OX Blog

How ISPs and CSPs can reap the benefits of network-based security

Written by Neil Cook | Feb 19, 2019
 

Neil Cook, Open-Xchange

Pressure is mounting for communications service providers (CSPs) to begin helping their customers prevent cyber-attacks, but this can be especially tough when users have entire families to protect, writes Neil Cook, the vice president of Products Security at Open-Xchange. Often, this can mean providing protection on upwards of five smart devices, such as virtual assistants, smart fridges and smart thermostats, per household – and that’s in addition to more conventional devices, like smartphones and laptops.

A recent survey by Ofcom found that 75% of parents actively seek out information on how to protect their children online, with priorities including the ability to block harmful or unsuitable web content, as well as support for time-windows dedicated to homework and bedtimes.

Existing solutions are not well-equipped to deal with the level of protection that is warranted in the hyper-connected world that is today’s Internet of Things (IoT), especially for families. But why exactly is this?

What’s wrong with the existing tools?
Take on-device malware protection for example. On the surface, building security into each IoT device as a standard sounds like it would be the ideal solution – but it simply isn’t practical. Not only would it increase the manufacturing costs for each device significantly, but there often isn’t enough CPU or RAM available to support on-device protection, especially if the device is expected to regularly access and download security updates – which it should.

That’s not to say that hardware security doesn’t exist. In fact, many companies sell vulnerability protection that comes in the form of a physical device, sometimes called a box. These hardware systems can provide more robust security than software is capable of and can add an additional layer of security to important networks. Unfortunately, they can often come with expensive subscription charges and restrictions on the number of devices they can protect. And what happens if the box is broken? Or simply unplugged?

Other options include cloud services, which can filter content and block hardware via security applications that live in the cloud. The pricing of cloud security can be very appealing to users – but in order to deliver comprehensive protection, security must be written into the architecture of a network. Therefore, this option generally entails quite basic offerings and is far from flawless.

And finally, there is premium software to help tackle cyber-security challenges. If you can afford the expense, this can be an effective, feature-rich option for personal computers and laptops, but again – many IoT devices simply don’t have the processing power to support it.

Protecting the network
In most smart homes, IoT devices have one thing in common: they all connect to the same network. By implementing a layer of security at the root of that network, users can ensure that all their devices are covered by a blanket of protection. This approach is called network-based security.

The appeal of network-based security lies in both its simplicity – i.e. no devices to manage, and its ubiquity – all devices are protected without having to install software on each of them. No other existing approach can provide such thorough protection of smart homes. In-network security also means that the same solution can be provided across multiple networks; ideal for converged carriers that include fixed-line, mobile and Wifi offerings to subscribers.

When all devices are protected by the same security system, it’s also much easier to provide users with customisable alerts or real-time notifications. In the case of webcams and sensitive devices, mobile push notifications could protect privacy and let users know immediately that a device is potentially sending sensitive data to malicious parties.

Such a solution also offers a great deal of desired functionality to parents, who often worry about how to ensure their children are safe in their online experience. Features such as homework time and off-time also help to ensure that the internet is used at the appropriate times.

So, how exactly does a user go about enabling security at the source of their network? It’s simple: security-as-a-service (SECaaS), directly from the broadband provider.

A golden opportunity
Many service providers have been quick to recognise the opportunity to add value to their network pipe via network-based SECaaS. For subscribers, it means that they are guaranteed the latest protection for all devices in their household, and providing a safe and controlled internet experience for their family; while for providers, it means they are unlocking new revenue streams and updating their offerings.

 

This is a golden opportunity for telcos to confront both safety and security online, and offer users a consolidated package that gives parents peace of mind. Not only would revenue streams be plentiful, but vast brand awareness can be raised if widespread market adoption is achieved.
As the likes of BT, Sky and TalkTalk have begun to incorporate network-based security into their UK offerings, and mobile operators such as Vodafone are offering such services across Europe, it’s clear that there is an opportunity for most operators to offer such solutions to their subscribers. With existing tools offering little in the way of inexpensive and effective protection, and with the market for IoT expected to double by 2021, this approach is bound to become increasingly common in the months and years ahead.