As an example of transformative change that is now underway, Joshipura pointed to the telecom industry. “For the past 137 years, we saw proprietary solutions,” he said. “But in the past several years, disaggregation has arrived, where hardware is separated from software. If you are a hardware engineer you build things like software developers do, with APIs and reusable modules. In the telecom industry, all of this is helping to scale networking deployments in brand new, automated ways.”
Telstra will offer enterprise-grade managed security services from SOCs in Melbourne and Sydney
The telco’s director of security solutions, Neil Campbell, said the new SOCs and Telstra’s new platform are part of “reimagining” how managed security services are delivered, particularly in the context of the vast quantities of data enterprises find themselves grappling with thanks to developments such as the Internet of Things.
Using open source offers “the ability to be master of your own destiny when it comes to features and timelines,” he added, allowing the telco to be flexible in order to meet its clients’ requirements as well as adapt to an evolving market.
Another reason for using open source is that “by contributing to the open source community we put the tools in the hands of users who might otherwise not be able to afford an enterprise-grade SIEM platform or for their own reasons would never outsource and are looking for some flexibility in-house,” Campbell said.
We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.