This blog is by Kishore Albal at Nokia Networks.
What does a typical hacker look like? In the past, a hacker had to be well versed in technology to find its security flaws – the classic “techno geek”. However, being technically savvy is no longer a requirement for a hacker’s resume… The availability of pre-packaged tools, automated exploit-kits and cloud-based software services allows anyone to become a hacker and infiltrate his or her target’s network invisibly – and remain undetected for months or even years.
Attacks are becoming more sophisticated too, with polymorphic bots able to evade detection and appear as “normal” traffic. The bots change appearance as often as possible to avoid detection so they can communicate with their peers and “command and control centers” using built-in encryption.
At the same time, we’re witnessing a growing trend to migrate to the telco cloud, with operators attracted by the business agility and cost advantages of cloud-based networks. But with virtualization and the need for open architectures, the number of vulnerabilities and degree of security exposure increases, especially when public clouds may be used in the future.
Sounds like a hacker’s dream – right?
Not exactly. Techniques and solutions are available to provide security in telco cloud environments comparable to that of physical networks while still benefiting from cloud deployments. And indeed, the inherent properties of the cloud such as flexibility, mobility, scalability and automation can and will contribute to better network security.
For example, structuring the virtualized telco network into security zones ensures that only applications with comparable functional criticality and therefore similar security requirements are placed on the same hypervisor. Without this zoning concept, a hacker gaining access to an application having lower security requirements, such as a load balancer server, could easily gain access to more sensitive data held on a Home Subscriber Server. Security zones don’t diminish the probability of attacks, but they do significantly reduce their impact in the event of a breach.
The same applies to traffic which has similar functionality and security requirements since it can be assigned to different virtual LANs connecting the various telco applications. This eliminates the risk that unauthorized access to one type of traffic will give a hacker access to all the traffic and available targets. Encryption of the traffic and stored data adds another element of protection, even when a breach occurs.
Operators will soon start adopting these techniques and regard them as routine aspects of their virtual telco network’s security. And then they can rest easy, knowing that the only people losing sleep over telco cloud security are the would-be hackers.
Download our new whitepaper about telco cloud security.
Have you read our latest telco cloud news?
And don’t miss our upcoming webinars:
Telco cloud goes commercial on Oct 22, 2014
Security in mobile networks on Nov 11, 2014
Please share your thoughts on this topic by replying below – or join the Twitter discussion with @nokianetworks using #NetworksPerform #mobilebroadband #security #Futureworks #Innovation #telcoloud #Nokia.