Industry Trends

Security Considerations for Carriers: What’s on the Horizon?

By Tyson Macaulay | May 23, 2016

Not too long ago, carriers had fairly straightforward options for their security: they bought one vendor’s box with the same vendor’s firewall, email filtering, and web application firewalls. 

Then came the dynamic duo of software defined network (SDN) and network function virtualization (NFV). NFV allows all network components to run in software on top of common “white box” hardware. By de-coupling hardware and software components, carriers have the power to virtualize services and provision on demand. This provides enormous benefits in terms of bottom line, efficiency, and flexibility in operations and services—and it offers a new approach to security. In this environment, carriers need threat mitigation tools that can work in a virtualized network environment, with an ability to secure the ever-increasing amounts of data moving across their networks. And so, virtualized security has moved beyond the data center into the carrier networks. Now, through virtualized network functions (VNF), security becomes yet another element to provision and tailor to a customer’s needs. And carriers can easily add or activate a service—firewall, web application firewalls, email filtering, and more—to serve their broad range of customers. From a security standpoint, SDN+NFV equals security capabilities in more places, with more agility.

More recently, the expected growth of IoT has brought a whole other set of security considerations into view. A future in which millions of devices, most of which will lack any kind of security, will be connected to networks requires fresh thinking as to how to ensure the security and integrity of the networks they will join. Up until now, some carriers have considered security at the edge of the network as merely a preference or option. But at least one standards body will soon be issuing revised security standards that require edge-based security capabilities - for instance, monitoring and security enforcement on local, device-to-device communications.

How does this all work? What are the range of benefits and options that carriers can take advantage of? A number of major carriers are taking steps to leverage the benefits of SDN and NFV to create value-added security services, add service flexibility, and ensure  security throughout layers of the network.  Some of the key benefits they hope to achieve include:

  • Security on demand, with dynamic customer ordering and threshold-based deployment
  • Automation of security, with customer portals that activate services in real time.
  • Streamlined response during an attack: Layers of security throughout the network will enable faster detection and mitigation of threats, with scaling on demand or even automatically.
  • Pervasive security from the cloud to the edge: provisioning of security from large aggregation points in the DC or cloud, to edge-gateways, and potentially end-user devices.

I’ll be participating in a panel, led by Patrick Donegan of Light Reading, on Service Provider Security Strategies at their upcoming Big Communications Event on May 24 and 25 in Austin, Texas. Join us to hear more about security in the new carrier network.

Fortinet will also be demonstrating service chaining and the real-time application of VNFs at a live Interoperability demo at the same event. Come see our virtual security functions in action.