Security for the Telecom Transformation
September 16, 2021
Event Highlights
This virtual roundtable gathered security executives from leading telecommunications companies to discuss how they are ensuring the security of their networks as they add new capabilities. They will discuss their network architecture, the security concerns of 5G, Edge, and Hybrid Cloud Services, how they have addressed those concerns, and how they work with their enterprise clients on security.
PARTICIPANTS
Mike Benjamin, Vice President of Product Security and Threat Intelligence, Lumen Technologies
Kevin Brown, Managing Director for Security, BT Group
Noopur Davis, Executive Vice President, Chief Product and Information Security Officer, Comcast
Carey Frey, Chief Security Officer & Vice President, TELUS Security, TELUS
Alden Hutchison, Partner, Security Services, IBM
Eugenio Santagata, CEO, Telsy, a TIM Group Company
Kristof Symons, EVP, International Business, Orange
Phil Venables, Chief Information Security Officer, Google
Artie Wilkowsky, VP, Chief information Security Officer, DISH
Moderator: Matthew Bloxham, Head of EMEA TMT Research, Bloomberg Intelligence
Click here to view the video of the full discussion.
Here’s what they had to say:
To kick off our discussion, we heard from Security Services Partner Alden Hutchinson of IBM, Bloomberg’s presenting sponsor for this roundtable. Hutchinson opened by highlighting the evolving landscape of telecommunications. As telecoms have transitioned from closed systems to hybrid networks, the risk of cyber attacks has proliferated. To address these new vulnerabilities, “collaboration across the telecom and security industries” is key. That approach includes leveraging “the latest capabilities in automation, orchestration, artificial intelligence, and machine learning to quickly detect, resolve, and recover from the latest threats.”
Equally important to collaborating across the security industry, companies must look internally, and work with their vertical industry clients to best establish their respective needs. Artie Wilkowsky, VP, Chief information Security Officer, DISH, stated that “the days of trusting your communication service provider to take care of security in some sort of black box with limited visibility are gone. We need flexible models tailored to specific industries because all of their requirements are different.” Thus, while there are certain models that can be applied across industries, a total one-size-fits-all approach is no longer reliable to deter cyberattacks, said Kristof Symons, EVP, International Business, Orange. Later in the conversation, Symons reminded us that different approaches to security take on an international scope: “Nation states have a certain ecosystem in terms of how they see security, data privacy and trust in general. That’s something we see proliferating now that there is a sense of geopolitical fragmentation and globalization working much differently than before.”
Next, our participants discussed the zero trust model, a perimeter-less approach to security that assumes no connection is inherently secure. Phil Venables, Chief Information Security Officer, Google explained that zero trust demands that “every device, every user, software component, be continuously verified and a more explicit trust decision made.” This model has become especially vital in circumventing supply chain attacks, Venables reminded us, by creating a base from which security teams can improve on software supply chain risks and physical supply chain risks. The lynchpin of the zero trust approach is data, because the better your organization is at monitoring data, the more diligent you will be at detecting security attacks. Because of this, Eugenio Santagata, CEO, Telsy, a TIM Group Company implored the audience: “We need to invest more time in what makes data and information actionable: intelligence. Deep specialized intelligence is only possible within an ecosystem, which means industry, government and other bodies that altogether can generate valuable information that ultimately can be turned into intelligence.”
At the same time, zero trust is but one example of many security strategies that are commonly misunderstood by users and clients. With this in mind, our participants explored how organizations can better communicate their work to the people they serve. Carey Frey, Chief Security Officer & Vice President, TELUS Security, TELUS, offered one approach from Telus: a security transparency report. “It shows everything that goes on on our network that we detect from DDoS attacks to malicious software attacking end points. For our customers, it gives them a sense of confidence. I would love to see the rest of the industry be able to do the same, where it’s more like a weather forecast–you can go on an app and see where the dangerous spots are. And then you can guide your business accordingly, or make the necessary preparations that you need to take on your side to see where your soft spots might be.”
Next, our participants discussed evolving their systems in order to appropriately monitor threats and attacks, and what they are doing to automate those responses. Kevin Brown, Managing Director for Security, BT Group emphasized the fundamental need for a clear tooling strategy. Otherwise, Brown warned, “you’re going to be overwhelmed by data.” From here, organizations can build out “a sophisticated federated data searching, data analytics, and data remediation model to work across multiple clouds.” Rather than relying on individual tools, Noopur Davis, Executive Vice President, Chief Product and Information Security Officer, Comcast, stated, security organizations must now rely primarily on “intelligence and information.” The biggest challenge this shift presents is the breadth of data that must be collected and combed through. “It’s a long journey,” Davis said, “and a tremendous amount of investment.”
This new landscape of demands means companies must be extra diligent in finding and keeping talent within their organizations. Mike Benjamin, Vice President of Product Security and Threat Intelligence, Lumen Technologies, spoke on the need for real collaborators. “Security can’t be an island in any organization. We need to be in a position where people can walk into a room and engage with their peer group who may own that technology or that process, or that business risk item, and be in a positions where the motivation is there and the buy-in is there to get them to join in that journey of risk remediation. These soft skills must be sought out, IBM’s Hutchinson added. “It’s one thing to train an employee on new technology, but problem solving, communication and collaboration–the things that cannot be taught–are “paramount in any good security professional.”
This Bloomberg Roundtable was Proudly Sponsored By
——————————
Instagram: @BloombergLive
LinkedIn: Bloomberg Live
Twitter: @BloombergLive
Interested in more Bloomberg Live virtual events? Sign up here to get alerts.
——————————