Australian telcos take on mobile number, identity fraud

The Australian Communications and Media Authority (ACMA) has hailed newly implemented measures to deal with mobile number fraud.

Flagging mobile number fraud as the gateway to identity theft the authority said the issue occurs when scammers steal personal details to gain control of a person’s phone number.

“Mobile number fraud can have devastating effects as scammers can gain access to bank accounts, email, social media and more,” said ACMA Authority Member Fiona Cameron. “Identity theft has long-term ramifications as victims struggle to regain control over personal and financial information often over years.”

In March this year the ACMA announced a Scam Technology Project to explore ways to disrupt scam activity on telco networks and commenced work with industry on preventing mobile number fraud. It said the first outcome of this work was the establishment by Communications Alliance of new measures for use when telcos are transferring mobile phone numbers.

“These measures include the use of two-factor authentication, which involves an additional ID check such as use of a code sent to a consumer that they then use to verify their identity,” the ACMA said, adding that the largest telco providers and most major resellers had voluntarily implemented the measures.

While Cameron hailed the development of the stricter security measures,she warned more was required. “We know that some telcos, mainly smaller resellers, are still not providing satisfactory protection to consumers,” she said. “We welcome the Minister’s direction to lift these obligations into an enforceable industry standard that will apply to all providers. This work will be a priority for the ACMA.”

“In the interim, consumers should ask their provider what measures they have in place to protect their phone number and personal identity,” added Cameron.

The ACMA will shortly release an action plan to limit telephone scams, with the Scam Technology Project due to hand down its findings to the Minister in late November.

Security will prove key differentiator for 5G: Palo Alto Networks

guest column marker

0
By Sean Duca, VP and regional CIOr, Asia Pacific and Japan, Palo Alto Networks

Consumers and businesses are set to benefit enormously from the exponential network improvements promised by 5G.

More than just an incremental upgrade, 5G will create opportunities for the most exciting science fiction inventions to become science facts. It will lead to a level of connectedness and interconnectedness that hasn’t been seen before as data is shared between devices and applications at speeds even faster than the human brain.

However, consumers and businesses won’t be the only parties benefiting from these improvements. Cybercriminals will be able to take advantage of 5G to mount even more sophisticated attacks, gain better economies of scale, and target more attack vectors. Therefore, it’s essential for any person or business considering moving to 5G be aware of security upfront, according to Palo Alto Networks.

With 5G applications, a cyberattack can go beyond locking up data or compromising business operations. For example, cybercriminals could cause car accidents as autonomous vehicles become ubiquitous, or loss of life by hacking surgical robots or connected lifesaving devices; and these are just two of literally millions of examples of society’s potential reliance on 5G-enabled devices and applications.

Security will absolutely be the key differentiator for 5G; without security baked in as part of the fabric, 5G applications will be risky. It’s also imperative to take stock of where security is at today because threats aren’t waiting for 5G.

Palo Alto Networks recommends a three-pronged approach to improve security in preparation for 5G:

1. Government: address systemic issues present in today’s mobile networks

There are currently security issues in mobile networks that create risks for all users. Therefore, the government needs to step up to do more to regulate telecommunications providers to ensure they’re doing everything they can to keep the network secure.

If there are challenges that remain unaddressed in today’s networks, they are only going to get worse when 5G arrives. To successfully deliver on the promise of 5G, security is absolutely fundamental and must underpin everything. Government-mandated security can help.

2. Telecommunication providers: provide value-added security services to customers

Currently, telcos provide data and carriage with no responsibility for security. This means they’re missing an obvious opportunity to differentiate their offering with a value-added security service.

When passengers go to the airport, they know every single bag will be inspected before it gets on the plane. The same should be true of network traffic. Telcos should be inspecting all of the traffic that passes through their networks and blocking traffic where appropriate. This should be a point of differentiation for telcos moving to offer 5G services.

3. Customers: demand secure offerings to enable innovative applications

When businesses are looking to provide next-generation services like autonomous cars or robotic surgery, they need to demand that their telco provides a secure network for these applications. Customer demand is a powerful way to compel providers to improve security.

Telcos can dedicate a piece of their network to specific customers who demand it, such as those who want to provide a service like autonomous cars, and ensure strong security across that slice of the network. With the potential for innovation that 5G offers, now is the time for telcos to prove that they can play a key role in providing the essential underpinning security required for these applications to work.

Security will be a fundamental enabler for 5G, with 90 per cent of mobile service providers identifying security as a key differentiator according to an Ericsson survey. (1)

Therefore, before embracing 5G, organisations should look to service providers to provide a resilient network with robust security mechanisms in place. They should take a preventative approach, and establish application-layer visibility and consistent security across all 5G applications and devices.

On a macro level, it’s critical for government and industry to work together to identify ways to build security into 5G networks from the outset, and continue to identify and drive progress towards best practices.

 

References:
(1) “Exploring IoT Strategies,” Ericsson, April 2018, https://www.ericsson.com/en/internet-of-things/trending/exploring-iot-strategies

Australian regulator to review affordability of basic NBN products

The Australian Competition and Consumer Commission is set to review whether Australians can access basic broadband plans at fair and affordable prices, as part of an inquiry into NBN wholesale charges.

The inquiry will examine wholesale prices paid by retail service providers using the national broadband network to provide residential-grade broadband services.

More specifically, the regulator said it will focus on prices for basic speed broadband products offering 12/1 Mbps, and will consider whether regulation is needed to ensure a smooth transition for consumers to the NBN from legacy services such as ADSL.

“We have concerns that NBN Co’s wholesale pricing has resulted in unfair outcomes for those consumers who have no need for, or do not want, higher speed plans,” ACCC Chair Rod Sims said. “Most consumers have no choice but to migrate to the NBN if they want to keep their home service active, but are at risk of not being able to obtain a comparable NBN service at a similar price to their ADSL service.”

According to the ACCC, the inquiry will determine whether NBN Co’s most recent pricing offers (in particular, its recent changes to its Entry Level Bundle) will enable RSPs to offer attractive retail NBN options at ADSL-like prices.

The ACCC, which first raised these issues last April after NBN Co’s wholesale pricing changes in late 2018 led to the withdrawal of many basic speed retail plans, said it was also concerned about the national network builder’s continued use of discounts to tweak access prices.

“NBN Co can withdraw these discounts ahead of a notice period that it sets itself,” it said.” The ACCC is concerned that these arrangements may not be providing enough certainty for RSPs as they develop and promote their retail offers.”

“This lack of certainty creates unnecessary risks that may ultimately be passed on to consumers, who may face higher prices and reduced quality and product offerings as a result,” Sims added.

In addition, the inquiry will look at NBN Co’s service transfer and reversal charges, which are applied each time an existing service is transferred between access seekers.

“These charges can discourage the efficient use of service transfer processes, impeding competition and impacting consumers,” the regulator said.

“We want to hear from interested parties as part of this public and transparent inquiry process,” said Sims. “Right now, we are approaching a peak period for NBN service activations and mandatory migrations. The window for many consumers to migrate to the NBN without losing their existing fixed line service is closing.”

“We are interested in what changes can be made quickly to promote competition and the interests of consumers, while allowing NBN Co the opportunity to grow its revenues, invest in its business and earn an appropriate rate of return,” Mr Sims said.

The ACCC said the inquiry will allow it to make a final access determination (FAD), should one be needed, ahead of the expiry of the current wholesale broadband agreement at the end of November 2020. “Any FAD would provide access seekers with certainty about the terms and conditions of the access to the NBN that would apply should they be unable to reach a new commercial agreement with NBN Co at that time.”

The ACCC has released a discussion paper examining these issues and seeking views on those and other related issues.

Richard van der Draay is in Amsterdam as a guest of Informa Tech

SaaS renewals specialist Renewtrak readies for growth with launch of new Palo Alto HQ

Software-as-a-Service renewal firm Renewtrak has flagged the upcoming opening of its new global headquarters in Palo Alto, to underpin strong early demand for its offerings which are aimed squarely at the tech industry.

33654-RENEW-Nick McMenemyWe’re about to go on a recruitment drive to support the growth of the company, and are excited to start reaching out to top developer and commercial talent in Silicon Valley,” said company founder and CEO Nick McMenemy, during a media session on the sidelines of NetEvents’ Global IT Summit in San Jose. “Our HQ will also support our burgeoning US customer base.”

Founded in 2014, the firm’s proposition centres on unlocking the unexploited value in the renewal process. Put simply, Renewtrak is billed as a white label service provider offering a suite of intelligent customer management services designed to maximize revenues and margins from existing client customers.

“Our mission is to rewire a process that is traditionally manual, lacks scale and leaves money on the table,” McMenemy said.  “Using our pioneering technology and integrated performance-based commercial model, we’re certain we’ve hit the sweet spot. We take renewals data and let the software start to make predictions based on some of the behaviors and trends that emerge in the renewals process.”

McMenemy explained how Renewtrak’s automated service, while relying on machine learning, for now at least did not involve AI to any great extent. “We are taking the numbers and making predictions about if this data point acts in a certain way, then we predict this outcome. This process is automated; it is like being able to programme and make learnings about how a traffic light system might work, reacting to peaks in traffic, it is simply about the numbers. This to my mind is machine learning, not true AI.”

“Our service is able to do this at scale, no matter the value of the renewal,” said McMenemy. “However with Renewtrak we are also dealing with behaviours and the messiness of actual business. We are able to automate processes that really don’t need to be done by call centers.”

“Through data gathering and automation, the machine can start to learn,” he said. “Our service can easily spot when renewals are coming up. The machine sees no difference or creates no weight leaning towards the higher value renewals.”

According to Renewtrak, its service saves clients an annual revenue of 45.4% and can increase average client profit by 62.9%. The company currently has four offices around the globe, with its ISO 27001 certified service supporting 32 currencies and 24 languages.

McMenemy also noted some early customer wins, including signing Ingram Micro and said trials were underway with several other key Silicon Valley tech players which the firm will be announcing over the next 2-3 months. “We look forward to working with many more here in the US from our new global HQ,” he added. “We are growing fast and have a clear ambition to be the tech industry’s global go-to provider for renewals.”

Richard van der Draay was in San Jose as a guest of NetEvents

Superloop, Comscentre to provide network, hosted and managed services

Brisbane-based elastic fibre provider Superloop has entered into a strategic partnership with Australian enterprise-grade network specialist Comscentre to deliver a suite of network, hosted and managed services.

Superloop said under the collaboration its own metro fibre network allowed Comscentre to deliver network, hosted and managed services to its customers at speeds of up to 90Gbps and beyond.

0“Our partnership with Comscentre means our customers have a single source for network, hosting and managed services,” added Superloop CEO Drew Kelton.

“With Superloop’s metropolitan fibre networks providing high speed capacity and ubiquitous connectivity, and Comscentre’s network, hosting and managed services, customers can expect real value, seamless connectivity, low latency, and value add unrivalled in Australian network infrastructure and managed services delivery.”

Comscentre MD Ben Shipley said by combining Superloop’s network-based infrastructure platform with Comscentre’s hosted services, comms and collaboration capabilities, his firm is able to deliver  differentiated value to its customers, “significantly reducing costs associated with legacy network infrastructure and connectivity providers.”

Drew Kelton, Chief Executive Officer, Superloop said: “Our partnership with Comscentre means our customers have a single source for network, hosting and managed services. With Superloop’s metropolitan fibre networks providing high speed capacity and ubiquitous connectivity, and Comscentre’s network, hosting and managed services, customers can expect real value, seamless connectivity, low latency, and value add unrivalled in Australian network infrastructure and managed services delivery.”

Enterprises need to keep edge networks safe: Versa Networks CEO

guest column marker

 

kelly-ahuja-1
By Kelly Ahuja, President & CEO at Versa Networks

Network security is not only a top boardroom priority, but ensuring the protection of corporate data moving from the edge network out to the cloud and back is not an easy task, given today’s complex hybrid-cloud architectures.

Network security matters more than ever, especially given that it is now a major C-level concern for every large and mid-market enterprise. Senior executives have seen too many examples of what can go wrong when defences are breached to be in any doubt about what’s at stake.

A serious security breach has the power to damage a brand or erode shareholder value, reversing in a day a good image that may have taken years to build. It doesn’t end there. In many sectors, regulators have the power to levy major penalties on those who have suffered breaches, particularly if customer data has been compromised. New directives like GDPR are raising the bar further.

With enterprises investing heavily to transform themselves digitally, the threat has in many respects intensified and diversified. Enterprises pursuing a hybrid cloud or multi-cloud strategy, or relying on a software-as-a-service model to give remote workers access to critical applications, perhaps via a mobile device, will be potentially exposing themselves to new threat vectors that must be built into an already long list of security considerations for WAN edge optimization.

A digital enterprise may well have numerous points of vulnerability, and those who would seek to exploit these vulnerabilities are more highly motivated, organised and technically savvy than ever.

Threats can come in the form of DDoS attacks, malware, viruses or industrial espionage. They can affect the functioning of a network or website, or be aimed at the theft of intellectual property or customer data. The question for anyone responsible for network security is not whether such an attack will ever happen, but when. Total prevention may not be possible, so the focus must instead switch to limiting damage where it occurs.

As enterprises look for ways to accelerate their digital transformation journeys and to achieve greater business agility, they must match that by transforming their wide-area network to be more software-driven. By transforming their networking strategy with the right SD-WAN solution, they are not only gaining manageability and control, they are taking a big step toward better network security as well.

The keys to the kingdom

Putting security first means taking a multi-layered approach that is scalable and safe while also being simple to deploy, as well as straightforward to manage via an SD-WAN fabric. Truly secure networks are all about a multi-tiered architecture where multiple checks, authentications and authorizations are required to gain access to the internal network.

A major caution, however, is that not all SD-WAN solutions handle edge security in the same way. On the surface, all seem to offer cost reduction and application awareness, relying on a mechanism of building secure tunnels between sites.

But different SD-WAN solutions take a variety of approaches to important areas, such as key exchange and where the keys are stored. Keys determine who has access to what are crucial to WAN security. Certain SD-WAN models are more exposed and hackable than others, with the handling of keys often effectively allowing criminals to exploit vulnerabilities, especially where the system is directly exposed to the Internet.

Given that cipher keys are so important in encrypting messages, it’s all the more critical that network managers have a way to make them secure and complex enough such that any compromised endpoint cannot reveal the key to hackers. One technique that helps is to have a longer key, of at least 128 bits and preferably 256 bits.

An even more secure solution is to only be able to exchange part of a key and have an algorithm that can validate the partial key using elements that are secret to each device. In this manner, no device has all pieces to reassemble the key. The capture of keys from one device does not therefore provide any usable means for unauthorized access to the enterprise network. Keys do not need to be stored and can be computed with each packet that needs to be encrypted or decrypted.

The networks of yesterday were data centre centric; however, with SaaS and multi-cloud
requirements, site-to-site connectivity from the edge and to the cloud are required.

Branches need not connect back to the corporate data centre to access apps and clouds, in addition to packet inspection and security posture, which resulted in a lousy user experience because of backhauling all traffic to the data center.

What the contemporary enterprise needs is direct Internet access but without security limited branch by branch with different requirements. SD-WAN however allows for all security policies to run at all branches at the same time in the same context as more deterministic network performance.

In some cases it only takes just a portion of security to be CPE and integrated cloud-based security for scaling up and scaling down to workload demands. Cloud security as a service will do that natively, and then you don’t have to worry about sizing compute bespoke for every branch.

Multiple connections to your SD-WAN including private and hybrid connections allow branches to gain direct Internet access (DIA). Managed SD-WAN and cloud security as a service can manage both on-premise and cloud based policies, uniformly.

For extending WAN edge to the cloud, SD-WAN solves the bottleneck from private cloud to public cloud, and when the bigger threat is that once the branch is on the web, the IP of the branch is exposed, and users worry about DDoS attacks and unknown vulnerabilities, it’s security paramount to protect the public window at the edge; there’s no need to throw in line an expensive hardware-oriented at every branch.

Hardware-based platforms do not scale in or out when you have to change a policy or service. SD-WAN is more elastic, paying for only what you need at the time it’s needed, as opposed to over provisioning hardware capacity that my never be used.

An SD-WAN solution that is fit for purpose will also enable visibility and manageability, offering a seamless way to look at security, whether at branch or head office level. Cloud-security-as-a-service will enable this, whether the connection is in the form of the Internet or a private link of some sort.

That and many other capabilities must be embedded within an SD-WAN fabric. Protecting data has always been important – and challenging. Every enterprise has at least some private information, along with a duty to protect that data whether it is intellectual property, financial information, customer subscription information, payment history, or other information that a regulator says must be given maximum protection.

The right SD-WAN solution will give this protection.

Versa Networks President and CEO Kelly Ahuja has more than 20 years of experience in networking and telecoms. He currently serves on the board of directors for two startups in Silicon Valley. Kelly spent 18 years at Cisco deeply involved with the design and deployment of telco networks. He was most recently SVP of Service Provider Business, Products and Solutions at Cisco where he was responsible for developing and managing the service provider segment strategy and portfolio. Kelly held several other senior executive roles at Cisco, including SVP and GM of the Mobility Business Group, Chief Architect for the Service Provider business, and SVP and GM of the Service Provider Routing Technology Group.

Richard van der Draay was in San Jose as a guest of NetEvents