ETSI releases TS 103 457 to secure functions in a virtualized environment

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 457, that tackles the challenge of secure storage – where organizations want to protect customer data whilst still using a cloud that is not under their direct control.

Many organizations need to protect this data, but when it is held in a virtual network or cloud, the organization often doesn’t have control of this storage solution. TS 103 457 solves this problem, by standardizing an interface between a “secure vault” that is trusted and a cloud that could be anywhere, where such sensitive data is stored in the vault. This allows a sensitive function to exist in a lower security environment, with data held securely.

This new specification offers multiple use cases. For instance, this interface can be used with new network function virtualization (NFV) technology to allow secure authentication of users for billing purposes. Virtualization means that processing can happen anywhere and might be untrusted, therefore these secure vaults are needed to protect sensitive functions and data. This is more common than ever as NFV technology becomes widespread.

The interface can also be used to search databases that hold private data. Another feature defined in the specification is a logging function that allows queries of customer data to be audited, making it easier to detect data breaches, which in turn deters malicious activity.

This standard proposes a new interoperable interface, so that an organization may change “vault” or cloud provider and still achieve the same functionality; vital in a world of evolving technology.