Telco Operators and Service providers in Saudi are under pressure to do two things – one is to respond faster to market innovations and user demand and specifically around differentiation. Today as we know the average revenue per subscriber from voice is declining. So service providers have to rely on more innovative services in the data space and bundling offers to be able to attract more subscribers. The other area is the increased user demand for bandwidth and applications. This is forcing SPs to upgrade their networks and data centers. With declining budgets and margins, they have to do something different to maintain profitability and cut costs. They are finding Private Cloud and Software Defined Networks (SDN) to be the answer and are embarking on a journey to centralize & consolidate services. They have begun to adopt server virtualization, SDN and Network Functions Virtualization (NFV) technologies to reduce footprint of their architectures & networks
One of the major advantages of deploying SDN is that the management of all systems within the network has a centralised controller. This single plane of control acts as a decision point for the whole network as access can be granted to all equipment in the network, easing and speeding up the management process.
Yarob Sakhnini, regional director, MEMA at Brocade says that by centralising the control however, you also create a significant target for any malicious activity. For telecoms operators, making sure that this central controller plane isn’t comprised therefore needs to be a top priority. Without sufficient protection, the controllers could be compromised which would pose a significant threat to the network and the data being interacted with it.
Secondly, SDN poses challenge in terms of the roots of trust (RoT) that are used to validate control signals within the network. In a traditional infrastructure, it is possible to manage this verification process by locking software to specific pieces of hardware. With SDN this simply doesn’t work and it therefore raises a question of how to manage the roots of trust. The processes for this are still in development and it is likely to require collaboration from across the industry in order to agree on an appropriate mechanism.
Safeguarding customer data and applications with the Advent of Cloud
In a traditional network environment, internal data was protected by firewalls and security breaches were, relatively speaking, easy to identify. However, in a hybrid or cloud environment, potential threats and rising issues become much less visible.
The onus falls very much on the service providers to make sure they have rigorous processes and robust technologies in place to safeguard their customers’ data and application. Telecoms companies should therefore be building security measures into every layer of the network. Analytics is particularly important here. Operators should be automatically identifying any traffic abnormalities. Deviation from normal activity, such as peak-flows and behavioural changes, can often be a good indicator that there is an attack on the application layer or a break into the network.
Again, cross-industry collaboration will be very important here. Telecoms companies should be sharing data about threats they have encountered and new approaches to dealing with them. This pooling of knowledge will help the industry to adapt to emerging threats much faster, which is essential to protecting customers.
Industry Collaboration – Putting a Security Framework in place
Ultimately, the move towards SDN will result in significant security advantages for telecoms firms and their customers. SDN makes it possible to create very granular virtual networks and very secure multi-tenant environments. This is highly desirable from a security standpoint since it means that any malicious entity entering the network will only be able to access very limited internal resources.
However, there is no doubt that progress needs to be made in order for this to become a reality. Industry collaboration is absolutely essential in order to create workable roots of trust that are standardised and reliable. It would be great to see the industry working together across all levels to make sure that a robust, consistent security framework is put in place.