|
|
Now there are four people with lead responsibility for security within Telstra: Solterbeck who is responsible for the product and go-to market aspects of security services provided to customers; one who has responsibility for the security of all Telstra networks; one for the provision of managed services and one for professional services. Overall, Solterbeck said, there are about 350 people in Telstra with specific security roles.
Solterbeck told iTWire that the concept of a security ops centre with both internal and customer responsibilities was unusual among telcos, and had grown out of the belief that there were considerable benefits to be gained. "We were trying to leverage all the core security capabilities we have. Security is very much a critical mass business."
He added: "It was an exciting exercise. Telstra is a multi-headed beast and getting everybody to buy in to the idea was no mean feat. The fact that we were able to do this shows the level of visibility that security capability has in the company right now."
The establishment of the centre was made as Telstra saw a huge upsurge in demand for security services from tier 2 customers. Solterbeck said the upsurge over the past 12 months had been enormous and unexpected, from a market Telstra had not served well in the past.
"Telstra Enterprise and Government looks after the top 1500 customers, largely providing bespoke security solutions. At the bottom end we have provided basic managed security services for SMEs, such as firewall, IDS, etc. What we have not done well is serve tier 2 customers who are looking increasingly for us to deliver significant security capability out of our network as a managed service."
CONTINUED
|
You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial... |
Solterbeck attributed the upsurge in demand in part to the need for tier 2 organisations to be certified for compliance with PCI/DSS - a multifaceted security standard developed by the major credit card issuers that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
|
The other major demand driver from tier 2 organisations, according to Solterbeck is that they are finding security too hard to manage internally. "Most of our engagements with customers used to be where they were wanting us to provide some security infrastructure on their premises. Now that represents only about one tenth of the conversations we're having."
Increasingly, he said organisations were looking for 'clean pipe' services where security is provided out of the network as a managed service. "We have a fundamental belief that the uptake of cloud computing is starting to happen on masse and security out the network is becoming mandatory."
"What happens in security is that a threat appears and the industry spins itself up to create a solution, usually an appliance. In the last five years that cycle has happened at least nine times: firewalls, IPS, IDS, etc, etc. It has got the point where organisations cannot manage al the boxes any more."
In providing its managed security services, Solterbeck said Telstra's preference was to source product from its two strategic suppliers - Cisco and Microsoft, and to only seek 'best-of-breed' products from other vendors where it believed these two were unable to provide a suitable offering.
|
