IG1124 ZOOM NFV Security Fabric Overview R14.5.1

Virtualization is a trend that is sweeping across the IT and Communications industries and in its wake it is bringing radical change to technical solutions, development and operation of infrastructure and services. The Service Provider business drivers for NFV are clear reduce CapEx, reduce OpEx, accelerate Time to Market and deliver agility and flexibility in introducing new services without worrying about physical infrastructure, while retaining or enhancing the service experience already benchmarked through physical infrastructure solutions.

For NFV service consumers it promises to deliver business and customer benefits such as product innovation and customer experience without being concerned with low level issues, e.g., infrastructure layout, low level operation and maintenance activities. However, to realize such business benefits NFV consumer needs to have stringent business orientated process to pick right NFV provider that is well equipped with Security (focus of this document), Operations, Integration, Quality and Business agility tools.

However these services, once introduced, need to be managed and particularly in regard to security NFV opens up an array of new threat surfaces/attack vectors that if exploited could have a significantly greater impact than was possible before.

Recent publications from ETSI on Network Functions Virtualization (NFV) included a draft NFV Security Problem Statement that covers in some detail what the specific issues are, but not how they can be managed effectively without detracting from the benefits expected from NFV.

Having policy compliant security in place for any instantiation of the virtualized infrastructure and service is critical the virtualized services layer has some unique e2e security management challenges for which there appears to be no firm industry activity.

This document outlines the TM Forum view on where the security fabric needs to be to support virtualized services and the requirements and dependencies that it may place on the underlying platform virtualization and infrastructure layers. The rationale for not focusing on the platform virtualization layer and the logical and physical infrastructure layers is that both of these are being addressed by other groups working on cloud platforms such as IaaS, PaaS.