In my previous blog post (7 Technologies that Impact PCI), I gave an overview of Steven Orfei’s presentation at the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. In this post, I’ll talk about another presentation from that same event.
A few weeks ago I had a chance to attend the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. (PCI is shorthand for the Payment Card Industry Data Security Standard, a guideline to help organizations that process, store or transmit card payments.) Two highlights for me were presentations by the PCI’s new general manager Stephen W. Orfei, and another by Adm.
In my previous blog post (link to “The Quest for Five 9s Making For Strange Bedfellows”), I mentioned how many of our enterprise customers are now achieving continuous (AKA “Five 9s” or 99.999%) network connectivity with wireless alone. In most cases, they do it by using two cell carriers per branch location. (If Carrier A’s network goes down, the routing device switches to Carrier B until Carrier A comes back online).
In my previous blog post, Specializing and Generalizing in the World of InfoSec, I mentioned the BSidesLV opening address by Adam Shostack, “Beyond Good and Evil: Toward Effective Security.” I’d like to pick up on his theme of information sharing as the ultimate act of self-preservation.
Today I’d like to discuss three facts that are leading to a tectonic shift in cellular carrier business practices, and the implications of this shift:
Fact One: The world of cellular carriers is fiercely competitive.
(After having spent 17 years with one of the largest cellular carriers, I can assure you it’s true.)
As with most professions these days, information security specialists need to continually strike a balance between focusing on the issues most relevant to their jobs—while keeping at least an eye on what’s going on everywhere else. One of the more efficient ways to do this is to attend conferences, which help you learn a lot about a lot of things—in a short amount of time.
As I noted in a November 2013 blog post (Is LTE the Winner? Follow the Money), the wireless carrier industry continues to be “engaged in a kind of horse race to see who would be first to offer the best, broadest, and most powerful LTE network.”
The most recent twist in the race concerns the proposed merger of T-Mobile and Sprint. As of August 6th, 2014 Sprint announced they were calling it off and long-time CEO Dan Hesse has been replaced. In the realm of LTE giants, these two companies rank well below both Verizon and AT&T with respect to numbers of subscribers. (There are other measurement criteria, which I’ll discuss in a later post.) Combined, however, the new company would have been on more equal footing—with about 100 million subscribers versus the other two companies’ 110-120 million. With less than half the subscribers of either AT&T or Verizon, Sprint and T-Mobile lag their larger competitors in LTE network build-outs and the main rationale for the merger was to gain parity with their larger competitors.
Let's face it. For distributed enterprises, establishing and maintaining fast and secure networks at the edge is no easy task, especially in a world where hackers are more sophisticated than ever, and greater demands are being placed on the network for high performance and bandwidth. Today's branch locations process highly sensitive data but don't have onsite IT to perform hands on system monitoring to watch for attacks or connectivty outages. ......