Vodafone Needs to Change Its Cybersecurity Outlook to Become a Progressive Partner to Industry

Subscribe To Download This Insight

By Michela Menting | 4Q 2017 | IN-4818

It has been 20 months since Vodafone entered the enterprise cybersecurity market with its Enterprise Security Services (VESS) line of business, but the operator has failed to make any notable impact. VESS is a vanilla service offering that is largely similar other standard solutions on the market. It recently released a commendable, but otherwise unremarkable, research report on security attitudes in business as it relates to decision-making, growth, and innovation. Predictably, businesses that do risk assessments and implement cybersecurity are more successful in the long-term. While the report does raise some interesting findings around gaps and difficulties, and provides an opportunity to upsell security services in an increasingly dangerous cyberworld and in the wake of uncertainties surrounding the IoT, Vodafone has not been able to convince on why it should be the security platform of choice.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

An Unimpressive Start

NEWS


It has been 20 months since Vodafone entered the enterprise cybersecurity market with its Enterprise Security Services (VESS) line of business, but the operator has failed to make any notable impact. VESS is a vanilla service offering that is largely similar other standard solutions on the market. It recently released a commendable, but otherwise unremarkable, research report on security attitudes in business as it relates to decision-making, growth, and innovation. Predictably, businesses that do risk assessments and implement cybersecurity are more successful in the long-term. While the report does raise some interesting findings around gaps and difficulties, and provides an opportunity to upsell security services in an increasingly dangerous cyberworld and in the wake of uncertainties surrounding the IoT, Vodafone has not been able to convince on why it should be the security platform of choice. 

What Its Competitors are Doing Right

IMPACT


While the findings are interesting, the report is perhaps not the best vehicle for penetrating a cybersecurity market that is highly competitive and saturated, or for convincing prospects of Vodafone’s cybersecurity prowess. To make an impression, ecosystem players need to offer solutions that go beyond the current defensive offerings in an already mature market. Vodafone should be making a more offensive play, offering next-generation solutions and cutting-edge research to leverage its available capabilities as a global telecommunications service provider.

Vodafone is a behemoth in the ICT space, with almost 500 million customers (primarily in mobile, but also in fixed broadband). This base, and the underlying network infrastructure supporting it, provides a rich and highly valuable source of information that can be extracted and analyzed to provide truly unique insight and actionable cyber intelligence. Vodafone should be using big data analytics and machine learning technologies to identify cyberthreats and develop security tools that can tackle the next evolution of threats. Vodafone needs to be more pre-emptive. Beyond providing information on business attitudes, Vodafone could and should be looking at threats and solutions from a more technical analyst perspective, not just from an advisory and consulting perspective. Vodafone should leverage its vast network and user base to predict future vulnerabilities. This will allow it to formulate cybersecurity tools and services that can respond to future threats.

AT&T, Telefonica, Verizon, BT; many of Vodafone’s top competitors publish annual security threat reports that are comparable to those published by cybersecurity firms. In fact, those operators often partner with experts in the industry to inform and refine their security analysis, provide insight into what will shape the cybercrime ecosystem, and propose how the cybersecurity industry should respond. Verizon’s annual Data Breach Investigations Report is globally renowned for the insight it offers in the data breach field, while Telefonica has acquired security outfit ElevenPaths, and collaborates with Kaspersky, to publish its quarterly Financial Cyber Threats Report. These operators provide both public and private threat research to inform consumers and businesses on the threat landscape. Showing that an operator has cyber intelligence gathering and analysis capabilities provides assurance that it understands the threat landscape and can offer effective solutions against them. But it starts with demonstrating intelligence.  

No IoT Vision

COMMENTARY


For Vodafone, demonstrating such intelligence should be the first step in proving it understands the issues and can offer more in terms of solutions than an average consulting house. The operator should be using its current tools, and its track record, if it intends to claim in a stake in the cybersecurity market. The operator is globally recognized as a leader in enterprise networking, yet it has little cybersecurity credibility. Vodafone has sterling internal cybersecurity policies and procedures, yet it is not well known for that. In 2014, it was the first telecommunications provider to obtain the U.K. government’s new cybersecurity accreditation, the Cyber Essentials Plus. Further, the operator offers GCHQ National Cyber Security Center Assured (CAS) Telecommunications Services and Certified Cyber Security Consultancy in Security Architecture. In addition to providing cyber intelligence reports, Vodafone should be leveraging this expertise to shape its security messaging and position itself as an implementer of cybersecurity excellence.

Beyond that, the operator needs to tackle new markets and leverage new technologies. Enterprises today are not just digital, they are expanding into the IoT. Vodafone needs to look to the future and start offering solutions in other domains. It can do this through acquisitions, partnerships, startup investment, hackathons, accelerators; most of its competitors are engaged in some or all these ventures.

Telefonica is a good example: its cybersecurity unit is represented by the ElevenPath acquisition; it invests heavily in startups, running accelerators and hackatons on a regular basis. Furthermore, the operator has been highly efficient in showing it can provide security for operational technologies that will come to dominate modern societies. For example, Telefonica is actively engaged in the Tecnoport 2025 project. Led by the University of Seville and the Port Authority of Seville, the project uses new wireless networks and sensors to improve the tracking and remote control of containers passing through the port, and to optimize the rail and river traffic in the area. Telefonica has worked with the GSMA to implement the GSMA IoT Security Guidelines to secure two key components of the project: the managed connectivity platform that controls cellular connectivity, and the FIWARE-based Smart City Platform that aggregates the data generated by remotely deployed sensors connected via wireless networks. These are the kinds of projects that proves an operator is at the forefront of the cybersecurity ecosystem.

Vodafone needs to change its security messaging and perhaps its strategy if it wants to define itself as a truly progressive cybersecurity player. Anything less than that will leave it floundering in the unforgiving culvert of mediocre contenders.

Services

Companies Mentioned