Best Practice

Security by Design

Reply supports its Clients in the development of a business solution that considers both functional and security requirements at all stages of its life cycle (from development and design, through to testing). 

#Secure Cloud Adoption
#Cloud Native Security
#Dev SecOp

5 Pillars for a Secure and Compliant Platform

The implementation of Network Disaggregation Technology will allow Telcos to transform their Access Layer into a distributed, cloud-native, multi-access edge platform that serves their clients with traditional Telco services, and to develop value-adding services to be sold to clients (B2C, B2B) or to other companies (B2B2C, B2B2B). Network function disaggregation represents a dramatic departure from the way Access Layer devices are designed and built. This solves deployment challenges, but introduces new security issues. Cybersecurity constraints will impact all new Network Access Layer pillars, from open management tools and the definition of L2/L3 protocols stacks, to independent Network OS and White Box Server containers which will become part of the security supply chain analysis.

In the end, this is going to create a complex and open ecosystem made up of a plethora of different technological components provided or enabled by several third parties and distributed across various cloud/edge computation sites. In this context, exposure to cyber threats largely extends outside of company boundaries. Though there are multiple overlaps – and the boundaries between them are, at times, blurred – we can identify 5 overlapping pillars that must be addressed to ensure proper security over the resulting platform: Security and Compliance Requirements, Digital Supply Chain Security, and Secure Implementation and Operations. These three pillars all span across Infrastructure Security and Software Security.


A Holistic Approach for the Ecosystem’s Security and Compliance

Network disaggregation technology implementation and operation is organized around two parallel, interacting and complementary streams. One is dedicated to the design, implementation, maintenance and evolution of the components that make up the underlying technological infrastructure; the other focuses on the lifecycle of software services running on top of the enabling platform. The difference in their nature needs to be reflected in the practices that are put in place to ensure proper security. 

The security aspects in the enabling infrastructure setup and lifecycle stream should be coherent with a Progressive Security by Design practice. The goal of this practice is to standardize architectures through reusable patterns and make the enabling platforms foundationally secure. Meanwhile, in the software services DevOps stream, security tasks should be organized within the DevSecOps practice, which integrates application security into Agile and DevOps paradigms.

We have multi-vendor troubleshooting capabilities, gained from multiple projects in which we have supported and mediated between different vendors to solve problems such as those that inevitably arise after a disaggregated deployment. We have extensive interoperability test experience (regression testing, new feature testing) and extensive CI/CD experience in softwarized networks and infrastructures.

Supporting our Clients in turning innovation into real-life is in Reply’s DNA. We help our Clients understand, design and deploy innovative solutions while simultaneously building the internal skills and capabilities required for an internally sustainable journey. 


Why Reply?

A multi-vendor strategy is only as good as the breadth and depth of your vendor ecosystem. It is therefore important to not only access an ecosystem of partners to navigate through the disaggregation maze, but also to have a partner that can make sense of it all. The new paradigm considers most of the recent security best practices, which all converge in the disaggregated scenario. From a security point of view, we have long-term experience managing constraints in the Telco Market and can easily lead the implied technology transformation.

We will support our Clients in the development of a business solution that considers both functional and security requirements at all stages of its life cycle (from development and design, through to testing) . Most of the time, the traditional security approach involves checking for leaks and weaknesses at the end of the process. However, this new approach – which considers safety checks, assessments and audits during the design phases and during the creation of software, services and devices – allows Clients to save on costs that would otherwise be incurred in remediation.


You may also like

No contents here.