Mobile security

Security Suffers From 'Not My Job' Mentality

REYKJAVIK, Iceland -- 2020 Vision -- The single most important trend in networks over the next five years will be security. However, service providers will need an attitude adjustment if they plan to really make security an organization-wide priority.

Ahead of Tuesday's 2020 Vision Executive Summit, Heavy Reading surveyed nearly 400 industry executives on their views of the network evolution over the next five years. Overwhelmingly, respondents, including 144 service providers, 32 2020 Vision attendees, 10 Heavy Reading analysts and 11 Light Reading editors, indicated that security is the most critical issue facing the telecom industry over the next five years. More than 95% of the total respondents rated security essential (76%) or important (20%). (See Do You Have a 2020 Vision?)

It's a big challenge and one that will continuously need to be addressed, something everyone acknowledges. The problem is, most just don't see it as their problem. Heavy Reading Chief Analyst Patrick Donegan, who presented the survey results Tuesday and hosted Light Reading's Mobile Network Security Strategies show last week, said that while everyone sees the importance of security, most leave it to a dedicated team that struggles to keep up with increasingly prolific and sophisticated attacks. (See Palo Alto Urges Prioritizing NFV/SDN Security, Ericsson Calls for Data-Centric Security Approach and Mobile Ops Must Hike Security Spending .)

"As an industry, we do believe security is a big problem and it's got to be fixed, but 'it's not my problem, and I'm not going to fix it,'" Donegan said of the prevailing attitude. "It's someone else's job."

Security Survey Results
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.

Most carriers have a small security team kept busy firefighting attacks on a daily basis. As the volume and sophistication of attacks continues to grow exponentially, that small team is finding it harder to keep up. They are being told to step up their game and develop new security techniques for everything the operators want to develop, like the Internet of Things, virtualization and the cloud. They are not, however, being given bigger budgets or extra support. (See AT&T Adds Virtual Layer of Security.)

"Where's the budget increase for it, and is the rest of the organization prepared to step forward and help out? No, because it's a big problem, but it's not my problem," Donegan reiterated.

For more on security, head over to the mobile security content page here on Light Reading.

Another interesting finding from the survey that meshes with operators' perception of security is that respondents were optimistic about the future of the telecom industry, but a little less so about service providers' ability to adapt to it. Of the service providers, 82% believe the outlook is positive. That said, only 28% of the service providers themselves believe that service providers, in general, will be successful at transforming their business models. More than a third of 2020 Vision's attendees were not confident that will happen at all.

"Our outlook for the industry would seem to be very, very positive, but the outlook with respect to service providers and their ability to capture these opportunities is very different," Donegan said. "Right now most of us are unconvinced the service providers are gearing up to take those opportunities ... We're talking about more than 2,000 service providers worldwide. It's a colossal body of companies."

— Sarah Reedy, Senior Editor, Light Reading

Page 1 / 2   >   >>
SachinEE 12/13/2014 | 9:21:18 AM
Re: Too True @markC73: I agree. When discussing sensitive issues like security, it really is easy to entertain someone and hurt some one else since most people are doing their jobs and they don't like hearing that they don't do their jobs nearly good enough for the superiors. That is why motivating speeches are so important while making such decisions.
SachinEE 12/13/2014 | 9:14:26 AM
Re: Too True Basically it is the CIO's job to poll this decision to the CEO that the company needs better (and since better means costlier) security, and it's also his job to show the CEO how viable this is financially, whether this kind of measure will save the company from shame and he would also have to provide a replacement margin for the security i.e. when should the "better securities" be changed/replaced.
SachinEE 12/13/2014 | 9:11:47 AM
Re: Too True @mendyk: Well you can't just pin a series of tasks to someone who does not have the capacity or the motivation or in some cases the education to perform those tasks. People need to understand that network security is no piece of cake. THere should be a security manager who supervises everything.
mendyk 12/11/2014 | 3:28:04 AM
Re: Too True Agree -- all these initiatives and decisions are interrelated, and it's very difficult to account for everything in the big picture. Operators see security as the most critical issue facing them. They need to bake security into all aspects of their service and network planning. Leaving it to the security cops isn't likely to work. From Patrick Donegan's work in mobile security, we know that operators have a huge amount of work to do. And maybe that's what's leading them to defer change.
MarkC73 12/10/2014 | 8:13:17 PM
Re: Too True @brooks7 comment on senior management,

I think this is key and as basic as it is, many good technical people do forget this.  Knowing how to talk to different groups of people can be just as important as sound technical fundamentals.  Know your audience and their motivations, seek to build a bridge why what's important to you is also important to them.  Unfortunately, sometimes it's after the fact but still having the plan ready, not only keeps you ready for opportunities for funding, but also shows that you are technically aware of the issues.  One would hope after you have a history of calling the flaws right they'll listen before hand...

Another thing is to make sure security is tied to product development and not just an annual after thought.

brooks7 12/10/2014 | 5:52:14 PM
Re: Too True  

So, having a customer have an API to change the network...good for security? (See SDN).

Again - convenience versus risk.  It is never a simple answer.


mendyk 12/10/2014 | 1:45:11 PM
Re: Too True One other issue here is that security is seen as a siloed problem, when in fact it cuts across the entire network operator organization. That may be an even harder nut to crack than getting CXOs to understand the business case for more spending on security.
mendyk 12/10/2014 | 1:42:31 PM
Re: outlook "The world is changing, and it's changing for the better, but we don't know if we are going to be able to change with it."
Ariella 12/10/2014 | 1:32:55 PM
Re: outlook @MendyK ah, so the glass is less than 1/3 full, or the winds are there, but the sails are not positioned to take advantage of them.
brooks7 12/10/2014 | 11:26:01 AM
Re: Too True I think your comment is exactly the problem.

Don't expect senior management to understand the issue.  Put it to them in business terms. Security is about customer trust.  Can you show the kinds of breaches that are out there and the risks involved.  My experience is that IT folks show up with Gold Plated Solutions that are remove any risk and are upset when the company can't afford them.  What needs to happen is what happens in the real world...Security/Risk and value are matched.  Think about the front door of your house.  Why is it not a bank vault door?  The reason is that you don't want to afford the same level of security as a bank because you are matching the risk and value in your life.


Page 1 / 2   >   >>
Sign In