As the telecommunications space evolves to serve new segments like IoT and use new technologies like NFV and SDN, security remains a critical challenge
This is a time of great opportunity for communications service providers. Demand for all sorts of cloud-based services is on the rise. Technologies such as software-defined networking and network functions virtualization promise more efficient ways to provide digital network services. And the emergence of the “internet of things” and industrial IoT is delivering a host of new business prospects for carriers.
It’s also a time of significant challenges and uncertainties. One of the biggest challenges is ensuring carrier networks and operations overall are secure. The number of intrusions and the sophistication of the attacks are constantly on the rise. And with the emergence of IoT – with countless devices, products, assets and even people connected via the internet – the level of risk goes even higher.
For carriers such as communications service providers, this is a time to take stock in their cybersecurity strategies and determine what they need to do to protect themselves and their customers from attack. Solutions are available to provide a high level of protection, and it’s imperative carriers explore these offerings in order to meet the increasing dangers.
Growing threats and challenges
All types of businesses are potential targets for hackers, malware writers, “rogue” entities within foreign government, “hacktivists,” cybercriminals and other bad actors. CSPs are no exception.
For carriers, this is a period of transition as they offer newer services such as cloud hosting, mobile communications, content delivery, IoT, IIoT, mobile payments and a host of other digital offerings made possible by higher bandwidth, new applications and growing demand for digital services. At the same time, communications carriers can deploy newer technologies such as software-designed networking and network functions virtualization, which can help them better and more cost-effectively serve their customers through increased network efficiency.
Security threats can potentially derail these opportunities by putting company and customer data at risk of exposure and theft. Industry research shows how vulnerable carriers are to attacks. For example, according to the “Global State of Information Security Survey 2016” by consulting firm PricewaterhouseCoopers, as disruption in the industry accelerates, “organizations face a rapidly evolving business environment that is rife with both prospect and peril.”
In 2015, communications carriers reported a 45% increase in detected information security incidents compared with the year earlier, the PwC report says. Carriers typically store a large amount of detailed customer data that is of high value to certain adversaries, the report notes, so it’s no wonder that compromise of customer records increased 25% in 2015, from the year before.
One of the areas that’s of greatest concern for the industry when it comes to data security and privacy is also an area of great potential business growth: IoT. This includes digitally connected homes and vehicles, segments of IoT that carriers are well positioned to serve.
The PwC report notes there are serious privacy and security risks associated with connected homes and vehicles because providers will amass and store an unprecedented amount of information about consumer activity and create points of access into home and car networks that didn’t exist in the past.
This ecosystem is far from secure, the firm points out. Incidents involving IoT components such as operational systems, embedded devices and consumer technologies – including home routers – more than doubled in 2015. Securing this ecosystem will require robust authentication, monitoring and threat-intelligence correlation to safeguard networks and help support data privacy.
Yet another emerging market segment that potentially brings added risk for carriers is mobile payments. Contactless payment services are a natural fit for communications carriers, and many are partnering with technology companies, credit card issuers, banks and retailers to develop mobile payment systems that can drive new revenue streams. But the adoption of new payment systems might bring unexpected security risks.
The move to open SDN can also present new security threats for carriers. SDN is an emerging architecture that decouples the network control function from hardware, allowing it to be directly programmable and the underlying infrastructure to be abstracted for applications and network services. SDN allows network managers to configure and manage network resources quickly through automated SDN programs.
When deployed through open standards, SDN makes network design and operation simpler as instructions are provided by SDN controllers instead of vendor-specific devices and protocols. SDN can provide automated provisioning, network virtualization and network programmability to data center and enterprise networks, and the increased network flexibility can help enterprises as they move into cloud computing, mobile technology and the IoT.
But the technology is still relatively new and vulnerabilities have already been detected within the SDN architecture, particularly the data plane and controller layers. Recent security breaches in the carrier industry show how costly they can be. In April 2015, a federal agency entered into a multimillion-dollar settlement with a communication company to resolve an investigation into consumer privacy violations at the company’s call centers in various countries.
Finding the right solution
Clearly, the need for stronger information security among carriers is growing, even as new technologies are opening up new opportunities for revenue growth. The good news is that solutions are available in the market; carriers just need to know which ones are most likely to meet their needs. Information technology and business leaders at carriers should look for the characteristics of what makes an ideal solution for communication service providers.
Among the most important criteria of any security solution is that it performs at a high level and not interfere with the performance of a carrier’s network services. Quality of service is an important factor when customers are choosing carriers and anything that hinders it will be a detriment to the business.
Another important consideration with any solution is that it be easily scalable and maintain high performance at scale. As carriers expand their coverage areas, network service offerings and customer base, they need to scale up the security solution as well in order to keep providing a secure infrastructure.
To that end, is the product designed in such a way to operate at a high level even as it scales up? The solution should offer the ability to run multiple security applications without degrading performance.
Also important is the ability to provide an integrated, adaptive architecture that’s designed to offer distributed security against threats from IoT and remote devices, both on premises and in the cloud.
Another factor to look at is whether a solution is aligned to the various network environments that a carrier runs. This includes data center solutions, virtualized security, cloud-based security adapted to emerging SDN/NFV implementations, etc.
In addition, does the solution offer advanced threat protection, which provides up-to-date defenses against the latest attacks? Many of the recent data breaches have fooled or evaded legacy security solutions.
Yet another important consideration is whether the solution provides support for managed security service provision. This is especially critical for carriers that are in the business of selling security services to customers. Managed security services are one of the fastest-growing revenue opportunities for carriers.
Finally, the solution should provide unified threat intelligence and management. In this way, all components – networks, wired and wireless equipment, client devices and other elements of the infrastructure – can be easily managed from one place.
Time to boost security now
The world is getting a lot more interesting for communications carriers – filled with opportunities to deliver new and possibly lucrative network services for businesses and consumers. The growth of the IoT alone holds tremendous potential for new business opportunities.
But this is also a time of great risk for carriers as they face increasingly sophisticated security threats that can disrupt operations and lead to lost business. These threats are not going away and, in fact, could get worse as digital communications become ever more prevalent. By deploying effective solutions that are specifically aimed at addressing the threats to carriers and working within their unique infrastructures, carriers can take steps toward protecting their data and ensuring the highest level of services for their customers.
Matt Pley is the VP for Fortinet’s Carrier and Service Provider Group. Pley has worked for the company since 2008, when he began as the sales director of the group. Previously, he served as the global account manager for Check Point.
Editor’s Note: In an attempt to broaden our interaction with our readers we have created this Reader Forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.