By Steve Goeringer, CableLabs; Dr. Indrajit Ray, Colorado State University
Our networks are continuously evolving and there are lots of neat ideas out there on how this evolution should be done. There are lots of ideas including software defined networking (SDN), network functions virtualization (NFV), development operations (devops), containers, virtual machines, just to name a few. All of these complex ideas are ultimately about automating the deployment and delivery of network services over open distributed architectures. Network operators are avidly reinventing themselves using open distributed architectures to reduce cost, accelerate service velocity, and enable new types of services. However, these technologies also present new security challenges — our traditional ways of addressing network security must evolve. This paper briefly reviews the unique security challenges and opportunities network operators face as they apply these technologies. After a brief introduction, the paper discusses some of the emerging challenges. These are organized into two parts: larger and obfuscated attack service; and new risks. This is followed by discussion of the opportunities operators can leverage to use these technologies to improve security. The paper concludes with a review of proactive actions currently available to operators.