Well, it looks like The New IP readers really need some schooling on the security issues behind NFV (and some coffee), according to the results of last week's poll, "Where should service providers start with tackling NFV security?" Just over 46% of respondents to the poll chose, "Pass me the coffee, I need to read the ETSI docs."
Now I don't know about you, but two things really stand out to me in the results from this poll. One: Folks actually fessed up that they need to learn more. And two: They admitted they wanted to read the ETSI docs, which aren't really known for their lyrical nature, gripping text and striking imagery. Both point toward the fact that this is a really important issue that people are willing to roll up their sleeves and dive into. So for those 46% who have their coffee ready, those ETSI docs can be viewed here.
Report back to me when you've finished and let me know how you did. Personally, I found the NFV Security Problem Statement easy to read and learned a lot. (See NFV Security Problem Statement.)
Second place was a tie between topology validation and performance isolation at 18% each. I can see why these two choices are equally important to our voters. Operators do need to validate that their whole network (virtual and not) meets security requirements such as firewalls and that traffic policing occurs (this is topology validation), but at the same time, they need to protect their virtual machines (or isolate them) from the crashes, hangs, loops and additional competing demands of other virtual machines.
Right behind topology validation and performance isolation was "Secure crash: Keeping the data and capabilities out of reach from the bad guys," with 10% of the vote. No matter the kind of system, crashes open up a provider to security problems such as vulnerability and loss of data but backup systems are generally in place. According to the ETSI doc mentioned above, data that is not securely cleared during a crash is vulnerable to hackers. Service availability is also put at risk.
Last on the list was secured boot, with 8%. Secured boot is a bit confusing because it can refer to industry specs on secured booting and general secured boot functions. However, both are important because in a hosted environment, operators need to be able to trust their hosting provider's virtualization platform in order to run virtualized functions on it. Secured boot includes hardware, firmware, hypervisor and OS images validation and assurance factors and security credentials, according to the ETSI NFV Security Problem Statement.
If you are looking to learn more, Heavy Reading's Patrick Donegan gave a brief overview of the security issues behind network functions virtualization (NFV) in his story on The New IP, and Carol Wilson, editor-at-large for Light Reading also wrote about the topic. (See The Vulnerabilities of an NFV Environment and Does Talking About Security Make You Nervous?)
For this week's poll, I'm asking readers where they think service providers will get the biggest bang for their buck with NFV? Check it out and vote today.(See NFV Bang for the Buck.)
— Elizabeth Miller Coyne, Editor, The New IP