|© 2016 Top Operator Journal||•||strategies & solutions for competitive operators in North America||• a service of|
|Email a colleague|
In the 21st century, data security has grown to become one of industry’s enduring problems. Security concerns have moved far beyond the IT sphere because mobile, IT, and cloud communications are so integral to the global economy now.
Trouble is, security is a highly complex domain that requires special knowledge and a highly organized approach to identify an organization’s risks and chart a course to excellence.
But help is on the way from Jason Cook, the regional Chief Information Security Officer for BT Americas, whose security team widely advises enterprises and telecoms alike. And we’re delighted to interview Jason and get his deep perspective on security issues.
On a day-to-day basis, Jason is responsible for BT’s security practice in the Americas. Jason’s team is also one of the premier consulting organizations focused on data security for enterprises and telecoms in the Americas.
You’re going to thoroughly enjoy reading his clear explanation of six key motivators that are driving increased awareness — and fear — of falling behind in security protection.
|Dan Baker, Editor, Black Swan Journal: Jason, it would great if you could give us a quick backgrounder on BT’s role in security?|
Jason Cook: Sure, Dan. BT — as you well know — is a very global company. A few years ago we completely revisited our security posture. In that process, we stood up the security enterprise organization that is responsible for our internal security.
BT is ranked by outsider experts as the sixth largest shifter of data across networks. We are easily seeing 50% of the internet traffic on the network. Any way you look at it, we have a kind of “ring side seat” to security threats worldwide.
Of course, our heritage was UK-owned government. BT was privatized in 1984. And we have always protected Her Majesty’s government on many levels, across all continents. Even here in the US, people don’t realize that we are part of the critical infrastructure in the US.
Now my responsibility here at BT Americas is specifically to address security needs across the Americas: Latin America, the U.S. and Canada.
|And what kind of customers do you primarily serve?|
Many of our customers are multi-national corporations, FTSE 100 and Fortune 500 profile global customers. We also collaborate with other carriers whose networks we touch from a wholesale or policing standpoint.
On the enterprise side, these are the big customers you would expect to see in the consumer package goods place, pharmaceuticals, finance sectors, in particular. And the services we offer them are a mix of detection capabilities, monitoring visibility capabilities, cyber capabilities, and wrapped around that is our professional services and consulting.
Depending on how you read us globally, we are viewed as one of the largest security managed services players. Our global practice currently employs 2,500 people. In fact, we are now recruiting an additional 900 people — and the focus is no longer on bringing in experienced people from the street. Actually, security veterans are very scarce these days. That’s why we’re searching the colleges, universities, and other sources to hire the next wave of security practitioners we want to grow.
|Can you give us a feel for the key security issues you look for as you consult with enterprises and comms providers?|
Dan, I think it would be fruitful if I walked you and your readers through the key motivators driving greater vigilance in data security:
So these are six key security motivators we are seeing at BT
|Jason, your points are splendid and easy to follow. Thank you. Lots of detailed information here for people to digest and apply. I wonder in closing if you could discuss the typical subjects you cover when BT does a full security consulting assessment for an enterprise or telecom?|
Sure, Dan. The key outcome of our consulting is to instruct on how to properly implement data security planning.
Often we find a company’s plan is poorly constructed. It is usually out of date, by a year or two. And in this environment, that’s extremely out of date.
We advise them to continuously review their plan — and that plan is not a one-time thing at all. It should be part of the way you run your business. So, one of the first questions we ask board members or the leadership of any organization is: “Are you doing your monthly or quarterly security risk assessment?”
What is assessment all about? It is not about the technologies. It’s about: have you identified your crown jewels — your critical portfolio, your critical people, assets, locations.
And after that, have you quantified the impact of losing those crown jewels? How are you managing it? Because, what’s the point of having a security capability if you don’t know how to protect it?
Certainly the brand protection issue provides sufficient shock reaction to get people’s attention.
And more often, the problems are not about your critical IVR, customer records, and your own organization’s people’s records per se. The key security weakness is usually around how that information travels through your organization. That’s what you need to understand.
Where is my data right now? Does it stay within the borders? Who can see my data? When and where is it encrypted? What’s the data retention policy?
So these are the things that typically come out of a full security assessment. And out of that comes education that enables you to reassess the technology you are using, your ecosystem of partners, and many other things.
What’s surprising is that the organizations we deal with may be very strong on some stuff, but quite light in other areas.
Copyright 2016 Black Swan Telecom Journal