Page 307 - Big data - Concept and application for telecommunications
P. 307
Big data - Concept and application for telecommunications 5
off more easily because the data forwarding function does not have to be in operation if there is no traffic.
The simplification may also contribute to expand device lifetime. On the other hand, the functionality that is
logically centralized may become complicated, and its power consumption may increase. This may be
mitigated by virtualizing the function and applying energy management in cloud computing.
10 Security considerations
The introduction of a high level of automation in the overall service delivery procedure by means of SDN and
orchestration techniques raises security challenges.
SDN provides new possibilities to combat security breaches. The affected resources may be easily and quickly
isolated, malicious traffic may be safely terminated, sensitive flows can be identified and separately
transferred in a more secure manner, e.g., with dedicated equipment and security protocols. All these
processes may be automated due to SDN’s improved robustness.
Moreover, a logically centralized SDN controller enables operators and/or entities that aim to make use of
SDN capabilities to have a broader and/or global view of the current status of networks, which makes security
operation easier and more efficient. SDN also raises new security issues. More functionalities traditionally
implemented in hardware become software-based, and it becomes possible to modify their behavior through
API, policy management, or lifecycle management functionalities. Therefore, it becomes critical to guarantee
that legitimate person/function does appropriate operation with these functionalities through secure
authentication and authorization.
Appropriateness of operation may be checked by the introduction of formal method, whose requirement is
described in [ITU-T Y.3320]. It is also important to prevent or mitigate other kinds of security breaches, e.g.,
denial of service by e.g., filtering of packets to target functionality.
A logically centralized controller can be a single point of failure, and can be a target of malicious attacks. It is
therefore important to pay special attention to redundancy designs.
The possibilities and challenges will be described in more detail in forthcoming ITU-T X-series
Recommendations.
Network and infrastructure 299