Business & Technology

Security in Service Providers’ Evolution Towards Micro-Services Architecture

By Ronen Shpirer | March 31, 2022

Service providers (SPs) look to enhance their value to enterprise verticals with the delivery of value-add applications on top of connectivity. Cloud-native technologies and architecture are the tools enabling them to do so like never before.

One of the main components of cloud-native is the use of micro-services architecture, running in containers as an efficient, agile, and fast way for applications to get deployed and upgraded.

The evolution of SPs towards cloud-native architectures and tools is ongoing, defined by technological, operational, and commercial considerations, such as technology maturity and feasibility, scalability limitations, human resources expertise, know-how, and revenue-generating use case viability, etc.

This approach of evolution rather than revolution in service provider networks and services is now being accelerated with the deployment of cloud-native 5G cores, the gradual build of edge compute sites, the availability of cloud hyperscalers’ cloud-native tools and platforms, and the growing acceptance of micro-services and containers as the de-facto applications deployment and operation architecture.

Containerized Security Functions from Fortinet

Cloud-native is driving the need to deploy security to meet specific technology and architecture aspects of these critical environments. Such solutions must secure the cloud-native ecosystem, from the application development phase to the ongoing operations of the production platform.

Fortinet develops and delivers a comprehensive set of security solutions for the end-to-end value creation and delivery for these environments. This year our solutions will expand to deliver fast, agile, and efficient containerized security functions.

These containerized security functions leverage Fortinet’s 20 years of experience and know-how in security to cover multiple security use cases across on-premises and cloud, such as IPS, segmentation and perimeter security, as well as service provider specific use cases such as mobile RAN security and carrier grade-NAT.

With one of the smallest footprints in the industry, a limited containerized version of FortiOS has already been deployed in embedded devices with very limited resources and space, such as the Linksys CPE, car onboard systems, or industrial devices. This small container image serves as the basis for more powerful and scalable containerized security functions for SPs networks.

As truly multi-platform functions, they will run on both x86 and ARM platforms with the same level of functionality and be available on the major K8S distributions, such as OpenShift or Tanzu, as well as public cloud container environments, such as AWS EKS, Azure AKS, and Google GKE.

The gradual introduction of containerized security functions will allow us to continue and accompany our SP customers in their journey towards greater value generation on cloud-native platforms and allow them to secure existing and future use cases that require a range of containerized security functions.

But containerized security functions are not enough. More is needed to empower SPs security in their cloud-native environments.

Containerized Security Functions are Only Part of Securing SPs’ Cloud Native Environments

The below diagram provides a glimpse into Fortinet’s holistic approach to accompanying service providers in their journey to operational cloud native platform as service and value delivering platforms. The building blocks of our solutions are based on the following three key principles: 

1. Embed security visibility and control into DevOps pipelines
2. Secure the operational cloud-native environment

a. Kubernetes infrastructure and control plane
b. Secure the container workloads and their supply chain

3. Secure the runtime environment

a. Kubernetes nodes and associated user plane
b. Application-level security
c. Compliance requirements

Hybrid Stack Protection is Required  

Some microservices applications run in containers on a virtual machine, while others are on bare metal Linux. The evolution to cloud-native passed through a hybrid environment where legacy and new coexist must be secured – not as separated silos and bereft of integration which introduces complexity and unnecessary barriers to effective security visibility, detection, and response.

Take mobile network operators for example where 4G infrastructure based on VMs and legacy solutions coexist with 5G standalone networks and services based on cloud-native technologies. There are a wide set of common services delivered via both platforms and securing this hybrid stack is required. As MNOs search to provide beyond connectivity type of services to the business segment, the criticality of these hybrid environment is growing and with it, internal and external demands for security and compliancy.

There is a distinct need to integrate security visibility, monitoring, and protection across a hybrid stack including the Linux host, VMs, containers, applications, and services. These must provide security for the entire telco cloud where interdependencies such as relations between application-VM/container-host are covered.

Security in such a hybrid stack is enabled by the Fortinet Security Fabric which brings together the concepts of networking and security convergence and consolidation to provide comprehensive cybersecurity protection throughout the service provider environments and locations.​ The Fortinet Security Fabric also provides the one of the largest cybersecurity ecosystems in the industry, providing 3rd party integrated security solutions for service providers to attain advanced security across their digital infrastructure.

Use Case Considerations Are Paramount

Other than the need to secure the end-to-end service creation and delivery in a service provider’s cloud native and micro-services environment, another important consideration is the use case itself:

  1. What is the service provider trying to achieve? (The business objective)
  2. How will it be achieved? (Technologies, platforms, and tools to be used)
  3. What are the security considerations? (Internal and external risk, compliancy requirements)
  4. What are the security solutions? (Specific to the use cases and within the overall security infrastructure in place)

Use case considerations introduce factors such as cost, time to market, operational limitations, physical space, predictability, performance, latency, and other considerations that may have a significant impact of the technology and solutions deployed to achieve the business objective of a specific use case.

This is also true for the security aspect and is therefore important that Fortinet support any solution to secure a service provider’s objectives and use cases as well as the technologies they use, either legacy, virtualized, cloud-native, or hybrid.

With that in mind, Fortinet solutions span physical, virtual, containerized, and SaaS form factors to enable the best possible fit to service providers’ hybrid environments and many use cases, while providing common functionality, integration, and automation regardless of the form factor.

Find out how Fortinet remains a global leader in broad, integrated and automated cybersecurity solutions: Fortinet Innovation series.

Learn more about how Fortinet secures the evolution to the telco cloud model to drive efficiency, agility, and growth.