|Topic:||The telecom security paradox|
|Title:||Country Manager responsible for sales, service and operations|
Shubhomoy Biswas is SonicWALL’s Country Manager for India responsible for the sales, service and operations in India, Sri Lanka and Bangladesh. Mr Biswas brings with him 15 years of experience in Sales & Marketing. He has long experience in the Information Technology sector. Prior to SonicWALL, Shubhomoy Biswas worked with multinationals such as TATA Unisys, HP, RSA Security and Citrix Systems. Mr Biswas holds a Bachelor’s degree in Commerce from Bangalore University and a MBA from St. Joseph’s College of Business Administration Bangalore, with specialization in Marketing.
India’s continuing growth and success in the international marketplace depends in good part upon the rapid growth of its information and communications sector. Unfortunately, high speed growth often leaves the system at risk from network security threats. Hackers, spammers and criminals are targeting converged networks with new threats, which older security measures cannot deal with. Two levels of protection are needed – internal security to protect networks from attacks and external security to safeguard customers and create a secure communication environment.
In today’s connected world, telecommunications has become a lifeline that we simply cannot do without. A world where we cannot access emails, voice over the Internet, pay our bills via SMS, or simply connect with anyone from anywhere through our mobile phones seem unimaginable. With the telecom industry in India growing at a phenomenal rate, carriers find themselves all too often preoccupied with managing the increased growth, sidelining the critical ‘S’ factor. It is therefore no surprise that security in the Indian telecom sector is considered by many to be a ticking time bomb, waiting to explode. The success of the telecom industry in India has caught the attention of the world. Today India is home to one of the fastest-growing telecommunication markets, making it easy for carriers to get blinded by the euphoria. A growing subscriber base – comprised mainly of a burgeoning middle-class population and steadily growing rural sector, coupled with rapid privatization of the industry, has pushed India’s tele-density by leaps and bounds. To maintain the momentum, the Indian government is addressing the issue of releasing additional spectrum that can be used by commercial telecom operators; this will ensure that growth of this dynamic sector is not constrained in any fashion. However, the ARPU, Average Revenue per User, in India is lower than in most parts of the world. Carriers need to look at value-added services and think outside the box to drive increased revenues. Convergence can provide the answer. The convergence of telephony and data networking has been the most significant development in the communications sector in recent years. Carriers the world over are moving to next-generation network architectures to support new services like Voice over IP and IPTV. The Indian telecom industry is no different. Innovative adaptations of mobile technologies such as EDGE, MMS, WAP and GPRS are taking over traditional mobile phone networks. On the flipside of this growth, there are largely underestimated, and mounting, security risks. With both wired and wireless technologies at their peak, the industry faces increased risk from network security threats. Hackers, spammers and criminals are working round-the-clock to target converged networks. In the world of network security, these new technologies often bring newer and graver threats, which the older security architectures are not capable of defending against. As the industry comes of age, service providers need to implement security solutions that reduce the risk of failure, without stifling technology and business growth. An ideal security infrastructure is one that does not constrain growth or speed, but functions as an invisible layer without impeding the business. Carriers today recognize the need for this security infrastructure at two broad levels: internal security to protect their revenue-generating networks from crippling attacks, and external security to safeguard customers by creating a secure communication environment. For carriers in India, the pressure to secure networks couldn’t be greater. With global terrorism on the rise, carriers are finding their security infrastructures subject to scrutiny by surveillance agencies and governments across the world. Carriers are gradually waking up to the inter-relation between communications, technology, and national security. Call tapping and snooping is no more a secret trade, with both equipment and knowledge freely available over the Internet today. In view of these increased threats, carriers must look at safeguarding the critical data that passes through their networks. Global security standards and compliance norms are tertiary issues that are driving many to revaluate their security infrastructures. India’s growing economy has been revolutionized by telecommunication and now deeply relies on both the public and private infrastructures to function successfully. It is, therefore, imperative for both the industry and the government to secure telecommunication networks and information systems. In addition, India’s growing reliance on mobile Internet services and applications has put the security of wireless protocols and systems in the spotlight. Dedicated and independent entities like CERT-In, the Indian Computer Emergency Response Team, which have been formed to protect the nation’s Internet infrastructure, are needed to secure the telecommunication infrastructure as well. These agencies will help bring carriers up to speed in their battle against vulnerabilities, network security issues and wireless technologies vulnerabilities. Carriers in India also need to adopt a proactive – as opposed to a reactive – strategy towards security. With advanced security appliances and solutions available in the market today, carriers can easily monitor network traffic to detect emerging attacks, abuse and other anomalies to help prevent security breaches from penetrating their networks, and thwart any compromising attempts before they can reach a critical stage. Subscribers in India are gradually shifting to data-driven services. Smart phones with email clients are raising enterprise productivity to new levels. As such, subscribers are increasingly demanding that their telecom providers offer adequate security protection and clean networks. Due to this demand, carriers have no choice but to add security capabilities to keep their subscribers from switching over to competitors. Amongst the various threats that carriers have to face in the converged network space, distributed denial-of-service attacks, spam, viruses and other email-borne threats are probably the most common. By implementing best-of-breed technologies available today, carriers can build a unified threat management strategy that will go a long way in safeguarding their infrastructure. Contrary to what CIOs may believe, proactive security investments can in fact help carriers save a lot of money in the long run, as they filter out attacks before they can inflict serious damages such as network failure, dropped calls, jammed networks, SMS delays, etc. Over a course of time, carriers will need to integrate security and traffic management responsibilities in order to give security its much-needed importance. As most Indian carriers have mini-scule budgets for security, building intelligent security systems can be a daunting task. An intelligent security system is simply one that tells them what is wrong in their network, before it can escalate into a serious threat. Physical security of network infrastructure and cell sites is also an issue of growing concern for India. According to estimates, there will be close to 200 million cell sites across the country. Most of these cell sites are set up randomly – atop residential and commercial buildings and some even close to sensitive government facilities. Little caution is exercised to check the background of these facilities or the responsibility of the residents. Speed is the primary concern, and with fierce competition and short growth cycles, security is more often than not considered to be a stumbling block that can be overlooked. With easy access to cell sites, there is always a risk that someone may install equipment to listen in secretly on the conversations being routed through these sites or spy on government buildings. Vulnerable cell sites also allow those with a criminal intent to disrupt tele-traffic by jamming networks. Keeping sensitive and major cell sites under continuous physical surveillance would be extremely expensive for service providers in India. However, as always, technology can provide a viable answer. Hi-tech cameras that use motion sensor beams to detect the presence of intruders at cell sites are already being used in developed nations around the world. Considering the criticality of telecommunications in India, it is about time that we followed suit as well. The power supply to cell sites and network hubs is also critical. To blackout the telecommunications lifeline, all one needs to do is stop the power supply to the main network hub or key cell sites in the area. In today’s high-risk scenario, it is imperative that power facilities are physically safeguarded as well. Network infrastructures of today are increasing heterogeneous in nature. With appliances from different vendors thriving on software from various sources, securing these networks is a Herculean task. Volatile growth in the Indian telecommunications industry has caused network infrastructures to scale rapidly, with virtually no planning or thought applied to the area of security. To ensure overall security of telecommunication networks, providers need a trusted security partner to help them plan, implement and manage the evolution of network security mechanisms with a long-term roadmap. Policies, procedures, security protocols and appliances need to come together in unison to form a comprehensive security strategy. Often in the Indian context, there is a high level of risk induced by third parties. With a population of over one billion, it is not possible for a telecom vendor to target, serve and manage customers directly. As a result, vendors often rely on third-party agencies for services like marketing, call centre support, sales, billing, communications, logistics, etc. Sharing data and control procedures with these third parties is a risky affair as often, in a rush to come to market, security checks are overlooked. Since agencies with the lowest bids are picked at random, there is cause for serious concern. Often, sensitive information – customer accounts, billing details, personal details, etc. – is left in the hands of smaller service providers that function with very little control or, for that matter, policies or procedures. In summary, while India is busy basking in the limelight of its telecom revolution and subscriber base, vital security issues have largely been ignored. Some of the areas that need urgent attention include: • wireless infrastructure security; • GPRS/EDGE security; • 3G/UMTS security; • WAP, SMS, MMS, secure mobile payments; • intelligent Network security; • fraud control and management; • databases, services and CDR reconciliation; • physical security of network hubs and cell sites; and, • physical security of power stations.