Mobile security

Security Suffers From 'Not My Job' Mentality

REYKJAVIK, Iceland -- 2020 Vision -- The single most important trend in networks over the next five years will be security. However, service providers will need an attitude adjustment if they plan to really make security an organization-wide priority.

Ahead of Tuesday's 2020 Vision Executive Summit, Heavy Reading surveyed nearly 400 industry executives on their views of the network evolution over the next five years. Overwhelmingly, respondents, including 144 service providers, 32 2020 Vision attendees, 10 Heavy Reading analysts and 11 Light Reading editors, indicated that security is the most critical issue facing the telecom industry over the next five years. More than 95% of the total respondents rated security essential (76%) or important (20%). (See Do You Have a 2020 Vision?)

It's a big challenge and one that will continuously need to be addressed, something everyone acknowledges. The problem is, most just don't see it as their problem. Heavy Reading Chief Analyst Patrick Donegan, who presented the survey results Tuesday and hosted Light Reading's Mobile Network Security Strategies show last week, said that while everyone sees the importance of security, most leave it to a dedicated team that struggles to keep up with increasingly prolific and sophisticated attacks. (See Palo Alto Urges Prioritizing NFV/SDN Security, Ericsson Calls for Data-Centric Security Approach and Mobile Ops Must Hike Security Spending .)

"As an industry, we do believe security is a big problem and it's got to be fixed, but 'it's not my problem, and I'm not going to fix it,'" Donegan said of the prevailing attitude. "It's someone else's job."

Security Survey Results
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.

Most carriers have a small security team kept busy firefighting attacks on a daily basis. As the volume and sophistication of attacks continues to grow exponentially, that small team is finding it harder to keep up. They are being told to step up their game and develop new security techniques for everything the operators want to develop, like the Internet of Things, virtualization and the cloud. They are not, however, being given bigger budgets or extra support. (See AT&T Adds Virtual Layer of Security.)

"Where's the budget increase for it, and is the rest of the organization prepared to step forward and help out? No, because it's a big problem, but it's not my problem," Donegan reiterated.

For more on security, head over to the mobile security content page here on Light Reading.

Another interesting finding from the survey that meshes with operators' perception of security is that respondents were optimistic about the future of the telecom industry, but a little less so about service providers' ability to adapt to it. Of the service providers, 82% believe the outlook is positive. That said, only 28% of the service providers themselves believe that service providers, in general, will be successful at transforming their business models. More than a third of 2020 Vision's attendees were not confident that will happen at all.

"Our outlook for the industry would seem to be very, very positive, but the outlook with respect to service providers and their ability to capture these opportunities is very different," Donegan said. "Right now most of us are unconvinced the service providers are gearing up to take those opportunities ... We're talking about more than 2,000 service providers worldwide. It's a colossal body of companies."

— Sarah Reedy, Senior Editor, Light Reading

Page 1 / 2   >   >>
Ariella 12/9/2014 | 1:12:25 PM
outlook " 82% believe the outlook is positive." a lot of optimists out there!
MarkC73 12/9/2014 | 1:41:03 PM
Too True Thanks for the article, it's definitely what I'm hearing from the security folks that I know in the SP industry.  Let's hope it's not the fire that causes people to buy better insurance.  Security also seems something that a lot of people don't like to deal with or be responsible for.  How to balance centralized control with scalability and expertise, as different parts of the SP portfolio need different types of security expertise.
kq4ym 12/10/2014 | 10:04:18 AM
Re: Too True Getting those budget for security seems to be a real issue. As data expands one could expect a great need to increase the funds to protect it as well. But I wonder if upper management is calculating expected odds of losses to to security issues versus the cost to implement greater security? Are they depending on insurance to cover any losses?
mendyk 12/10/2014 | 10:11:15 AM
Re: outlook I would read the results a little differently. Yes, 82 percent of SPs said the industry outlook is positive, but less than a third said they are confident that SPs are in position to take advantage of that.
brooks7 12/10/2014 | 11:26:01 AM
Re: Too True I think your comment is exactly the problem.

Don't expect senior management to understand the issue.  Put it to them in business terms. Security is about customer trust.  Can you show the kinds of breaches that are out there and the risks involved.  My experience is that IT folks show up with Gold Plated Solutions that are remove any risk and are upset when the company can't afford them.  What needs to happen is what happens in the real world...Security/Risk and value are matched.  Think about the front door of your house.  Why is it not a bank vault door?  The reason is that you don't want to afford the same level of security as a bank because you are matching the risk and value in your life.


Ariella 12/10/2014 | 1:32:55 PM
Re: outlook @MendyK ah, so the glass is less than 1/3 full, or the winds are there, but the sails are not positioned to take advantage of them.
mendyk 12/10/2014 | 1:42:31 PM
Re: outlook "The world is changing, and it's changing for the better, but we don't know if we are going to be able to change with it."
mendyk 12/10/2014 | 1:45:11 PM
Re: Too True One other issue here is that security is seen as a siloed problem, when in fact it cuts across the entire network operator organization. That may be an even harder nut to crack than getting CXOs to understand the business case for more spending on security.
brooks7 12/10/2014 | 5:52:14 PM
Re: Too True  

So, having a customer have an API to change the network...good for security? (See SDN).

Again - convenience versus risk.  It is never a simple answer.


MarkC73 12/10/2014 | 8:13:17 PM
Re: Too True @brooks7 comment on senior management,

I think this is key and as basic as it is, many good technical people do forget this.  Knowing how to talk to different groups of people can be just as important as sound technical fundamentals.  Know your audience and their motivations, seek to build a bridge why what's important to you is also important to them.  Unfortunately, sometimes it's after the fact but still having the plan ready, not only keeps you ready for opportunities for funding, but also shows that you are technically aware of the issues.  One would hope after you have a history of calling the flaws right they'll listen before hand...

Another thing is to make sure security is tied to product development and not just an annual after thought.

Page 1 / 2   >   >>
Sign In