A High Value Input To Dynamic Bandwidth Switching And Security In SDN
Where do I need to plan for additional bandwidth? Is this going to be a onetime spike or should we envision this as a periodic or chronic phenomenon? Can I reduce churn through predicting the behavior of my valued subscribers? Can I enhance security of my SDN infrastructure?
Location as an input to SDN security procedures is another area that has garnered a lot of interest
These are some of the broader strategic questions that we have been involved in solving through location analytics. We believe location is the new “cookie” – where you go and have been physically, your real world tracks that can lead to better insights than where you have been in cyberspace. Properly anonymized and by proactively seeking permission these patterns have the capability to enhance a subscriber’s experience phenomenally.
All service providers already have their subscribers’ location readily available. Let’s explore a few ways this data could help the subscriber increase satisfaction and add to security procedures:
• Let’s start with the individual subscriber level, which may include: home-to-work route taken, time of day, subscriber activity, and device interactions. For example, let’s say we ascertained through data that of the more than 100 subscribers boarding a commuter train in Palo Alto at 7:50 a.m. every weekday commuting to San Francisco, 30 percent consumed streaming video, 40 percent slept and interacted only minimally with their device, 20 percent were answering emails, and so on. This repeatable, predictable behavior can then be used as an input into the operational support systems that switch on additional bandwidth along the route through any mechanism a service provider may choose to use (Wi-Fi offload, channel bonding, content prefect etc.), allowing the service provider to greatly enhance the customer experience by reducing buffering, degradation of service, etc. This example can further be extended to neighborhood, metro, regional and national use cases. Ad hoc event provisioning, traffic management, content delivery network enhancement, etc. are a few of the more obvious extensions.
• Location as an input to SDN security procedures is another area that has garnered a lot of interest. In the not-so-distant past, network operations were controlled by specialists sitting in access controlled locations that were continually monitored. To realize the operational efficiencies of SDN these operations will often move out of the controlled locations and will be accessible by partners, customers and even subscribers, presenting additional vulnerabilities that must be mitigated and managed. Instantaneous and historical location can then be used as an added protection to these systems.
For example, imagine an authorized user working out of Chicago. By correlating his mobile location to the times he has accessed a system, we can see that the user has consistently showed a tight geographic area in which he or she has gained access. If the latest record of access has shown him to be out of this area than this could be considered an area of heightened risk and possibly used to trigger additional validation. Recently, some have seen a five-time increase in the use of geo-spoofing for multiple attack vectors, so it is imperative that device location be verified against a trusted source. There are solutions available that are capable of providing a location trust score by validating device reported location against a set of highly secure satellite location data and access point data. While device-reported location could be a primary test, the real golden latitude/longitude set is ideally obtained through network initiated and measured location to ensure integrity of a devices’ location.
• Location can also be used to ensure that first responders have adequate access to bandwidth and the appropriate quality of service (QoS). Enabling first responder devices to report a trusted location would trigger a virtual QoS overlay onto a Mobile Network Operator (MNO) or Mobile Virtual Network Operator (MVNO) network when a certain threshold of first responders within a geographical area has been breached. This overlay could be an automatic policy trigger by the service provider or could be triggered upon request.
Without the expense of building out a separate network, first responders could be assured of enough service level for critical communications. It is imperative to note that in these scenarios, location must be verified at a network level and cannot rely solely on the device. Loss of timing, GPS spoofing/blocking, hostile RF environments must all be accounted for.
These are but a few examples of the value judicious, controlled and secure use of location adds to the burgeoning SDN ecosystem. The good news is that this data is already available and the cost to implement it is minimal. Predictive location of individuals and populations is the next frontier in enabling network planning.