NFV Home

How Virtualized Security Will Drive Network Transformation for CSPs

By Special Guest
Erik Engstrom, Head of Global Telecom Sales for Clavister
January 25, 2017

It’s not a case of if, but when:  that’s the message when it comes to communications service providers (CSPs) embracing virtualization.  CSPs of all kinds, whether mobile network operators, telcos or carriers, are increasingly seeking to take advantage of optimized network efficiency, greater agility and the opportunity to create new revenue streams – all of which can be done easier and quicker in virtualized environments.

One of the key drivers is the transition to 5G, and enabling IoT environments that will require cost-effective and flexible solutions if they are to be commercially feasible.  For 5G, it is all about high performance and low latency, which will require more distributed environments, closer to the end user.  The same is true for IoT, with millions of connected devices to the network resulting in higher data throughput, and extremely high requirements for low latency, for example for connected and self-driving cars.  These needs can only be supported by a cost effective environment, such as SDN/NFV, and operators are already starting to prepare this by establishing virtual packet core networks today, which is the foundation for extending to virtual radio access networks (RANs) to support 5G roll-outs in the years to come.

Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies are the driving forces of virtualization, replacing inflexible hardware with elastically-scalable software.  Analyst Gartner suggests that CSPs deploying these technologies can anticipate hefty Opex reductions of 60 percent and Capex reductions of 40 percent.  What’s more, they can use virtualization to enhance existing services and accelerate the deployment of new ones, like on-demand virtual VPN services for enterprises.  SDN and NFV, in short, can be the answer for telecommunications companies looking to drive innovation and retain their edge in a highly competitive marketplace.

So it’s no surprise that through to 2018, it’s predicted that more than 70 percent of CSPs will have conducted proof-of-concept projects based on SDN and NFV technologies, and over half are expected to have already moved towards live deployments.

The security barrier

However, the move to virtualized environments also changes the way that CSPs need to approach securing their networks.  Their security protections need to be more agile, both in terms of adapting to rapid changes to network and application connectivity, and in terms of ability to scale.  Virtualized environments can be reconfigured and new applications provisioned far quicker than in conventional networks, and so they demand a security infrastructure that matches this flexibility. 

But many CSPs’ existing, traditional security solutions are becoming barriers that can obstruct the rapid, business-driven changes that virtualization offers.  CSPs’ current networks are usually secured by traditional ‘big iron’ carrier-class physical security appliances.  These security gateways are expensive, because their hardware is optimized to deliver maximum throughput and performance to support millions of concurrent connections, and also because high availability is also a critical issue:  CSPs can’t afford the loss of revenues resulting from even a temporary outage. 

But as NFV decouples network functions from their physical locations, CSPs will want to start deploying services based on customer demand, wherever and whenever they are needed.  And it’s both difficult, and extremely costly, to reconfigure and re-provision these traditional large, physical security appliances to achieve this.  So CSPs need to reduce their reliance on traditional appliances, and replace them with virtualized, SDN/NFV-ready solutions.  These solutions are security virtual network functions (VNFs).

Virtualization opportunities – and challenges

Security VNFs enable security functions to be deployed as an integrated part of the overall SDN/NFV environment, giving dynamic solutions that can scale up or down according to the capacity needed at specific points in time, and enable the CSP to capitalize on the new revenue opportunities presented by service chaining and service automation.   

However, CSPs need to choose the security VNF solutions they plan to use carefully, in order to get both the maximum flexibility and protection for their deployments.  While virtual security appliances are relatively well understood in enterprise private and public cloud environments, telecoms infrastructures have additional, specific complexities and challenges that need to be addressed by the security solutions they use.  Let’s take a closer look at these CSP-specific requirements and capabilities for security VNFs:

  • Performance:  the security VNFs must provide the necessary throughput and capacity to support the rapid, ongoing growth in data traffic, and support high volumes of concurrent connections, without requiring large numbers of servers to support them
  • Agility:  security VNFs must integrate with the widest range of SDN/NFV orchestration tools, to deliver rapid roll-out of services and optimum flexibility
  • Elastic scalability:  security VNF instances must scale seamlessly with added computing power to meet the demand for starting small, and growing fast
  • Designed for telecoms demands:  security VNFs must comply with standards such as 3GPP and ETSI-NFV, and support the widest range of applications such as LTE/5G Backhaul Security, Gi/SGi Firewalling, roaming security and generic 3GPP-NDS functionality. 
  • Business Model: The VNF license structure should also support and protect widely-distributed architectures to enable a high quality of experience
  • Meet SDN/NFV specific requirements:  this includes integrating with and protecting NFV Orchestrators and SDN Controllers to avoid costly downtime and service disruption

Security VNFs with these capabilities will enable CSPs to secure their virtualized infrastructures robustly, without limiting their agility or speed of response to customer and market demands. 

By choosing VNFs that can be deployed either as stand-alone virtual appliances, or fully integrated into an orchestrated SDN/NFV environment, CSPs can be assured of a smooth migration path from initial, proof-of-concept virtualization projects to full commercial roll-outs in their networks.  This enables CSPs to start replacing legacy security appliances as part of a carefully-planned, stepwise transition, while ensuring that security of the network is never compromised at any point – giving them the foundation for advanced, secure SDN/NFV-enabled services and business models.

About the Author

Erik Engström is Head of Global Telecom Sales for Clavister.  He joined Clavister in 2013 from Nokia, where he held various sales roles with key responsibilities for LTE security solutions, and now leads Clavister’s telco sector offering.

Edited by Alicia Young

Related Articles

Winners of the 2018 INTERNET TELEPHONY NFV Innovation Award Announced

By: TMCnet News    6/4/2018

TMC announced the recipients of the 2018 INTERNET TELEPHONY NFV Innovation Award, presented by INTERNET TELEPHONY magazine.

Read More

Harnessing Pervasive Visibility to Unleash the Power of the Cloud

By: Michael Segal    11/9/2017

Cloud computing is having an unprecedented influence on companies throughout the world; according to research from BDO, an overwhelming number (74%) o…

Read More

Nokia Introduces SDAN Solution

By: Paula Bernier    10/10/2017

Nokia has unveiled a Software-Defined Access Network solution. This offering consists of cloud-native software, integration services, open programmabl…

Read More

Stating with Attestation, a Core Foundation of Computer Security for Sensitive Systems

By: Special Guest    10/3/2017

The European Telecommunication Standards Institute (ETSI) held their annual Security Week event and along with a representative from the UK National C…

Read More

Assuring Business Outcomes on Your DX Journey

By: Michael Segal    9/7/2017

When it comes to implementing strategies for digital transformation (DX), there are nearly as many methods as there are companies using them.

Read More