Analysis: Telecoms companies such as Vodafone are increasingly investing in cyber security offerings.
An increasing number of telecoms and communications providers are taking an active role in providing cyber security services.
ETIS, the IT association for telecoms which counts BT, Telefonica and Deutsche Telekom as customers, launched a new initiative to support the exchange of cyber threat intelligence between providers.
The pilot project is a technical platform that will automate the exchange of information in real-time.
The role of telecoms providers in providing security is becoming increasingly recognised by the providers themselves. In March, Vodafone launched the Vodafone Enterprise Security Services (VESS) line of business, which will provide businesses with cyber security technologies and support.
Led by Simon Church, former chief exec at NTT Com Security, VESS will provide cloud-based protection for business-critical applications, network perimeter management, threat detection and response.
BT, which has had a cyber security business for several years is planning to hire 900 more cyber-security staff this year. In September, the provider opened a cyber security centre to show that it can respond in real time to online cyber threats. Other initiatives have included an ethical hacking service for the automotive industry to help protect connected cars.
There are several reasons why telecoms companies are making these investments.
According to the 2016 Edelman Trust Barometer, trust in the telecoms sector has grown slightly since 2012, from 58 percent to 60 percent.
The score, calculated based on interviews in which respondents reported their perceptions, is lower than the score for the technology, food and beverage, and consumer packaged goods industries at 74 percent, 64 percent and 61 percent, respectively.
However, it is equal to the automotive industry and ahead of energy, pharmaceutical and financial services at 58 percent, 53 percent and 51 percent respectively.
For Mark Hughes, President of BT Security, the recent move by telecoms companies into cyber security can be traced back to a "long history of providing secure and reliable network access both within their own organisation, but also to their customers as a managed service.
"This experience puts telcos in a great position to meet organisations’ need for security as they look to adopt ever more connected technology like cloud."
In terms of the supply chain, there are obvious reasons why telcos are in a good position to offer security services. The integration of communications and IT continues with, for example, Voice over IP calls replacing standard voice calls with an internet-based equivalent.
Keiron Dalton, Senior Director of Customer Strategy & Innovation at Aspect Software, says that the industry is shifting from providing connectivity to providing business intelligence.
Dalton highlights how mobile devices are one source of this data or intelligence, and how telecoms operators have a unique insight into this data.
"Subtle changes or data that does not reflect the likely behaviour patterns of the user can indicate a security risk."
Dalton says that the telcos are the originators of this handset-based data and hence can use it for security purposes.
The oversight telcos have over the network as a whole is another key area. Dave Larson, Chief Operating Officer at Corero Network Security, uses a simple analogy to explain this:
"Imagine running a bath and seeing that a quarter of the water coming through the tap was contaminated. When the bill from the water company came, I don’t imagine anyone being too happy paying for a contaminated supply. People can justifiably look at their Internet service in the same way.
"If a provider isn’t including effective security as a part of its service offering they may send useless and potentially harmful traffic across their customers’ networks."
Larson highlights mitigation of Distributed Denial of Service (DDoS) attacks as another area where telecoms providers can take leadership.
Since DDoS attacks focus on making a service unavailable by flooding the bandwidth with traffic, network providers can include mitigation with their offerings with "many of the latest solutions in areas such as DDoS mitigation are scalable and automated."
He says that these solutions "minimise the need for human intervention" and can allow service providers to tune the systems so that customers only get good traffic in the first place.
More broadly, Graeme Coffey, Director of Pre-Sales at AdaptiveMobile explains that network security can provide protection to all users of the network, removing the need for users to install anything on their devices.
"Updates are applied to the network for the security service so the latest version of detection algorithms are always provided to customers," he says. "There is no need to update or make sure an application is running to be protected."
Overall, then, the main area in which telcos can lead in the cyber security space is by building the protective solutions directly into the connectivity that companies buy from them.