Services for Operators
Whether it is enabling new value added security services for business and government customers, enabling regulatory compliance for big data lakes or securing their own internal infrastructure from nation-state cyberattack, Guardtime’s solutions deliver high value for telecom operators
In the years ahead, the telecom operators that will succeed will be those that become much better at monetizing the delivery of services that have become essential to the daily lives of everyone around the world. Rather than competing on price, telecom operators must figure out how to optimize revenues by delivering service quality and superior customer experiences. Security is one key opportunity that telecom operators can differentiate on against the “over-the-top” (OTT) players that piggyback free on telecom systems.
Revenue Generation from KSI Services and Solutions
KSI is an industrial scale full stack blockchain infrastructure, the deployment of which offers a myriad of new security solutions and service revenue opportunities for telecom operators.
All KSI solutions require a telecom service provider to deliver reliable service to customers, whether enterprise, government or consumer and first requires the infrastructure deployment within the operator’s network. Guardtime and our infrastructure partners provide infrastructure, training and professional services to help in deployment, operating and design of the network.
Network Function Virtualization (NFV) and Cloud RAN (Radio Area Networks) represent major shifts in the telecommunications and networking industry, applying virtualization to the telecommunications domain, something that appeared to be impossible until recently due to the stringent performance, availability, reliability, and security requirements in communication networks
Cloud computing architecture makes this all possible, where commercial off the shelf solutions can be used in different service layers to avoid using customized hardware and software solutions from specific vendors. However, the radio network controller applications in the cloud-computing environment still require all the software and hardware layers of traditional telecom equipment. But, hardware virtualization, OS abstraction layers, and middle layers can be provided to the RAN applications through virtual service layers so that it can remain independent of underlying hardware and software components.
Here is where the ‘rubber hits the road’ for C-RAN. The integrity of all of these interactions is paramount if the operator is to have any kind of confidence in the deployment, provisioning, and automated adjustment and/or manipulation of services. Maintaining and assuring the accuracy and consistency of systems and data is as important, if not more than the availability of the system and resources across the cloud’s virtualization environment. With increased abstraction and reliance on virtualization infrastructure, applications, and API interfaces to the PaaS layer’s machine-to-machine interactions will be paramount. This is where C-RAN exploiters will likely focus their attacks.
Code, APIs, and application vulnerabilities and implementation specific flaws will plague these architectures and service layers. At Guardtime, we have never known a cloud application NOT to be exploitable – and with increased abstraction this is a nightmare scenario for operators managing critical communications assets (not to mention their customers utilizing the mobile environment for everything from mobile banking, to social networking, to email, and video).
Traditional security solutions have failing as they are based on the need to search for vulnerabilities. That search can be in the form of firewalls scanning each packet that enters the network, signature-based malware detection schemes, of using sandboxes (or multi-vector virtual execution) to run code inside a protected environment. These are very sophisticated technologies but they all suffer from one fundamental problem: there is no mechanism to verify that they are working; they are useless against unforeseen attacks.
KSI is based on different assumptions: That the state of a network can be independently verified with mathematical certainty. The key word is “independently”. It means that the configuration of every switch and router, the state of every event log and data item in data stores can be verified without the need for trusted administrators or in the procedures that define the security of the network.
The implication is that if you can guarantee the state of your network then any unauthorized change in the state of that network represents an attack, the impact of which can be mitigated. This is a fundamentally different assumption and is the difference between searching for needles in a haystack and having real-time situational awareness of every stalk of hay.
- 6 reasons security will fail on the Industrial Internet
- Data poisoning
- Native Forensics: integrity instrumentation and breach management
Enabling the Cloud Transformation
Driven by proven cost-efficiencies, cloud computing remains very appealing to the customers of telecom operators, whether government, or enterprise. The challenges, however, of moving mission critical processes to the cloud remain unsolved. Specifically the question that needs to be answered: “how do I comply with the law and trust my mission critical processes to an outsourced vendor who has little if any accountability?”
Telecom operators should be able to satisfy these requirements as a trusted partner with whom to outsource mission critical processes. Integrated into the cloud infrastructure KSI provides a level of assurance not previously possible, providing complete traceability, accountability and transparency for the cloud. Entities who are either using or administrating the cloud can be held responsible for their actions, regulators get to audit all processes and everyone involved can verify what happened when.Related Solutions:
- Whitepaper: Cloud insecurity and true accountability
- BlockCloud: re-inventing cloud with blockchains
- Google, subrogation and cloud data residency
- Re-thinking cloud forensics
- Addressing CIO concerns over the public cloud
- Trust and truth in the public cloud
Hadoop Big Data Lakes Automated Verification of Compliance
As the amount of data collected by telecom operators continues to rise at an exponential rate, operators face the overwhelming and unprecedented challenge of capturing, managing, processing and analyzing this data in order to extract as much value as possible, and still comply with regulations.
Most operators conduct analytics programs that enable them to use their internal data to boost the efficiency of their networks, segment customers, and drive profitability with some success. But the potential of big data poses different challenge: how to combine much larger amounts of information to increase revenues and profits across the entire telecom value chain,from network operations to product development to marketing, sales, and customer service — and even to monetize the data itself. Monetizing the data itself represents huge challenges exposes huge challenges, data is accessed via APIs which themselves are inherently insecure and regulators will respond with a heavy hand to any breach of PII (Personal Identifiable Information) regulations.
KSI provides a significant opportunity as it allows for automated verification of compliance, whether regulation of how PII is used or on meeting regulatory requirements on retention or breach reporting.
Consider Hadoop and HDFS. It would represent a huge cost saving for telecom operators if they use this as their one and only data store. This is impossible today as in order to meet compliance regulations certain types of data (customer data, transactions) must be moved to regulatory compliant archives. With KSI integration for big data this problems goes away representing a huge cost saving
- Big data and privacy in the digital age - TIA 2014
- Privacy, integrity and big data rules
- Google, subrogation and cloud data residency
- Big data governance and security for the Fortune 500
- Open letter to Brad Smith, Microsoft's General Counsel
- Attribution and data lakes - the future of big data
Internet of Things: Leveraging the Blockchain
A key revenue opportunity for telecom operators is to provide security services for the Internet of Things as a key differentiator for using radio infrastructure. Whether it is for authentication of devices, integrity of the network or end to end chain of custody of data generated by devices, KSI offers a unique competitive advantage for telecom operatorsRelated Solutions:
- Blockchain security implications for the Industrial Internet
- The Industrial Internet - forensics, attribution and data governance
- SDN and IoT - attributed software defined networks and 50 billion machines
- Privacy and integrity on the IoT if all you have is a PKI hammer...
- An independent audit trail for ten billion machines: rsyslog, cybersecurity and the IoT