5 TIPS TO ENSURE NETWORK SECURITY OF INTERNAL IT INFRASTRUCTURE

EC-COUNCIL | May 3, 2021

article image
What Is IT Infrastructure Security?
If you are reading this blog, we would like to assume that you are either an aspiring cybersecurity professional or a business owner looking for ways to improve their network security. A business IT infrastructure includes networks, software, hardware, equipment, and other facilities that make up an IT network. These networks are applied to establish, monitor, test, manage, deliver, and support IT services.

So, IT infrastructure security describes the process of safeguarding the core networking infrastructure, and it is typically applied to enterprise IT environments. You can improve IT infrastructure security by installing protective solutions to block unauthorized access, theft, deletion, and data modification.

Spotlight

Solita

Solita is a digital business consulting company our customers’ travel guide in a changing world. We create new business and services for the private and public sectors by combining technology, business processes and content in a new way.

OTHER ARTICLES
APPLICATION INFRASTRUCTURE

The importance of location intelligence and big data for 5G growth

Article | December 20, 2021

The pandemic has had a seismic impact on the telecom sector. This is perhaps most notably because where and how the world goes to work has been re-defined, with nearly every business deepening its commitment to mobility. Our homes suddenly became our offices, and workforces went from being centrally managed to widely distributed. This has called for a heightened need for widespread, secure and high-speed connectivity around the clock. 5G has answered the call, and 5G location intelligence and big data can provide service providers with the information they need to optimize their investments. Case in point: Juniper Research reported in its 5G Monetization study that global revenue from 5G services will reach $73 billion by the end of 2021, rising from just $20 billion last year. 5G flexes as connected devices surge Market insights firm IoT Analytics estimates there will be more than 30 billion IoT connections by 2025. That's an average of nearly four IoT devices per person. To help meet the pressure this growth in connectivity is putting on telecom providers, the Federal Communications Commission (FCC) is taking action to make additional spectrum available for 5G services and promoting the digital opportunities it provides to Americans. The FCC is urging that investments in 5G infrastructure be prioritized given the "widespread mobility opportunity" it presents, as stated by FCC Chairwoman Jessica Rosenworcel. While that's a good thing, we must also acknowledge that launching a 5G network presents high financial risk, among other challenges. The competitive pressures are significant, and network performance matters greatly when it comes to new business acquisition and retention. It's imperative to make wise decisions on network build-out to ensure investments yield the anticipated returns. Thus, telcos need not – and should not – go it blindly when considering where to invest. You don't know what you don't know, which is why 5G location intelligence and big data can provide an incredible amount of clarity (and peace of mind) when it comes to optimizing investments, increasing marketing effectiveness and improving customer satisfaction. Removing the blindfold Location data and analytics provide telcos and Communications Service Providers (CSPs) with highly-specific insights to make informed decisions on where to invest in 5G. With this information, companies can not only map strategic expansion, but also better manage assets, operations, customers and products. For example, with this intelligence, carriers can gain insight into the most desired locations of specific populations and how they want to use bandwidth. They can use this data to arm themselves with a clear understanding of customer location and mobility, mapping existing infrastructure and competitive coverage against market requirements to pinpoint new opportunities. By creating complex customer profiles rich with demographic information like age, income and lifestyle preferences, the guesswork is eliminated for where the telco should or shouldn’t deploy new 5G towers. Further, by mapping a population of consumers and businesses within a specific region and then aggregating that information by age, income or business type, for example, a vivid picture comes to life of the market opportunity for that area. This type of granular location intelligence adds important context to existing data and is a key pillar to data integrity, which describes the overall quality and completeness of a dataset. When telcos can clearly understand factors such as boundaries, movement and the customers’ surroundings, predictive insights can be made regarding demographic changes and future telecom requirements within a certain location. This then serves as the basis for a data-backed 5G expansion strategy. Without it, businesses are burdened by the trial-and-error losses that are all too common with 5G build-outs. Location precision's myriad benefits Improved location precision has many benefits for telcos looking to pinpoint where to build, market and provision 5G. Among them are: Better data: Broadening insights on commercial, residential and mixed-use locations through easy-to-consume, scalable datasets provide highly accurate in-depth analyses for marketing and meeting customer demand. Better serviceability insights: Complete and accurate location insights allow for a comprehensive view of serviceable addresses where products and services can be delivered to current and new customers causing ROI to improve and customers to be adequately served. Better subscriber returns: Companies that deploy fixed wireless services often experience plan cancellations due to inconsistencies of signal performance, which typically result from the misalignment of sites with network assets. Location-based data provides operators with the ability to adapt their networks for signal consistency and serviceability as sites and structures change. The 5G future The role of location intelligence in accelerating development of new broadband services and driving ROI in a 5G world cannot be overstated. It adds a critical element of data integrity that informs network optimization, customer targeting and service provisioning so telecom service providers can ensure their investments are not made with blind hope.

Read More
APPLICATION INFRASTRUCTURE

Advancing 5G with cloud-native networking and intelligent infrastructure

Article | December 15, 2021

The success of 5G technology is a function of both the infrastructure that supports it and the ecosystems that enable it. Today, the definitive focus in the 5G space is on enterprise use cases, ranging from dedicated private 5G networks to accessing edge compute infrastructure and public or private clouds from the public 5G network. As a result, vendor-neutral multitenant data center providers and their rich interconnection capabilities are pivotal in helping make 5G a reality. This is true both in terms of the physical infrastructure needed to support 5G and the ability to effectively connect enterprises to 5G. Industry experts expect 5G to enable emerging applications such as virtual and augmented reality (AR/VR), industrial robotics/controls as part of the industrial internet of things (IIoT), interactive gaming, autonomous driving, and remote medical procedures. These applications need a modern, cloud-based infrastructure to meet requirements around latency, cost, availability and scalability. This infrastructure must be able to provide real-time, high-bandwidth, low-latency access to latency-dependent applications distributed at the edge of the network. How Equinix thinks about network slicing Network slicing refers to the ability to provision and connect functions within a common physical network to provide the resources necessary to deliver service functionality under specific performance constraints (such as latency, throughput, capacity and reliability) and functional constraints (such as security and applications/services). With network slicing, enterprises can use 5G networks and services for a wide variety of use cases on the same infrastructure. Providing continuity of network slices with optimal UPF placement and intelligent interconnection Mobile traffic originates in the mobile network, but it is not contained to the mobile network domain, because it runs between the user app on a device and the server workload on multi-access edge compute (MEC) or on the cloud. Therefore, to preserve intended characteristics, the slice must be extended all the way to where the traffic wants to go. This is why we like to say “the slicing must go on.” The placement of network functions within the slice must be optimized relative to the intended traffic flow, so that performance can be ensured end-to-end. As a result, organizations must place or activate the user plane function (UPF) in optimal locations relative to the end-to-end user plane traffic flow. We expect that hybrid and multicloud connectivity will remain a key requirement for enterprises using 5G access. In this case, hybrid refers to private edge computing resources (what we loosely call “MEC”) located in data centers—such as Equinix International Business Exchange™ (IBX®) data centers—and multicloud refers to accessing multiple cloud providers from 5G devices. To ensure both hybrid and multicloud connectivity, enterprises need to make the UPF part of the multidomain virtual Layer 2/Layer 3 interconnection fabric. Because a slice must span multiple domains, automation of UPF activation, provisioning and virtual interconnection to edge compute and multicloud environments is critical. Implementing network slicing for interconnection of core and edge technology Equinix partnered with Kaloom to develop network slicing for interconnection of core and edge (NICE) technology within our 5G and Edge Technology Development Center (5G ETDC) in Dallas. NICE technology is built using cloud-native network fabric and high-performance 5G UPF from Kaloom. This is a production-ready software solution, running on white boxes built with P4 programmable application-specific integrated circuits (ASICs), allowing for deep network slicing and support for high-performance 5G UPF with extremely fast data transfer rates. With NICE technology in the 5G ETDC, Equinix demonstrates: 5G UPF deployment/activation and traffic breakout at Equinix for multiple slices. Software-defined interconnection between the 5G core and MEC resources from multiple providers. Software-defined interconnection between the 5G core and multiple cloud service providers. Orchestration of provisioning and automation of interconnection across the 5G core, MEC and cloud resources. Architecture of NICE technology in the Equinix 5G ETDC The image above shows (from left to right): The mobile domain with radio access network (RAN), devices (simulated) and mobile backhaul connected to Equinix. The Equinix domain with: Equinix Metal® supporting edge computing servers and a fabric controller from Kaloom. Network slicing fabric providing interconnection and Layer 2/Layer 3 cloud-native networking to dynamically activate UPF instances/interfaces connected with MEC environments and clouds, forming two slices (shown above in blue and red). Equinix Fabric™ and multicloud connectivity. This demonstrates the benefit of having the UPF as a feature of the interconnection fabric, effectively allowing UPF activation as part of the virtual fabric configuration. This ultimately enables high-performance UPF that’s suitable for use cases such as high-speed 5G fixed wireless access. Combining UPF instances and MEC environments into an interconnection fabric makes it possible to create continuity for the slices and influence performance and functionality. Equinix Fabric adds multicloud connectivity to slices, enabling organizations to directly integrate network slicing with their mobile hybrid multicloud architectures. Successful private 5G edge deployments deliver value in several ways. Primarily, they offer immediate access to locally provisioned elastic compute, storage and networking resources that deliver the best user and application experiences. In addition, they help businesses access a rich ecosystem of partners to unlock new technologies at the edge. Secure, reliable connectivity and scalable resources are essential at the edge. A multivendor strategy with best-of-breed components complemented by telemetry, advanced analytics with management and orchestration—as demonstrated with NICE in Equinix data centers—is a most effective way to meet those requirements. With Equinix’s global footprint of secure, well-equipped facilities, customers can maximize benefits.” - Suresh Krishnan, CTO, Kaloom Equinix and its partners are building the future of 5G NICE technology is just one example of how the Equinix 5G and Edge Technology Development Center enables the innovation and development of real-world capabilities that underpin the edge computing and interconnection infrastructure required to successfully implement 5G use cases. A key benefit of the 5G ETDC is the ability to combine cutting-edge innovations from our partners like Kaloom with proven solutions from Equinix that already serve a large ecosystem of customers actively utilizing hybrid multicloud architectures.

Read More
APPLICATION INFRASTRUCTURE

How NSPs Prepare to Thrive in the 5G Era

Article | November 23, 2021

In my last blog in this series, we looked at the present state of 5G. Although it’s still early and it’s impossible to fully comprehend the potential impact of 5G use cases that haven’t been built yet, opportunities to monetize 5G with little additional investment are out there for network service providers (NSPs) who know where to look. Now, it’s time to look toward the future. Anyone who’s been paying attention knows that 5G technology will be revolutionary across many industry use cases, but I’m not sure everyone understands just how revolutionary, and how quickly it will go down. According to Gartner®, “While 10% of CSPs in 2020 provided commercializable 5G services, which could achieve multiregional availability, this number will increase to 60% by 2024”.[i] With so many recognizing the value of 5G and acting to capitalize on it, NSPs that fail to prepare for future 5G opportunities today are doing themselves and their enterprise customers a serious disservice. Preparing for a 5G future may seem daunting but working with a trusted interconnection partner like Equinix can help make it easier. 5G is so challenging for NSPs and their customers because it is so revolutionary. Mobile radio networks were built with consumer use cases in mind, which means the traffic from those networks is generally dumped straight to the internet. 5G is the first generation of wireless technology capable of supporting enterprise-class business applications, which means it’s also forcing many NSPs to consider alternatives to the public internet to support those applications. User plane function breakout helps put traffic near the app In my last article, I mentioned that one of the key steps mobile network operators (MNOs) could take to enable 5G monetization in the short term would be to bypass the public internet by enabling user traffic functions in the data center. This is certainly a step in the right direction, but to prepare themselves for future 5G and multicloud opportunities, they must go further by enabling user plane function (UPF) breakout. The 5G opportunities of tomorrow will rely on wireless traffic residing as close as possible to business applications, to reduce the distance data must travel and keep latency as low as possible. This is a similar challenge to the one NSPs faced in the past with their wireline networks. To address that challenge, they typically deployed virtual network functions (VNFs) on their own equipment. This helped them get the network capabilities they needed, when and where they needed them, but it also required them to buy colocation capacity and figure out how to interconnect their VNFs with the rest of their digital infrastructure. Instead, Equinix customers have the option to do UPF breakout with Equinix Metal®, our automated bare-metal-as-a-service offering, or Network Edge virtual network services on Platform Equinix®. Both options provide a simple, cost-effective way to get the edge infrastructure needed to support 5G business applications. Since both offerings are integrated with Equinix Fabric™, they allow NSPs to create secure software-defined interconnection with a rich ecosystem of partners. This streamlines the process of setting up hybrid deployments. Working with Equinix can help make UPF breakout less daunting. Instead of investing massive amounts of money to create 5G-ready infrastructure everywhere they need it, they can take advantage of more than 235 Equinix International Business Exchange™ (IBX®) data centers spread across 65 metros in 27 countries on five continents. This allows them to shift from a potentially debilitating up-front CAPEX investment to an OPEX investment spread over time, making the economics around 5G infrastructure much more manageable. Support MEC with a wide array of partners Multiaccess edge compute (MEC) will play a key role in enabling advanced 5G use cases, but first enterprises need a digital infrastructure capable of supporting it. This gets more complicated when they need to modernize their infrastructure while maintaining existing application-level partnerships. To put it simply, NSPs and their enterprise customers need an infrastructure provider that can not only partner with them, but also partner with their partners. With Equinix Metal, organizations can deploy the physical infrastructure they need to support MEC at software speed, while also supporting capabilities from a diverse array of partners. For instance, Equinix Metal provides support for Google Anthos, Amazon Elastic Container Service (ECS) Anywhere and Amazon Elastic Kubernetes Service (EKS) Anywhere. These are just a few examples of how Equinix interconnection offerings make it easier to collaborate with leading cloud providers to deploy MEC-driven applications. Provision reliable network slicing in a matter of minutes Network slicing is another important 5G capability that can help NSPs differentiate their offerings and unlock new business opportunities. On the surface, it sounds simple: slicing up network traffic into different classes of service, so that the most important traffic is optimized for factors such as high throughput, low latency and security. However, NSPs won’t always know exactly what slices their customers will want to send or where they’ll want to send them, making network slice mapping a serious challenge. Preparing for a 5G future may seem daunting but working with a trusted interconnection partner like Equinix can help make it easier.” Equinix Fabric offers a quicker, more cost-effective way to map network slices, with no need for cross connects to be set on the fly. With software-defined interconnection, the counterparty that receives the network slice essentially becomes an automated function that NSPs can easily control. This means NSPs can provision network slicing in a matter of minutes, not days, even when they don’t know who the counterparty is going to be. Service automation enabled by Equinix Fabric can be a critical element of an NSP’s multidomain orchestration architecture. 5G use case: Reimagining the live event experience As part of the MEF 3.0 Proof of Concept showcase, Equinix partnered with Spectrum Enterprise, Adva, and Juniper Networks to create a proof of concept (PoC) for a differentiated live event experience. The PoC showed how event promoters such as minor league sports teams could ingest multiple video feeds into an AI/ML-driven GPU farm that lives in an Equinix facility, and then process those feeds to present fans with custom content on demand. With the help of network slicing and high-performance MEC, fans can build their own unique experience of the event, looking at different camera angles or following a particular player throughout the game. Event promoters can offer this personalized experience even without access to the on-site data centers that are more common in major league sports venues. DISH taps Equinix for digital infrastructure services in support of 5G rollout As DISH looks to build out the first nationwide 5G network in the U.S., they will partner with Equinix to gain access to critical digital infrastructure services in our IBX data centers. This is a great example of how Equinix is equipped to help its NSP partners access the modern digital infrastructure needed to capitalize on 5G—today and into the future. DISH is taking the lead in delivering on the promise of 5G in the U.S., and our partnership with Equinix will enable us to secure critical interconnections for a nationwide 5G network. With proximity to large population centers, as well as network and cloud density, Equinix is the right partner to connect our cloud-native 5G network.” - Jeff McSchooler, DISH executive vice president of wireless network operations

Read More
APPLICATION INFRASTRUCTURE

Securing the 5G edge

Article | November 11, 2021

The rollout of 5G networks coupled with edge compute introduces new security concerns for both the network and the enterprise. Security at the edge presents a unique set of security challenges that differ from those faced by traditional data centers. Today new concerns emerge from the combination of distributed architectures and a disaggregated network, creating new challenges for service providers. Many mission critical applications enabled by 5G connectivity, such as smart factories, are better off hosted at the edge because it's more economical and delivers better Quality of Service (QoS). However, applications must also be secured; communication service providers need to ensure that applications operate in an environment that is both safe and provides isolation. This means that secure designs and protocols are in place to pre-empt threats, avoid incidents and minimize response time when incidents do occur. As enterprises adopt private 5G networks to drive their Industry 4.0 strategies, these new enterprise 5G trends demand a new approach to security. Companies must find ways to reduce their exposure to cyberattacks that could potentially disrupt mission critical services, compromise industrial assets and threaten the safety of their workforce. Cybersecurity readiness is essential to ensure private network investments are not devalued. The 5G network architecture, particularly at the edge, introduces new levels of service decomposition now evolving beyond the virtual machine and into the space of orchestrated containers. Such disaggregation requires the operation of a layered technology stack, from the physical infrastructure to resource abstraction, container enablement and orchestration, all of which present attack surfaces which require addressing from a security perspective. So how can CSPs protect their network and services from complex and rapidly growing threats? Addressing vulnerability points of the network layer by layer As networks grow and the number of connected nodes at the edge multiply, so do the vulnerability points. The distributed nature of the 5G edge increases vulnerability threats, just by having network infrastructure scattered across tens of thousands of sites. The arrival of the Internet of Things (IoT) further complicates the picture: with a greater number of connected and mobile devices, potentially creating new network bridging connection points, questions around network security have become more relevant. As the integrity of the physical site cannot be guaranteed in the same way as a supervised data center, additional security measures need to be taken to protect the infrastructure. Transport and application control layers also need to be secured, to enable forms of "isolation" preventing a breach from propagating to other layers and components. Each layer requires specific security measures to ensure overall network security: use of Trusted Platform Modules (TPM) chipsets on motherboards, UEFI Secure OS boot process, secure connections in the control plane and more. These measures all contribute to and are integral part of an end-to-end network security design and strategy. Open RAN for a more secure solution The latest developments in open RAN and the collaborative standards-setting process related to open interfaces and supply chain diversification are enhancing the security of 5G networks. This is happening for two reasons. First, traditional networks are built using vendor proprietary technology – a limited number of vendors dominate the telco equipment market and create vendor lock-in for service providers that forces them to also rely on vendors' proprietary security solutions. This in turn prevents the adoption of "best-of-breed" solutions and slows innovation and speed of response, potentially amplifying the impact of a security breach. Second, open RAN standardization initiatives employ a set of open-source standards-based components. This has a positive effect on security as the design embedded in components is openly visible and understood; vendors can then contribute to such open-source projects where tighter security requirements need to be addressed. Aside from the inherent security of the open-source components, open RAN defines a number of open interfaces which can be individually assessed in their security aspects. The openness intrinsically present in open RAN means that service components can be seamlessly upgraded or swapped to facilitate the introduction of more stringent security characteristics, or they can simultaneously swiftly address identified vulnerabilities. Securing network components with AI Monitoring the status of myriad network components, particularly spotting a security attack taking place among a multitude of cooperating application functions, requires resources that transcend the capabilities of a finite team of human operators. This is where advances in AI technology can help to augment the abilities of operations teams. AI massively scales the ability to monitor any number of KPIs, learn their characteristic behavior and identify anomalies – this makes it the ideal companion in the secure operation of the 5G edge. The self-learning aspect of AI supports not just the identification of known incident patterns but also the ability to learn about new, unknown and unanticipated threats. Security by design Security needs to be integral to the design of the network architecture and its services. The adoption of open standards caters to the definition of security best practices in both the design and operation of the new 5G network edge. The analytics capabilities embedded in edge hyperconverged infrastructure components provide the platform on which to build an effective monitoring and troubleshooting toolkit, ensuring the secure operation of the intelligent edge.

Read More

Spotlight

Solita

Solita is a digital business consulting company our customers’ travel guide in a changing world. We create new business and services for the private and public sectors by combining technology, business processes and content in a new way.

Events