COVID-19 has elevated the need for network and data security
2020 was a year of unprecedented disruption, with the COVID-19 pandemic accelerating the digital shift in how we learn, interact and work. While most industries have already embarked on a digital transformation journey via the adoption of new technologies, COVID-19 has created an urgent need to further accelerate these efforts.
The post-COVID business world will be defined by a technological transition across various different applications such as digital transformation for businesses, 5G connectivity, advances in artificial intelligence and augmented reality and digital automation.
However, this new environment also brings new risks, specifically around security and there is a need to adopt adequate and well-positioned security solutions for the success of digital initiatives.
New and innovative business models, along with emerging technologies, create and utilise large amounts of user data, creating a need for stronger data protection to nurture trust in the tech ecosystem. In these particularly challenging times, it has never been more critical to create a safer, more efficient, and interconnected world.
Surge in cyber-attacks and need for security
With the advent of an increasingly digitally connected world, data is growing and becoming more accessible; pushing demand on networks exponentially. Though increased network traffic can be seen as a good sign for business, it has also created an increasingly enticing environment for hackers and opportunists to seek new and intuitive ways to gain access, find vulnerabilities and siphon off money.
These often come in the form of phishing emails with malicious attachments that drop malware to disrupt systems or steal confidential data. Fake websites that take over vulnerable ones to host malicious code are also on the rise.
These attackers lure people to these sites and then drop malicious code on their digital devices. Linked with this, one of direct impacts of the COVID-19 outbreak has been the surge in remote working, leading to an increase in the number of virtual private network (VPN) users accessing their organisation’s network from their home network (Public network).
Inadequate bandwidth to support these increases in network traffic can lead to more advanced cyberattacks such as a DDoS (distributed denial of services) attacks, which can reduce networks to a crawl and/or prevent access altogether. A recent example of such security breach saw a major conferencing platform hacked and the confidential data of more than half a million accounts exposed.
Therefore, it is vital that security measures are given equal consideration, if not higher, when planning new IT initiatives in an organisation; service providers should now focus more on protecting the packets and integrity of a network.
Network as a service (NaaS)
A key response to this issue has been the offering of Network as a Service (NaaS). A result of the growing availability of cloud-based options that address the demands of increased connectivity, agility, speed, and security has also changed the dynamics, NaaS, like ‘Software as a Service (SaaS)’ allows network providers to deliver network services and functionality as a managed cloud offering.
This can include smaller functions like hosting virtual firewalls or routers, content delivery, bandwidth on demand, or as big as providing the entire network (as a service) for mobile virtual network operators (MVNOs).
With the right NaaS platform, operators can bundle advanced security, enterprise productivity applications, IT and even IoT services with cloud connectivity into digital offerings. At the same time, it also enables enterprises to use their network with greater flexibility and dynamism, adjusting to application and service needs as they emerge and providing opportunities for CSPs to fill the growing need in the enterprise market.
NaaS also comes with security benefits, since it provides total network visibility with monitoring capabilities of both on-premises and cloud resources. In fact, on-premises resources across different locations can be monitored without any additional security layer at each site. It encrypts all data and traffic sent over the network and enables zero trust access policy based on qualifiers such as role, device, and location.
The benefits are further boosted with a sophisticated array of security tools on top of regular networking features like multi-factor authentication, automatic Wi-Fi security, DNS filtering and advance firewall protection.
The emergence of API
Specifically looking at the issue of data protection, APIs and open standards hold the key for data sharing, whilst also eliminating complex integration and high costs. However, the downside is that they also represent a significant and growing attack surface with some most common impacts like data exposure, frauds & service disruption arising from DDoS.
Therefore, one of the challenges in NaaS adoption is the development of standards for network interoperability and portability.
As per TMForum, an inbuilt API security framework must include the identity and access management engines to authenticate only legitimate requests; authorising access only to information that the required API calls need through API gateway via threat detection and mitigation controls, such as web application firewalls (WAFs). However, with the increased adoption of standardised APIs, API security is becoming less challenging.
As customers continue to increase their digital transactions, organisations need to respond and focus more on digital trust - building confidence across people, processes, and systems.
Companies need to recognise and work to address the key pillars of digital trust (privacy, transparency, security, identity and data Integrity) with the end goal of converting customers and stakeholders into digital advocates that will spread the word about services and experiences. With the aim of increased sales, revenue, and consumer loyalty, real success can be found in embracing privacy and using it as a differentiator in the market providing greater value to customers through their cloud and digital transformations initiatives.
Considering the ever-evolving nature of the threat landscape, it’s admittedly impossible to eliminate all sources of information risk. However, with that knowledge, organisations should focus on implementing controls to manage the risk and as the business grows, there is a need to continually reassess how much risk is appropriate.
Real success in the ongoing privacy revolution lies in embracing privacy and using it as a differentiator in the market providing greater value to customers through their cloud and digital transformations initiatives.