Mounting geopolitical tensions, continuous cyberattacks, advances in artificial intelligence (AI), adoption of hybrid cloud architectures, ongoing digital transformation. The world keeps changing, so security can’t stand still.
As bad actors increasingly employ AI to probe organizations’ defenses, public sector agencies, telecoms companies, and other key infrastructure providers are prime targets. In some cases, attackers exploit the weaknesses that emerge during a digital transformation, which can disrupt existing security controls. As you distribute software across different clouds and in-house infrastructure, it is all too easy to compromise the security protections built for legacy architecture.
At the same time, volatile geopolitics are pushing cybersecurity up the policy agenda. The EU, for example, has allocated €2 billion of public money to improve the region’s cyber protection from 2021 to 2027, as part of the EU Cybersecurity Strategy. That equates to a quadrupling of investment.
To effectively maintain security across a highly distributed organization, you need a centralized policy environment that can automatically detect emerging threats anywhere in the world. And mitigate them as quickly as possible.
Why is centralization important? Put simply, in the event of new external intelligence or an actual attack, you need a quick and coordinated organization-wide response. There isn’t time for each individual unit or agency to take defensive action. You need a central control point that can enforce a new policy immediately—an enterprise-wide ‘kill switch’ that can automatically shut down all incoming traffic from suspect sources at a moment’s notice.
This kind of robust 'digital shield' can immediately detect malicious activities targeting apps and data distributed across multiple clouds and on-premises environments.
In this context, behavioral analytics are particularly important—a lot of attacks are so ingrained in your environment, the only way to detect them is by identifying the behavior patterns of certain individuals.
As well as being fast and responsive, a digital shield needs to be flexible and able to quickly switch between different defensive modes, depending on the nature of the incoming attack. At the same time, it needs to be compliant with local rules and regulations. For example, the data protection and security framework in the U.S. is very different from that in Germany.
In many markets, we expect growing numbers of incumbent telcos to incorporate digital shields into their solution portfolios. As telcos own much of the infrastructure that organizations use to connect their operations, a digital shield becomes a natural extension of their existing enterprise propositions. In their home markets, telcos also tend to have the trust of the government. In the public sector, a telco may have a higher level of security compliance than available to other less-regulated entities.
A telco can offer the necessary software as a managed service or software-as-a-service to their enterprise customers. However, in some cases, the enterprise may need to run the solution on-premises to meet security and data protection requirements.
This kind of managed service needs to work with the enterprise’s existing security systems. There should be no need for ‘rip and replace’ approach. The onus should be on leveraging what is already there, while giving fine-grained control over security systems through a single pane of glass.
The digital shield also needs to be highly modular and programmable, with security layers that can be activated incrementally, rather than an all-or-nothing model. If the enterprise overreacts and shuts down all traffic, it clearly won’t be able to conduct business as usual. In some cases, it may just want to turn off a specific application or block a data flow from a particular location.
Furthermore, the digital shield should accommodate DevOps so that engineers can create customized security schemes for their specific use cases. They may, for example, want to prevent specific data types from being transferred to specific countries.
Encouragingly, telcos are starting to realize the benefits on offer. F5 is currently working with telcos to provide enterprises with digital shields. We supply the underlying technology to the telco, which then packages it into a managed service. This is where F5 Distributed Cloud Web Application and API Protection (WAAP) comes in, incorporating features such as F5’s Advanced Web Application Firewall, API security technology, AI-based bot defense, and distributed denial-of-service (DDoS) security.
Looking ahead, a telco's ability to deliver customized digital shields will be a source of differentiation that can offset the commoditization of their core connectivity product. As they meet the demand for greater digital security, their standing will also rise in the eyes of both policymakers and the public at large.