Concerns from an Operator Security Department

 


During the integration phase of the several testbeds, SoftFIRE has tried to fulfil the security requirements pose forwards by a Telecom Operator.

The requests were to clearly segment and compertamentalize the access to the resources made available by the Operators. In addition there was the need to share with the Operator the security specifications and rules of other testbeds. In addition the possibility to access directly the other testbed for possible assessment was put forward.
These request had a considerable impact on the entire project:

  • the different testbeds had to allow a bit of assessment of their infrastructure, and to implement stricter rules and process for access to the resources;
  • the interconnections between the different testbeds had to follow a rigid and complicated VPN policy;
  • the collection of security data at the level of the entire federated testbed was questioned because some projects had to collect runtime information from different site comprised the one of the Operator;
  • programmers were suffering a huge impact. For instance for a while there was no possibility for them to access to their Virtual Machines during runtime for debugging and tuning the software

Some shortcuts to facilitate the solutions of the issues were tried, but they were resulting in different polocies and procedures to be implemented.
Ad the end a few ecceptions have been introduced and other solutions (such as the externalization of resources outside of the boundary of the Operator have been considered.

As a first consideration about this issue, it is important to notice that if the Operators wants to allow an effective programming of their environments, they should elaborate more the policies and the mechanisms used to grant access to the Third Parties and programmers. The programmers have to have access to the platform for program and test their solutions. Without proper policies the programmability feature of Testbed and NFV/SDN platform is not fully exploited by the programmers resulting in difficulties in attracting programmers.