Network operator security teams suffer from an unfair reputation and could do with some help and support from the rank and file within service providers and from top-level management.
"There is a perception that network operator security teams are the bad guys, that they are putting the block on the commercial teams. But that's not the case. They are on top of the challenges and understand all the threats, even if they don't currently have all the ideas about how to mitigate the threats. They are actually at the front line of moving things forward and they need their management teams and peers to step up and help," says Donegan, who has been delving into evolving network security issues for several years. (See Mobile Ops Must Hike Security Spending , Mobile Security: The Snowden Fallout and Mobile Ops Lose $15B Yearly to Network Outages.)
The security teams can only do so much without broader support, continues the analyst. "The security folks have a limited budget and the challenges they face are enormous. Security threats are growing -- it's an increasingly aggressive landscape and the level of vulnerabilities only grows" when SDN and NFV are added to the network architecture.
"The security teams at the network operators need two things. They need other departments to step up and take on some of the low-level security responsibilities within an organization -- the security teams have better things to do. And they need greater support from executive management. The top teams needs to embrace the new QoS -- differentiated Quality of Security.
"Operators need to be willing to provide variable levels of security depending on the needs of a service or customers and sometimes that will involve a relaxation of the very highest levels of security. The security teams can achieve this, but executive teams need to take responsibility… the processes and lines of communication to achieve this don't currently exist," says Donegan. (See Security Suffers From 'Not My Job' Mentality .)
There also needs to be a greater awareness of what advanced network security strategies and support can bring to the table, adds Donegan. "When we look at security issues around the use of hypervisors, SDN controllers and the opening up of APIs to customers, the security team understand them and are actually more positive about the impact of these technologies than they are negative. The combination of SDN and NFV actually enables security to be implemented in a more unified and coherent way and also open up new revenue opportunities -- it provides operators with a more efficient and manageable way to offer and sell security services to enterprises." (See Surprise! The Cloud Has Security Advantages.)
— Ray Le Maistre, , Editor-in-Chief, Light Reading