It has become necessary for many communications service providers (CSPs) to begin a transformation into digital service providers (DSPs). However, as CSPs embrace the increasingly connected environment required to support new services such as the Internet of Things (IoT) and capabilities such as virtualization, their once secure and proprietary network assets can become prone to malicious attacks. So, it is no surprise that we saw an increasing emphasis on security both before and during this year’s Mobile World Congress (MWC), with vendors such as Ericsson, Nokia, and Juniper Networks launching new security products and announcing new partnership alliances.
While IoT presents CSPs with new service opportunities, it also raises potential concerns about security and privacy, especially as the number of devices accessing the network ramps up. It was appropriate that Mobile World Congress keynote speaker Eugene Kaspersky, founder and CEO of Kaspersky Labs, highlighted the potential vulnerability of connected cars to cyberattacks. Likewise, recent attacks on 3 Mobile, Deutsche Telekom, and Dyn highlight how susceptible IoT devices are and how they can be used as tools to compromise the performance of the CSP network.
The shift to cloud delivery models, software-defined networking, and network-function virtualization (NFV), 5G and open APIs all raise security considerations. For instance, the adoption of NFV implies that network technology will evolve from being a closed, proprietary, single-purpose environment toward a virtualized environment that uses open protocols like Linux and OpenStack. The remote programmability enabled by NFV also potentially exposes the network infrastructure to cyber threats.
CSPs must consider critically how to secure their networks and new service offerings as they undergo their digital transformation journeys. CSPs need to make investments in the right tools and capabilities that ensure the security of the devices that run on their networks, the applications and services that are consumed on the network, and the network infrastructure itself. Investment in endpoint security solutions that secure the device isn’t all that is required to protect the network. More agile and dynamic capabilities such as analytics and artificial intelligence have a role to play in ensuring that malicious attacks are identified, analyzed, and mitigated and that the necessary remedial action is taken.
CSP vendor partners also have a role to play in securing CSP networks, and this is why we see recent announcements from vendors like Ericsson, Nokia, and Juniper Networks as being timely. In the run-up to MWC, Nokia launched the enhanced IMPACT IoT platform, which comes integrated with Nokia’s NetGuard Endpoint Security product, to ensure the security of IoT services delivered by CSPs. Ericsson also launched its Security Manager solution, which enables the automation of security orchestration across CSPs’ network and IT domains. Both products use advanced security analytics capabilities to monitor, analyze, and detect security vulnerabilities and provide automated responses.
CSP vendors have also been actively engaging with a broader partner ecosystem to develop solutions that enable CSP security. In February, Juniper Networks announced technology partnerships focused on securing software-defined networks with Aruba, CarbonBlack, CipherCloud, ForeScout, and Netskope. February also saw the announcement of an IoT Cybersecurity Alliance, which was formed by AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustonic to research and raise awareness of ways to secure the IoT ecosystem.
We expect to see many more such announcements over the coming year as vendors seek to position themselves as trusted security partners and make better use of their network capabilities, security data, and analytics to help secure CSPs’ networks and services.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.