Budgets Lag Despite CSP Concern Over Network Security
Service providers in this month's Thought Leadership Council forum are well on their way to completing security plans for several technologies. TLC members say they're either completely finished or in the process of developing security plans for distributed cloud (78%), the Internet of Things (IoT) (77%) and smart homes (68%).
Council members say there are several security issues driving the development of those plans, including distributed denial of service (DDoS), illegal intercept, ransomware and data exfiltration, all of which were seen as critical issues by more than 60% of panelists. The majority of communications service providers (CSPs) in TLC also say regulatory issues are a significant network security concern, according to the latest report, Thought Leadership Council: CSPs Concerned About Impact of Future Tech on Security. For this report, 22 different CSPs with network-level expertise are represented.
One TLC member explained his company's view on the perils of network security. "We are very aware of the new and quickly evolving methods and attack vectors that may put us at risk. As we move into digitally transforming our company and network, it will take time to develop the skillsets and muscle memory associated with things like open source, software-defined networking (SDN) and X-as-a-service platforms. Right now, the network industry doesn't have the scars and thick skin needed to build that security into the designs. As such, we will see some issues as a result. It's one thing when a customer's Internet is slow because some kid is DDoS'ing a gaming company. It is quite another when self-driving car networks or smart city traffic light grids are attacked."
Interestingly, the security concerns CSPs have don't seem to be moving providers to invest more heavily into network security. Almost two thirds of TLC members say their companies are allocating less than 5% of the budget for network security. By Q1 2020, 45% of panelists say their budgets will still have less than a 5% allocation for network security.
A TLC member explained why network security budgets aren't multiplying, despite concern providers have about it. "I came from a 20-year software development background. It took our industry many years to develop the core principles and patterns to build security into the business systems and web application programming interfaces [APIs] that allowed people and businesses to use the public Internet as a business platform, where trillions of dollars are transacted every day. Right now, it feels like those early days, when the race to monetize the Internet left security as an afterthought."
This TLC panel was asked ten questions about deployment plans, drivers and challenges, and budgeting for network security. The results clearly indicate that CSPs feel their companies currently are doing a good job with network security; however, there are several new technologies and services that must be addressed in order to maintain necessary levels of network security.
TLC is a unique Heavy Reading initiative that circumvents traditional industry hype to ascertain how service providers are really responding to important industry technologies and trends. TLC members receive private invitations to take part in anonymous surveys, which enables them to provide insights that might otherwise go undisclosed.
If you would like to become a member of TLC, please contact me at [email protected].
— Denise Culver, Director of Online Research, Heavy Reading