Like Us on Facebook
Twitter Feed