Virtualization Reality Check

Security

Every day there are headlines trumpeting the latest Internet security breach or compromise of personal or financial data. As service providers consider virtualization, security remains top-of-mind. Securing virtualization includes securing the servers and software that comprise the virtual elements. And, in the case of NFV, service providers must also consider how virtualization affects the security of the network as a whole.

First, securing the software. Service providers must ensure that individual subscriber functions are isolated from each other and that the control data or management network is isolated from the services being delivered. Shared virtual elements or server environments could be compromised or create a blind spot if not properly configured.

In the 2014 Verizon Data Breach Investigations Report, 35% of the 1,367 breaches examined were the result of web application attacks. Hackers that are using the Internet to compromise software applications can also affect the virtual elements being delivered by service providers across the public network. Subscriber isolation requires careful management of customer configurations and connectivity. Enforcement of resource access restrictions are valuable security measures, but limit the ability of service providers to easily expose network elements to partners and content providers.

Downloads

• CES Agenda
• CES Fact Sheet
  

0

Inquiry Form

loading

First Name*: Last Name*: Company*: Title*: Email*:

Message Submit

1

Web Links

• COMET Executive Summit Homepage
• Register to Attend
• Sponsorship & Participation
  

2

About CES 2014

Pipeline continues its legacy of bringing together the world’s leading service providers and technology innovators this fall at The 2014 COMET Executive Summit. This exclusive event gathering Pipeline journalists, Industry Advisory Board (IAB) Members, and key solution providers will be an intimate symposium to shape the editorial direction of Pipeline, gather priceless input from executive-level service provider experts, and create lasting industry relationships.

Pipeline’s IAB is an exclusive group of service provider and analyst executives who have long-term relationships with Pipeline and have played a role in Pipeline programs, editorial direction, and provided content over the last decade. This year, Pipeline opens the doors to provide an opportunity to engage directly with a broad cross section of experts who evaluate, recommend, and purchase communications and entertainment technology (COMET) products and services. Multiple levels of participation provide your company with an exclusive networking opportunity, tailored to your goals and budget.

The COMET Executive Summit will bring together executives from the world’s leading service provider and technology companies, in a flexible format that is filled with unprecedented networking opportunities designed to build relationships that can be carried forward to solve issues facing service providers today. Some of the topics planned for discussion include:

• Networking
• Customer experience management (CEM)
• Big data & analytics
• Exploring cloud offerings
• Enabling new business models
• Delivering and assuring digital services
• Network evolution & virtualization
• Leveraging content
• Network security

For more information, visit
www.pipelinepub.com/info/comet/2014_comet_summit.php

3

Of equal importance to service providers is securing the network. In the Verizon report, network assets including routers, switches, and other physical devices are consistently at the bottom of the list of compromised assets. Although malicious traffic passes across the network, network devices are seldom the access point for a breach. Service providers are required to secure all traffic across the network and peeling back multiple layers of virtualization make it extremely difficult to isolate one stream of traffic from another and detect intrusions or breaches as they happen. Many security vendors admit that they cannot unravel multiple layers of virtualization quickly or accurately enough to isolate compromised transactions or fraudulent users.

Quality

Charging and policy enforcement benefit from the comprehensive view of infrastructure assets resulting from abstraction from the network layer and are readily virtualized. However, virtualization of network functions that affect security, service quality, and configuration could potentially delay critical responses such as prioritizing traffic or thwarting security threats. Edge devices used for security and traffic management are able to more rapidly identify problems and take immediate action like shutting down a port or blocking incoming traffic.

Digital media traffic, especially video, is much less tolerant of delay than even voice traffic and requires precise timing and priority handling. Latency, delay, and jitter are all amplified in video transfers and service providers cannot tolerate quality erosion from delays caused by virtual network elements. Managing quality of service (QoS) typically must be accomplished as close to line rate as possible and that becomes difficult when accessing a virtual device requires additional transit time.

Isolating virtual elements and the high performance computing platforms required to ensure quality increase the cost of virtualization and must be considered. The configuration of a hybrid network must take into account the wide variety of network functions involved and implement virtualization where it makes both business and technical sense. Hybrid networks ensure that service providers are able to implement the optimal combination of physical and virtual elements in the right ways. Switching, routing, and network control functions are best conducted close to the network so that quality is not affected.