Home Asia-Pacific III 2014 Managing security in the cloud and mobility world

Managing security in the cloud and mobility world

by Administrator
Bryan TanIssue:Asia-Pacific III 2014
Article no.:10
Topic:Managing security in the cloud and mobility world
Author:Bryan Tan
Title:VP Fixed Broadband Convergence Practice, SE Asia & Oceana
Organisation:Ericsson
PDF size:1500KB

About author

Bryan Tan, VP of Fixed Broadband Convergence Practice at Ericsson South East Asia & Oceania.
Bryan Tan is responsible for Packet Core, IP, Microwave, Mobile Backhaul, Optical, Fiber business in Ericsson South East Asia & Oceania. Bryan has over 13 years of Telecommunications experience and previously has held positions within Ericsson as Director of Technical Sales at Ericsson Silicon Valley and Director of Broadband and IP Solutions.

Article abstract

As IT departments investigate how to update traditional security controls in this new world of cloud and mobility, they must redirect their security enforcement from a perimeter-based model to one that focuses on applications and the VMs running them. The new model can be called a perimeter-less security regime; it can also be called a software-defined security regime since it must be virtualized along with the applications and data it secures. A successful perimeter-less, software-defined security regime will have the capability to accomplish two primary goals: centralize policy and distribute enforcement.

Full Article

As global internet usage reaches critical mass, people across the globe are becoming increasingly dependent on online connectivity in day-to-day life, work, and communication. The internet has shifted from being one specific aspect of consumers’ lives, to becoming an important infrastructure for many aspects of everyday life. If the potential of the internet thus far has been determined by technological advances, further realization of this potential will demand a deeper, more sociologically grounded understanding of the norms and rules of engagement on the internet.. As this shift accelerates, the need for legal and social codes of conduct, or ground rules, has become evident.
According to the latest Ericsson Mobility Report from June 2014, global mobile broadband subscriptions are predicted to reach 7.6 billion by 2019 and will gain a growing share of the total mobile subscriptions over time. Smartphones have – and will continue to constitute – the majority of mobile broadband devices. There are now 1.9 billion smartphone subscriptions, anticipated to grow to 5.6 billion by 2019. As internet usage and maturity grow, consumers are becoming more exposed to – and aware of – online hazards. Another study from Ericsson ConsumerLab reveals that 70 percent of online respondents find that safety issues such as viruses or fraud are a problem, 59 percent worry about surveillance, and, to 56 percent, privacy issues are concerns.
Even though consumer concerns appear high, there are no signs of online risks hindering internet growth as the vast majority of consumers agree that the benefits of internet use outweigh the risksVirtually all (96 percent) of those surveyed said they will use internet as much, if not more, in the future. Obviously, as the internet becomes an increasingly important part of just about everything in our lives, hiccups as well as outright attacks will continue to happen. However, so far the backlashes we have seen have been limited in time or only affected certain groups of individuals.
While the online hazards have not brought about a disruptive change in the general use of the internet, uncertainties continue and their possible aftereffects will contribute to the evolution and discussion on how the internet should be used. Matters of trust and human rights issues such as the right to privacy will lead to a continued discussion concerning personal safety online and will not likely fade away.
New ICT-related services are also radically changing the business landscape for many industries.
The popularity of cloud computing-based services and applications, enabled by ever-improving broadband connectivity and smartphone capabilities, has skyrocketed in recent years. Whether for enterprise mail, storage and collaboration tools or consumer music services, photo storage, video sharing and social networking, cloud-based services are becoming engrained in our everyday lives, available to us wherever we go.
Telecom operators often perceive cloud-based services – in which they have little or no role other than to deliver connectivity – as a threat to their business. However, these services also provide an opportunity for operators to add value and improve the timeliness and quality with which they deliver customer services and applications – whether through more efficient telecom and internal IT services or with value-added cloud services for consumers and enterprises.
“Cloud-based approaches enable network operators to ensure rapid service creation and rollout by delivering new levels of flexibility, scalability and responsiveness. They also satisfy the growing expectations for service performance and QoE, while handling ever-increasing traffic loads” says Bryan Tan, VP of Fixed Broadband Convergence Practice at Ericsson South East Asia & Oceania.
Operators often perceive cloud-based services – in which they have little or no role other than to deliver connectivity – as a threat to their business. However, these services also provide an opportunity for operators to add value and improve the timeliness and quality with which they deliver customer services and applications – whether through more efficient telecom and internal IT services or with value-added cloud services for consumers and enterprises.
“Operators running mobile networks have implemented centralized security policies with distributed enforcement over the last decade as they have rolled out mobile voice and text services globally and been required to deal with, for example, roaming and radio network sharing between operators. This success can now be carried into more complex mobile cloud networks,” Tan says.
Operators can turn cloud-based approaches to their advantage and implement new architectures that provide network efficiency, QoE and shorter time to market for innovative services, through network programmability and a common delivery platform.
As industries transform, security must change as IT departments adopt the dual mega-trends in networking: cloud services and mobility. These trends open up opportunities for cost savings and new revenues. But given the increased threats to cyber-security, they also call for new approaches to defining and enforcing security.
Today, IT departments use a variety of technologies to establish a security perimeter that protects assets including data, compute resources and bandwidth against threats such as undue disclosure, modification, or disruption. These technologies range from perimeter protection devices, such as appliance-based firewalls, to the application of cryptographic protection of data.
With IT departments embracing cloud-based services and enabling mobile workforces, some of the traditional approaches to enforcing security, such as employing appliance-based security perimeter protection, are no longer sufficient. Cloud-based services lift the compute and storage capabilities from dedicated hardware/software platforms to virtual machines (VM) running on generic servers. VMs can be dynamically started and stopped, suspended for extensive periods of time and even moved to geographically distant compute farms. Furthermore, mobility adds to this complexity, because security policies must be applied to a much larger universe of devices that can be connected in any global location.
As IT departments investigate how to update traditional security controls in this new world of cloud and mobility, they must redirect their security enforcement from a perimeter-based model to one that focuses on applications and the VMs running them. The new model can be called a perimeter-less security regime; it can also be called a software-defined security regime since it must be virtualized along with the applications and data it secures. A successful perimeter-less, software-defined security regime will have the capability to accomplish two primary goals: centralize policy and distribute enforcement.
Policy defines the security goals of a given computer system, including authorization and data confidentiality requirements. Centralizing policy allows IT departments to define a single consistent set of policy statements that are then applied across the entire system. Establishing this kind of centralized security policy control should also allow IT departments to align mobile cloud security policies with separate security policies currently implemented in dedicated appliances.
Distributed enforcement allows the IT department to virtualize security enforcement functions and to attach security enforcement to mobile VMs – in short, to enforce the policies where they are closest to the asset to be protected.
“Implementing perimeter-less security with centralized policies and distributed enforcement requires flexibility and agility that is lacking in most current service provider network architectures and Operations Support Systems and Business Support Systems (OSS/BSS). It is likely that software-defined networking (SDN) architectures will play a major role in the orchestration of security policies for these new networks”, Tan says.
“Operators running mobile networks have implemented centralized security policies with distributed enforcement over the last decade as they have rolled out mobile voice and text services globally and been required to deal with, for example, roaming and radio network sharing between operators. This success can now be carried into more complex mobile cloud networks,” Tan adds.
Through a combination of Network-enabled Cloud, Service Provider SDN, and Network Functions Virtualization (NFV) approaches, operators can now simplify their networks, remove the complexities of topology and service creation, and accelerate the process of new service creation and delivery.One of the first SDN use cases is service chaining, which defines the ordered set of edge appliance functionality (including security) application per service and per user. The goal is to automate the provisioning of service chains and to reduce the provisioning time from days and weeks to minutes and hours. New initiatives are also looking at the challenge of how cloud-based services can co-exist with the growing trend of end-to-end traffic encryption. SDN will allow security to be attached to individual applications and VMs. Northbound interfaces will also allow the SDN controller to maintain synchronization with centralized security policies. These two aspects – flexible security per VM and policy synchronization – are critical to perimeter-less security.
Cloud management systems provision and manage multiple and mobile VMs (and attached security) in accordance with business and charging agreements, and these cloud managers will be the source for the centralized security policies. These systems will also manage the distributed VMs and associated security. Working together with SDN controllers, cloud management will enable perimeter-less security and scalability.
With continued growth in global internet use driven by cloud and mobility, online services must adequately address consumer concerns while service providers must ensure their networks are future-proven. SDN and cloud management offer service providers the flexibility, scalability and agility necessary to implement effective perimeter-less, software-defined security in the new cloud and mobility IT reality.

Related Articles

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More