/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/voicendata/wp-content/uploads/2014/12/Mark-Hughes-CEO-BT-Security1.jpg)
By Ibrahim Ahmad
Mark Hughes, is the CEO of BT Security, the global operators new business entity. He looks after BTs security activity around the world by ensuring that they have the right policies and procedures in place to keep their assets safe. He also heads BTs managed secutity services business for its global customers. He has run several projects with the British Government including the Criminal Records Bureau in Scotland. Excerpts from an interview:
Voice&Data: Tell us about some of the key security issues that you are seeing, specially from an operator perspective?
Mark Hughes: I look after the security systems in British Telecom, and also provide those services to our customers. So I have a fairly broad view of the security scenario globally, and the challenges.
Not a day passes without reading about some attack of the other, and these are big attacks in big companies. There is certainly an increase consumer related malware, and there is much more proliferation there. But on the enterprise front, we can see a lot more DDOS (distributed denial of service) happening. We did a survey recently of enterprises, and found out that 2 out of 5 enterprises had experienced a DDOS in the last one year, and three quarter of those had experienced more than once. Therefore I clearly see that organizations are becoming more aware of the threats, and also more aware of what risks they face because of those threats. What encourages me is that organizations have begun to realize that they have to do something about it.
Voice&Data: But if you talk to CIOs and CISOs in organizations they feel that while awareness is there, the investments required to check these threats is not commensurate with the risks ?
Mark Hughes: It is very good to see that people are beginning to deal with it in more detail, because ultimately what you are dealing with is the risk. Any organization’s risk profile will depend on its services - whether B2B or B2C. That is what will decide how much they have to spend on their security systems. So it is a kind of ROI that has to be calculated, and that is hard. New technologies, solutions, and practices have kept the market going, but working out what is the price of the risk, and what investment will mitigate that has really not happened. Generally, across the board, CIOs as well as tech providers have not been able to do that. I don’t this is a security issue, but is actually about how you manage security in your organization. If you look at the financial markets it is very mature, and engrained in the culture. They can invest in security more easily because they have an established risk framework.
Voice&Data: A lot of your customers would also be asking about the security of your own, I mean the BT network. So how secure is your network, and what new things are being done to make it even more secure so that customers and their business is safe?
Mark Hughes: If you see, my primary role is to look after the security of a tier 1 global carrier. So it is critical to have a very clear understanding of our risks, our key assets, and the key services to our customers. It takes sometime to work out and you really need to go the heart of our business and the underpinning infrastructure we have for that. We have myriads of clients including about 150 of the Fortune 500 companies. We run many services and applications for these customers, and some of them are mission critical. We need to be able to rank them in terms of priority for the customers to ensure reliability and availability of service. The control strategy is built around that understanding. And this is a continuous process. The trend there is to move from reactive processes to much more proactive systems for monitoring and control. And finally we have applications and processes by which our customers can trust us with access to critical business information is perhaps the most important. We have all that in place.
Voice&Data: Today, what are the top 3 concerns of your large customers at the time they start talking to you?
Mark Hughes: The top three questions which we hear from our customers is can you help us work out where are the most critical assets of my business and how do we get an understanding of that. Second, what is my network and what are its components, where all does it extend to; and third is how do I work out the information flows around my network. The second question is quite common as most companies have grown either organically or inorganically, and they, added new pieces and tried new things, and it becomes a very complex network picture for them to understand. And without that understanding it is quite difficult to secure the network.
Voice&Data: Does BT look at only large enterprises to do business or are you going after small and emerging customers also, specially in the Indian market?
Mark Hughes: Our main focus is multinational corporations and how we can help with their security. We also work quite a bit with various governments, because the government networks are now becoming very critical in terms of how well its services are delivered to its citizens. Each government will have its own view as to how it will protect it self, its citizens, and so forth. I believe in India there is a need for private sector companies to work with the governments here. Globally BT is working with many of governments and help them in looking and managing aggregated risks. We are very keen on such engagements in India.
Voice&Data: In view of several high profile cases of snooping of top government leaders mails and phones, and hacking of important government websites, did you get a sense of apprehension or insecurity during your discussions with government customers in India? Did you feel that Indian governments will be more comfortable doing business with Indian operators.
Mark Hughes: First and foremost, let me tell you that BT is very clear that it strictly follows the security norms and processes, and the legal framework of the country that it is operating in. So whatever security policies have been set by the Indian government we will accept and follow that. This is driven right from the level of our chairman. Whatever levels of security and privacy we offer to any other government customers, we will offer that to India also. For us, our customers trust is paramount.
Voice&Data: Our new prime minister Narendra Modi has been talking about smart cities. Since telcos have a big stake in making smart cities a reality, what has been BTs experience in smart cities ?
Mark Hughes: Oh yes, we are involved in a couple of smart city projects in the UK. One of them is a town Milton Keyenes outside London. But I would like to point out that information consolidation of all sorts is one of the key features of a smart city. And that information is vulnerable to security risks. Information and network security is therefore very critical in smart cities, and we can play a very big role there. Data center security is very important and has to be managed very carefully. Also technologies like big data and analytics will play a big role in how all that data will be leveraged.sec
Voice&Data: BYOD is a phenomenon that is gaining momentum for tech as well as business reasons. But it is bringing in lots of challenges along the way, including security. How are telcos like BT dealing with it ?
Mark Hughes: I think the BYOD phenomena is very exciting and it brings with it lots of opportunities. BT is going all out to fully embrace that. We have thousands and thousands of our users who are BYOD users. And we are doing more of that. Yes, it is true that there is trade off between the convenience, productivity and cost advantages and the security risks. But I would like to state that we offer tried and tested solutions to secure your devices, to secure your information in a BYOD environment. So its all comes back to understanding what your risks are and what is the cost of those risks. We will need more robust systems to ensure control and security in BYOD companies, but BYOD will only grow, and we will need to build more infrastructure and applications that support BYOD.