After critical year, Vodafone trains security sights on CNI market

A little-known unit within Vodafone, Vodafone Business Security Enhanced (VBSE), is coming out of the classified closet and shining a bright light on new verticals, with a new portfolio of military-grade cyber security services on offer to public sector bodies, critical national infrastructure (CNI) providers, and other key organisations, spurred on by the lessons of a tumultuous period in the security industry.

Having traditionally specialised in providing top-tier cyber security services to government and the defence sector – something it has been doing in some capacity since the late 1980s – the pivot towards new verticals has been in the works for some time, Steve Knibbs, head of secure at Vodafone, told Computer Weekly. The mobile services giant is betting that its core business as a supplier of CNI itself will stand it in good stead with potential clients.

“A couple of years ago, we realised that some of the services we provide and some of the skills, techniques and the way we do things is probably applicable to a wider market. So, we spoke to the business and gotten to invest in what we call the enhanced portfolio,” he said.

“It provides effectively three portfolios of products that we are going to supply to a wider market than what we traditionally operated in. The market we’re now looking at is public sector as a whole, critical national infrastructure and extended CNI – probably the best way to describe an extended CNI is anybody who was on the key worker list under lockdown one.

“We are using the skills, learnings and techniques we’ve got from the secure space and industrialising them to provide them to a wider client set,” he said.

As with its previous high-end service, the VBSE offering will be delivered by a dedicated Vodafone security team from its own in-house datacentres, thanks to the unit’s heritage.

“We’re a sell-build-run within our own right. We are effectively a mini business within the business so we can provide that separation around our networks, teams, people and datacentres, so that we can service clients at specific security classification levels,” said Knibbs.

Going forward, the three portfolios on offer will be Cyber Enhanced, IoT Enhanced, and Mobile Enhanced.

The first of these, Cyber Enhanced is described as a high-performance security solution bringing together security experts with military-grade tech, alongside customisable managed service levels to allow client security teams to keep their focus on proactive defence measures.

IoT Enhanced covers secure-by-design IoT services, custom-build to client requirements, with on-shore support and storage solutions to meet anticipated post-Brexit data sovereignty rules.

Finally, Mobile Enhanced services will include end-to-end encryption, smart automation, centralised control, on-shore storage, and support from military-grade mobile and security specialists.

The new proposition was originally designed to reflect increased business reliance on data, coupled with take-up of the internet of things (IoT) and 5G mobile services, and increased levels of cyber threat, whether that be from nation-state actors, industrial espionage or other causes. But earlier in 2020, as development was under way, the security sector faced up to fundamental change.

“This year has magnified what we saw happening when we wrote the business case to the board to get the investment to do this in the first place,” said Knibbs.

“What happened [with Covid] and the way organisations are working is everyone's accessing their networks differently than they used to in a more flexible environment. That's great for a lot of reasons – it helped businesses survive during lockdown – but along with that it adds extra access points to our network which adds threat.

“So the way people access data has changed, and the generation of data is growing hugely all the time, and the threat against you is growing hugely all the time,” he said.

“On top of that if there’s any unfortunate incident that reaches your regulator they come along and fine you quite heavily if you haven't shown that you've done what you should be doing in the right space. It's a bit of a perfect storm for a lot of organisations, and we're a commercial organisation and so that perfect storm has kind of created for us the perfect opportunity,” said Knibbs.

The new portfolio maps closely to Vodafone’s wider strategy of moving away from being strictly a telco towards more of a tech company, and Knibbs hopes to lever Vodafone’s existing relationships as a jumping off point.

Many of these relationships, particularly with utilities and CNI organisations, came about through previous acquisitions in the fixed space, such as that of Cable & Wireless, so Knibbs sees the BSE proposition as a natural progression beyond fixed network services, going deeper with these clients.