Once deployed, the business of managing mobile networks used to be relatively straightforward. Voice and text had a certain predictability. Special events aside, usage of these two services would take place within a set of parameters that the forward-looking network ops team could estimate with sufficient accuracy to stop problems occurring.
Enter the brave new world of mobile internet, and with it a whole new set of variables. Operators found (sometimes to their cost) that users would find a way of surprising them, be it with data heavy applications, tethering or any number of unexpected internet connected uses. The knee jerk reaction was throttling of certain services, additional costs to use the mobile web in certain ways or sometimes outright blocking, says Dmitry Kurbatov, Telecommunications Security lead at Positive Technologies.
The emergence of the data thirsty world of the IoT moves this issue into a whole new world. Not only will there be the same unexpected surprises, but the promise of 5G has been heavily sold as a universal connector. Once inanimate objects now consume bandwidth, often inefficiently.
Thankfully, digital Darwinism works both ways. Into the space has evolved the shiny new world of NFV and SDN. Need capacity quickly, or want to provision a new service? Simple, click this, drag it there and it’s problem solved, right?
Not exactly. Whilst the development of such software undoubtedly makes things easier for operators, it also does what those in the cyber security industry fear the most, centralising control of something very important and connecting it to the internet. This is a practice that creates a bulls-eye for a hacker, an asset which, given enough time and resource by a creative and well-resourced team, could be exploited. This is something that companies with large customer or financial databases have been learning to their peril over the last few years. Putting the king’s jewels in a single chest makes it a target.
Understanding this mindset is the first crucial step in securing any network. Second, and just as important, is actually doing something about it. This sounds obvious, but network security and operations teams are bombarded with a million and one tasks as they prepare to transition to their newly virtualised network, each one a priority and sucking up limited resource as deadlines rush past at terrifying speed.
Getting an external view on security is vital here. Those who have been involved in their planning and deployment are innately biased. This is not a criticism, any team in the middle of a complex technological deployment is not going to be able to see the wood for the trees. Giving someone outside this the remit to break things can be a valuable learning. As previously mentioned, knowledge of the hacker mindset is a valuable defensive tool – so employing a team with the specific remit to find problems can be an eye-opener.
This team should be given the freedom to audit everything from the code being used in critical areas of your deployment to assessing what visibility your network has from ‘the […]