beebright -

After critical year, Vodafone trains security sights on CNI market

Vodafone’s security head Steve Knibbs explains how he plans to bring the lessons of a transformative few years in cyber security to bear on new markets

A little-known unit within Vodafone, Vodafone Business Security Enhanced (VBSE), is coming out of the classified closet and shining a bright light on new verticals, with a new portfolio of military-grade cyber security services on offer to public sector bodies, critical national infrastructure (CNI) providers, and other key organisations, spurred on by the lessons of a tumultuous period in the security industry.

Having traditionally specialised in providing top-tier cyber security services to government and the defence sector – something it has been doing in some capacity since the late 1980s – the pivot towards new verticals has been in the works for some time, Steve Knibbs, head of secure at Vodafone, told Computer Weekly. The mobile services giant is betting that its core business as a supplier of CNI itself will stand it in good stead with potential clients.

“A couple of years ago, we realised that some of the services we provide and some of the skills, techniques and the way we do things is probably applicable to a wider market. So, we spoke to the business and gotten to invest in what we call the enhanced portfolio,” he said.

“It provides effectively three portfolios of products that we are going to supply to a wider market than what we traditionally operated in. The market we’re now looking at is public sector as a whole, critical national infrastructure and extended CNI – probably the best way to describe an extended CNI is anybody who was on the key worker list under lockdown one.

“We are using the skills, learnings and techniques we’ve got from the secure space and industrialising them to provide them to a wider client set,” he said.

As with its previous high-end service, the VBSE offering will be delivered by a dedicated Vodafone security team from its own in-house datacentres, thanks to the unit’s heritage.

“We’re a sell-build-run within our own right. We are effectively a mini business within the business so we can provide that separation around our networks, teams, people and datacentres, so that we can service clients at specific security classification levels,” said Knibbs.

Going forward, the three portfolios on offer will be Cyber Enhanced, IoT Enhanced, and Mobile Enhanced.

The first of these, Cyber Enhanced is described as a high-performance security solution bringing together security experts with military-grade tech, alongside customisable managed service levels to allow client security teams to keep their focus on proactive defence measures.

IoT Enhanced covers secure-by-design IoT services, custom-build to client requirements, with on-shore support and storage solutions to meet anticipated post-Brexit data sovereignty rules.

Finally, Mobile Enhanced services will include end-to-end encryption, smart automation, centralised control, on-shore storage, and support from military-grade mobile and security specialists.

The new proposition was originally designed to reflect increased business reliance on data, coupled with take-up of the internet of things (IoT) and 5G mobile services, and increased levels of cyber threat, whether that be from nation-state actors, industrial espionage or other causes. But earlier in 2020, as development was under way, the security sector faced up to fundamental change.

“This year has magnified what we saw happening when we wrote the business case to the board to get the investment to do this in the first place,” said Knibbs.

“What happened [with Covid] and the way organisations are working is everyone's accessing their networks differently than they used to in a more flexible environment. That's great for a lot of reasons – it helped businesses survive during lockdown – but along with that it adds extra access points to our network which adds threat.

“So the way people access data has changed, and the generation of data is growing hugely all the time, and the threat against you is growing hugely all the time,” he said.

“On top of that if there’s any unfortunate incident that reaches your regulator they come along and fine you quite heavily if you haven't shown that you've done what you should be doing in the right space. It's a bit of a perfect storm for a lot of organisations, and we're a commercial organisation and so that perfect storm has kind of created for us the perfect opportunity,” said Knibbs.

The new portfolio maps closely to Vodafone’s wider strategy of moving away from being strictly a telco towards more of a tech company, and Knibbs hopes to lever Vodafone’s existing relationships as a jumping off point.

Many of these relationships, particularly with utilities and CNI organisations, came about through previous acquisitions in the fixed space, such as that of Cable & Wireless, so Knibbs sees the BSE proposition as a natural progression beyond fixed network services, going deeper with these clients.

Shared challenges

The big hope for the BSE portfolio is that Vodafone’s size and scale, and the fact it is itself a critical element of the UK’s CNI, will win its service some early backers.

The biggest challenge faced by such organisations, or the thing that keeps their CISOs awake at night, is being unable to provide their core service, whether that’s the supply of water, gas or electricity, medical care, emergency response, or even keeping supermarket shelves topped up with plentiful toilet paper.

“That is what their credibility relies on, and we used to be no different. We know very quickly when one individual doesn’t get mobile phone signal. If we lose part of the country, or even the entire network, it will be known very quickly, and so it’s actually that denial of service that’s the main concern,” said Knibbs.

“It adds a point of reference and a bit of credibility that we understand how they think, we understand how critical what they do is. If you can speak from a point of shared pain organisations can relate to that.

“If Vodafone goes down, it has a big impact, whether that be some of the critical services we support or individual consumers, so we can come from a very informed position. We know your worries and we can take our learnings and what we do in our space, and relay that to the clients. I think that’s why you get that that bit of airtime that maybe some of these providers struggle with.”

Read more about CNI

Read more on Network security management

Data Center
Data Management