Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Commercial Justification for IP Network Security Assurance

Telcordia Technologies : 22 February, 2010  (Special Report)
Rajesh Talpade, PhD, Chief Scientist and the IP Assure Product Manager at Telcordia examines the "low high contradiction" of balancing cost and control when specifying IP Assurance requirements
Commercial Justification for IP Network Security Assurance
A couple of months ago I had an opportunity to deliver a proof of concept into the IP network of a major telecommunications service provider. It was looking to improve security of its network and, of course, increase efficiency.

Having inspected and analysed all the IP devices on this particular network our IP Assure product highlighted a significant number of exceptions and unprotected routes of attack. I proudly sat back, waiting for the gasps of astonishment, the realisation of the impact of these 'time bombs' on risk, governance and compliance strategies, and then the rush for the purchase order. What I got, however, was a steely eyed stare from the prospect. "All very impressive," he said "but how much will it save me?"

This conversation, admittedly hammed up a little for dramatic effect, shows just how far network security has come, and as a result, how priorities are changing.

Going back only a decade or so, newly minted Chief Security Officers (CSO) were certainly keen on keeping costs under control, but proving a financial business case was never a major priority. Sure, it was important to show ROI, but needing security to drive cost savings was unthinkable. Ten years ago security didn't have to pay for itself; you paid for protection.

Today, we live in different times. Even after a clear demonstration of the vulnerabilities within its IP network, it was the commercial rather than the technical risk that was driving my prospect's primary procurement agenda.

This is hardly surprising. Today's IT leaders are no less immune to the budget capping of a post-recessional world than other department heads. Indeed, in this scenario, IT may be something of a victim of its own success. Data consolidation and Virtualisation strategies have saved millions of dollars while the cloud offers the promise of application accessibility, scalability and high availability with minimal capital or operational outlay.

This is certainly true as far as the point goes. But for many organisations, server consolidation, for example, may actually require additional hardware investment as increasing volumes of users access their applications through a single point.

But whatever the realities, it's now expected that as technologies advance, huge savings can be made - whether in the server estate or, increasingly, in the IP network.

This is important in an IP network scenario because enterprises are increasingly relying on the same to carry mission critical data, which, as we found, brings about its own security issues. According to Cisco, by 2013, all forms of video (TV, VoD, Internet video, and P2P) will exceed 90 percent of global consumer IP traffic. On the corporate side, IP networks are delivering all manner of voice, video and data around the world. They are increasing productivity and helping organisations save money while doing so.

But these networks, with their hundreds of routers, switches, firewalls and load balancers, are intensely complex. Getting visibility into the integrity of each and every one of these devices is no easy task. But without that visibility, it's impossible to guarantee the security and integrity of whatever data you're pushing down the pipe.

Then add the concept of change. With something as new and dynamic as next generation IP networks, constant change is inevitable. And as every network engineer knows, the more changes you make to the network, the higher the chance of something going awry further up the chain. Indeed, research from The Yankee Group suggests that configuration errors during network changes account for more than 60 percent of cyber attacks and downtime.

So, if there was ever a candidate for both savings and security, today's IP network is it.

When security and savings collide

The question then, is: just how do we go about making savings while guaranteeing security, accountability and compliance?

It all starts with understanding what you have and what it all does. This is about assuring transparency across the complete set of devices on the IP network. And here we can borrow from the mobile telecoms world. Its concept of deep packet inspection and a host of other Quality of Service applications monitoring networks day-in and day-out is key. Today's communication service providers need to differentiate on service quality to gain wallet share in the enterprise sector, and they've become very good at it.

Taking this key learning into the IT environment, engineers need to map out a set of processes and controls when configuring their enterprise IP networks. They need to understand the start, middle and end points of their data's journey. They need to get to grips with the potential vulnerabilities of their IP devices and take proactive action.

And if they do it right, that's where savings and security collide.

The model network

The simplest and most straightforward way of doing so is to run IP analysis software on top of the network before changes are made. Not only will this highlight existing security flash points across hundreds of IP devices, but by modelling the change in the first instance, both intentional and unintentional impacts are brought into focus.

Armed with this knowledge, the engineer can then reassess to limit or eliminate the impact of planned changes. And here's where the savings come into play. On the one hand, the organisation will gain an 'insurance policy' against costly security breaches and compliance issues that may result. On the other, it can guard against the inevitable resource and productivity impact of remedial action to untangle the network when unintentional configuration changes occur.

By way of illustrating this point, it takes approximately one man-hour to test a single configuration change before deployment on IP network device. Doing the same using appropriate IP analysis software reduces this down to around ten minutes. On the problem recognition side, and depending on the severity of the issue, detecting and remediating a configuration error that say caused a security breach, network downtime or compliance issue, can take an average of six man-hours.

Imagine the cost if you had hundreds of such errors each month. And with the complexity and dynamic nature of an IP network, this is far from unlikely.

In short, deep configuration assessment and the ability to model change puts control of the IP network firmly back into the hands of the organisation. And as we've seen, it can also significantly reduce operating cost.

It was precisely this concern, and indeed potential opportunity, that led my telco prospect to demand I 'show him the money'. Happily I was able to do so.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo