Industry Q&A: What is Top of Mind for Communication Service Providers (CSPs) and MSSPs in Cybersecurity Today?
For carriers today, it seems there are always fresh opportunities to deliver new and possibly lucrative network services for businesses and consumers. The growth of IoT alone holds tremendous potential for business opportunities. However, this is also a time of risk for carriers, as they face increasingly sophisticated security threats. Fortinet's Richard Orgias offers some perspectives on the current state of the industry.
1) What are the biggest security threats carriers and service providers are facing right now?
The biggest security threats that Communication Service Providers are facing right now are directly tied to their most significant business challenges. For CSPs, key challenges include transforming their networks to support new services, dealing with non-traditional competitors, maintaining security in an increasingly open environment, and managing the growing demand for security services from the broad range of industry segments they serve.
Each of these challenges comes with implications for security. Transforming networks requires that security be adapted to ensure its effective application in new architectures. Addressing non-traditional competitors and open environments means CSPs are looking at new types of traffic, partners, and content. Environments that were once isolated are now connected. This demands a very close look at the application of security to mitigate threats and protect user information and data integrity where there has traditionally not been much security implemented. Finally, the growth in demand for Managed Security Services, an area CSPS’s dominate, requires they deliver the most effective security available and utilize the most effective management tools at their disposal to maintain market leadership and profitability.
2) What are some of the business and IT challenges carriers and service providers are facing today which gives additional context to their security needs and decisions? What is top of mind?
Many CSPs are focused on transforming their networks to improve operational efficiency, increase flexibility, and satisfy customer demands for new service capabilities. They see a need to embrace new business models built around the delivery of digital communication, digital connectivity, and digital content. The transformation has catalyzed a migration to cloud based networks to support both traditional IT network and service network functions. This migration is also driving the trend to virtualize functions and establish “programmable” software and application based networks. Security is a core element in the design of these networks given the importance of maintaining availability as well as the protection of emerging applications and data.
3) Briefly, what are some “must haves” that carriers and service providers need to protect their sensitive data and protect their customers?
All of the traditional enterprise security concerns apply in the CSP space. The greatest difference is in the scale over which security protection must be applied. CSPs have access to large amounts of customer data and support extensive networking support for applications. Every CSP focused on maintaining an effective security posture needs to ensure it can support security functions like advanced authentication, monitoring, threat intelligence, and denial of service. Given the operational complexity of CSP networks, tools for effective management, support for multiuser environments, and effective network security design are also critical
4) Research has shown that there is room for improvement in terms of what carriers and service providers are doing in terms of proactive security. What are some of the roadblocks?
Two factors that can impede the application of effective security in CSP networks are scalability and manageability. CSP networks are large, distributed, and serve enormous numbers of users. The keys to addressing these potential impediments are performance and operational ease. High performance security solutions capable of addressing the throughput, latency, and ability to handle the specialized protocols of CSP networks support their requirement for scalability. Operational issues can be addressed with security functionality delivered through multiple physical and virtual form factors and common management tools.
5) Since service providers need to secure their own business and also protect the service offerings they provide for their customers, how does this create unique challenges for their security needs?
Many CSPs are already blurring the line that has traditionally existed between the security they provide within their own four walls and the security they apply to their service delivery networks. With concerted efforts to move their data centers to the cloud and a big push to virtualize their network and implement SDN, CSPs will need to bring carrier-class security to their enterprise customers. The biggest security challenges for Carriers will be delivering the performance required to maintain effective security as the volume of traffic they see continues to grow in both quantity and complexity.
6) Since carriers often face global or industry regulations, how does this create unique challenges for their security needs?
For CSPs, industry regulations present the biggest challenge when they deliver Managed Security Services to customers in industries that are subject to regulation, such as Financial Services, Healthcare, or Retail. In these situations, the burden will be on the CSP to ensure that their security service is compliant with the needs of their users. This may require certification of service and network design, which are requirements that need to be addressed by careful security product selection and best design practices. While the needs of customers may be specific, the Service Delivery Networks being developed by many CSPs will provide them with an advantage that alternative providers may be unable to match.
7) Looking ahead, what do you think the carrier and service provider threat landscape will look like five years from now?
Carriers are clearly focused on building networks that support their ambitions to provide the connectivity necessary to support the vision of an Internet of Things. There are already initiatives to support home security monitoring and M2M communication for industrial applications. Support for autonomous vehicles and smart homes is in the planning stages. Security will be an essential enabler of this vision. As important as the type of the security, will be the ways in which it is architected and deployed, and the types of environment in which it delivered. There is lots of room for innovation in these areas.