Security Best Practices for CSPs in a Borderless World

A fence representing security for CSPs
October 03, 2017
by Mattias Mattsson BLog Post Title Underline

In the early days of VoIP, cost, functionality, and reliability were the top concerns. Now, as a mainstream communication technology, security has landed as a leader on the issues list. Perhaps the industry was blissfully unaware back then, or maybe just shortsighted about the onslaught of nefarious activity that would ensue.

 Read BLOG: VoIP Security and Eavesdropping Attacks

As warnings are released about rising VoIP hacking, it gives us time to pause and prepare so that we don’t repeat past mistakes. Today’s digital economy is shaping a different kind of network – one that is distributed and borderless. The one problem with this dynamic and hyper-connected environment is that traditional security approaches were never designed to fit that model.

That leaves us to question the best security practices for providers as traditional MPLS infrastructure is replaced with software-defined WANs (SD-WANs), even in areas where MPLS was never possible.

Never Rely on a Single Appliance

One security appliance will not protect the network and everything connected to it. With the rise of cloud and the Internet of Things (IoT), we are dealing with endpoints built on questionable code bases that are necessary to get to market quickly. That means security is often an afterthought or something that will be dealt with when a security event arises.

For providers using SD-WAN, security is built-in since all packets travel over encrypted tunnels. But as technology evolves, like the addition of insecure IoT devices, providers should look ahead at how ransomware could adapt and use encrypted tunnels as an ideal mechanism for malware distribution.

While SD-WAN is an indisputably positive force in the telecom arena, some organizations are looking to software-defined perimeters (SDPs) to stop network-based attacks. SDPs combine transport layer security, public key infrastructure, and security assertion markup language, in conjunction with a control infrastructure to create immunity against various attacks. Essentially, SDPs guarantee that only pre-authorized users and devices have access to the application infrastructure.

Inspecting tremendous amounts of encrypted traffic can strain the network and lead to adverse reactions like service degradation. This should be a major concern for all providers as data grows at an unprecedented rate, meaning heavy lifting will have to be done at scale.

Best Practice Tip: Providers should consider finding purpose-built security appliances and virtual functions that are interoperable and can easily encrypt and decrypt data without impacting service delivery.

Create a Flexible Security Fabric

Picking up on the last best practice, providers need to weave a security fabric that connects all security devices. Networks are evolving towards open systems and interconnectivity. It’s counterproductive to create hardened borders with security appliances that do not work elastically across the expanding and changing ecosystem.

Providers should be able to weave security solutions into a single framework that can sprawl across the network, adapting as endpoints and branch locations are added or removed.

Best Practice Tip: Providers should use security solutions that provide an end-to-end network view so that issues can be isolated and attacks can be spotted and stopped before service is interrupted.

Prepare for the Unexpected

If history tells us anything, it’s that malicious actors are more sophisticated than we could have imagined. Providers shouldn’t sit around and wait for the next big attack to prepare their evolving networks. Instead, seek out partners that are equally committed to innovation and securing communications, while also maintaining a high quality of service.

Edgewater Networks’ Intelligent Edge solutions apply two layers of end-to-end encryption, transport layer security and secure real-time transfer protocol, to protect against distributed denial of service, toll fraud, data exfiltration, and other cyber attacks. Paired with the EdgeView Service Control Center, Edgewater Networks uses transport layer security pass-through to help perform call monitoring and quality control functions, so that security and quality go hand-in-hand.

To learn more about securing future communications, read our white paper VoIP and UC Security Challenges: Is Your System Safe?

New Call-to-action

Topics: VoIP, Security

BLog Post Title Underline

SIP Trunking Survey: Many Don't Have any SBCs