Industry Trends

The Right VNF Security Can Help Unlock the Promise of NFV (and SDN)

By Richard Orgias | September 12, 2016

If current trends bear out, virtualization is poised to revolutionize networking. As communication service providers (CSPs) look for opportunities to provide greater value to their customers and deal with competition from non-traditional competitors, they have embraced SDN and NFV to catalyze an amazing network and services transformation. Many feel that SDN and NFV will allow networking to join a trajectory that has already revolutionized storage and compute by creating on-demand access to networking resources and enabling a vast new set of services.

A recent survey from IHS Markit maintains that the service provider NFV market will grow at a compound rate of 42% between 2015 and 2020, and projects a total market for NFV hardware, software, and services of $15.5 B by 2020. Such growth would make NFV one of the hottest areas of investment by service providers over the next five years.

These growth projections are being borne out by actions that many CSP’s are already taking. Recently, both AT&T and Verizon announced initiatives to boost networking with services built on NFV, and we can expect more announcements from a growing number of CSPs as the market develops. In addition to its NFV growth projection, IHS Markit also noted that the “main value of NFV is in it applications, that is VNFs (Virtual Network Functions)”.

As is the case in so much of the buildout of the digital economy infrastructure, security is a key element of the investment. Among the first VNFs being introduced by AT&T and Verizon are security related functions. This is logical, given that the cybersecurity threats to a network have not diminished, notwithstanding its new architectural design. The value of any network lies in its ability to connect endpoints, and as a consequence there will always be incentives for cybercriminals to find ways to compromise those connections. By extension, security must be an integral part of the network design in order to maintain the operational integrity of the network itself.

As the NFV market grows, the selection of VNFs will become an important decision point for both the service providers building the networks and the users of those networks. From a security standpoint, we see some key decision criteria that should be considered. They include:


Does the implementation of security maintain application availability? Is it able to consistently prevent attacks, and in so doing effectively mitigate the risk posed by traditional and emerging cyberthreats?


Can your security solution provide protection against a variety of threat vectors, or is it optimized for identifying and stopping just one class of threats?


Does your security system learn? Is there a mechanism for ensuring that it can dynamically adjust to deal with new or unknown threats?


Is there a track record of performance and third party validation?

From an operational perspective, it is also important that a security VNF work as part of a service chain, and that issues like interoperability be demonstrated and validated through independent testing, such as that being conducted by organizations like the NIA (New IP Agency).

For a security provider like Fortinet, which delivers the virtual security capability that underpins emerging VNF offers, we believe that the security experience of a customer should be the same regardless of the network it is working on. This is the challenge that we’re addressing. The promise of SDN and NFV is real, but will only be achieved if VNF functionality is up to the task.

Do you have any thoughts on the key to successful VNF introduction? Let us know what you think.