& cplSiteName &

Why BT's Security Chief Is Attacking His Own Network

Ray Le Maistre
7/17/2017
50%
50%

It's often said in sport that the best form of defense is attack, and that's a maxim that Mark Hughes, the head of security at BT Group, has taken on board. Except his modus operandi is to attack the very network he's responsible for protecting.

Hughes, a highly enthusiastic and open character, has an incredibly broad role as the CEO of BT Security: He is responsible for all security matters at BT (physical at 10,000 buildings as well as digital and virtual) and also for developing the telco's security services offerings, which are proving increasingly popular with enterprises and, according to Hughes, even whole countries. "In the past few years we have aggressively gone after security services business, driven largely by demand from enterprise customers, who realized they needed help," he noted during a media briefing about a new security report BT has published in partnership with KPMG LLP. (See Cybersecurity: More a People Than a Tech Challenge?)

The provision of security tools and services is a large and growing business: According to Gartner, as enterprises shift their security spending away from prevention-only solutions and more towards detect and response options, global spending on information security is set to increase by 7.6% year-on-year to hit $90 billion in 2017 and $113 billion by 2020.

Revenues from BT's security services grew by 24% year-on-year in the financial year that ended in March 2017, with the telco noting in its presentation to investors that all large network deals had security elements incorporated. Those elements can range from the straightforward provision and management of a firewall to the provision of full cybersecurity management services, where the telco would compete against the likes of Raytheon and Lockheed Martin.

BT Security CEO Mark Hughes: Captain of the Purple Team.
BT Security CEO Mark Hughes: Captain of the Purple Team.

And there are plenty of additional security services opportunities coming down the pipe. Hughes notes that security capabilities can be offered as part of SD-WAN and NFV-based services, while the IoT sector offers a great deal beyond secure smart meter services. The IoT opportunity "is not so much in providing a security wrap around devices but in the secure management and brokering of the information gathered [from IoT deployments]. The devices are important but it's the security of the information that is the big issue."

Hughes believes BT has gone further than other telcos in developing security services, though he notes that NTT Communications Corp. (NYSE: NTT) and Deutsche Telekom AG (NYSE: DT) (T-Systems) are two examples of other telcos that have built service offerings on top of their own network security capabilities. "We have built a services business based on our network knowledge and skills, and I haven't seen others go as far as us, but that doesn't mean they're not trying!"

So there's a helluva lot to do! But Hughes appears to have energy to burn and, unlike many other heads of security at enterprises around the world, he has a large team working for him -- about 3,000 people globally.

And they're doing a lot of really interesting things. Part of Hughes's team is tasked with performing "ethical attacks" on BT's security defenses to identify weaknesses and help bolster the company's defenses before less friendly hackers encounter any chinks in BT's armor.

That process is called "red teaming" because, well, it's undertaken by BT Security's Red Team. And, naturally, it has a counterpart, the Blue Team, which defends the network in these cybersecurity war games. "It's a big overhead but it's worth it. The Red Team finds stuff and then they work with the Blue Team to fix it." Hughes points out that the Red Team doesn't wait until the completion of the attack exercises, which can last months in some cases, to point out any identified weaknesses -- that would be too risky. So the Red and Blue teams work together constantly in an ongoing "agile" manner in a process Hughes calls "Purple-Teaming."

Such processes mean the BT security team is constantly updating and strengthening its defenses to guard against Hughes's biggest headache -- the ability to respond in a suitable and efficient way. "Because we have such a large global network -- the biggest MPLS network in the world -- my main concern is that we need to be able to flex and react" in response to any breach and be able "to isolate the network" when necessary.

So have there been any major breaches? Hughes thinks for a moment… "No… we are extremely careful and vigilant," he says, adding that response times have improved dramatically in recent years, down to milliseconds in some cases.

Next page: Cybersecurity tech, AI and collaboration

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Adtran Will Be a 5G Winner, Says Analyst
Iain Morris, News Editor, 7/19/2018
Trump Trashes EU's $5B Google Fine
Dan Jones, Mobile Editor, 7/19/2018
Get Off My Wireline Lawn!
Carol Wilson, Editor-at-large, 7/17/2018
Eurobites: EU Socks Google With $5B Monster-Fine for Android Control-Freakery
Paul Rainford, Assistant Editor, Europe, 7/18/2018
Netflix Is Growing, but Don't Ask by How Much
Phil Harvey, US News Editor, 7/16/2018
Upcoming Webinars
Webinar Archive
Animals with Phones
Casual Tuesday Takes On New Meaning Click Here
When you forget your pants.
Latest Comment
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed