It’s Time: Security as a Critical Component of Essential Broadband Infrastructure

It’s time to treat security as a mission critical component of our essential broadband infrastructure. It’s time to have security lead everything we do; versus being overlaid as a reactive patch for problems and processes our current business and networks were never designed to manage.  Security isn’t just a network and security team responsibility; it is a C-suite responsibility. Security affects every sector—public and private— location, and person across the globe.

The evolution of networking and broadband has hit a critical juncture where legacy broadband enabled networks no longer efficiently, effectively, and affordably scale to serve the cloud-enabled world we live in. From inception, security was never a design requirement. Today, we are all in the cloud, whether we realize it or not, and the resultant data sprawl will continue to exponentially outpace the technology and people we are able to throw at it. Think MS Office 365, Google Suite, and Salesforce just for starters, then add social media and other operational, specialized development, or Internet of Things (IoT) tools served up as Software as a Service (SaaS) apps via the cloud. We live in a world where reactive policy management, inconsistent patching, and Virtual Private Network (VPN) routing activities are no longer sufficient to provide effective network security. 

A Business Team Exercise Challenge 

If you agree that security is a mission critical priority, I offer up the following Security Adjective Exercise (SAE) for your entire executive team.

In this SAE, and starting with your vision and mission itself, create a list of the services and promises your company or organization provides. And for the overachievers in the group, go a step further, and have your department heads do the same. Then go back and insert “Secure” as an adjective in front of each service, value or promise. Examples of before consideration include: 

• <Secure> Broadband connectivity, services 
• <Secure> Emergency management & disaster response
• <Secure> Critical infrastructure design, support, services
• <Secure> Public transportation 
• <Secure> On-site/Remote workforce development and training
• <Secure> On-site/Remote education
• <Secure> Healthcare, telehealth programs and services
• <Secure> Internet of Things
• <Secure> Backup, archival and restoration

As a group, read them aloud, discuss, and discover new meanings that might reveal themselves. How has adding security as an adjective re-engineered or affected all that you do or need to do every day because of its addition? And when removed how does that in turn affect your organization, priority or project analysis? I believe this exercise and analysis should be happening across every sector and division of your organization. 

Cybersecurity is a shared responsibility

Currently, cybersecurity and networking are separate industries, departments, budgets and SIC codes; isolated in strategies, models and even funded separately by federal programs and initiatives. The fundamental tenants of cybersecurity should be a shared responsibility model where user and provider share in their part and role for the benefit of all. 

Potential questions to raise for the greater broadband community are: 

• What level of security should ISPs design and incorporate into their services, and what should they have available for added services?
• What role should ISPs play in educating their customers on security best practices (use, shared responsibility, support etc.)
• How can federal and state funded broadband expansion efforts be better used, integrated into, and coordinated to build out the required secure next-generation cloud network models that will expedite cloud-transformation efforts?

Billions of federal dollars are flowing into states from the Department of Homeland Security (DHS) and the National Telecommunications and Information Administration (NTIA) to address these changing needs and security concerns. Unfortunately, these newly created programs are leaving organizations and tribal/communities responsible for developing/designing or trying to meet their cybersecurity concerns but often they lack the knowledge, ability and resources to do so.

As a cybersecurity professional specializing in the public sector, I am concerned that if we don’t all start to bring security to the forefront of our strategic planning and investments, we will be missing the mark of our missions to improve quality of life for all with access to secure quality broadband.

Kim Lamb Gast

Regional Sales Manager, PacNW & Rockies

https://www.netskope.com/solutions/industries

Next-Gen Cloud Security Stack, CAP/ TIC 3.0/ ZTNA/ SSE MQ leader, the foundation to SASE

Photo By Matthew Henry On Unsplash