Level 3's Richter on Cloud Security Evolution

Level 3's cloud-based Adaptive Network Security solution promises to modernize IT departments and data-protection practices, according to Chris Richter, the company's senior vice president of global managed security services.

Since Level 3 Communications Inc. (NYSE: LVLT) released its Adaptive Network Security nearly a year and a half ago, the company has learned a lot about the demand for more modern, more virtualized, more cloud-based IT solutions that help improve data stewardship considerations such as information security and data protection. This has guided the company's plans to expand in certain markets accordingly.

In part one of this Q&A (lightly edited for length and content), Richter shared some of the strategy and cost-benefit considerations that drive cloud-based security and virtualized next-generation firewall offerings like Level 3's Adaptive Network Security. Here in part two, Richter delves into the evolution of cloud-based security and information security compliance. (See Level 3's Richter: Security Is Better & Cheaper in the Cloud.)

Telco Transformation: How has the Adaptive Network Security service evolved since its release in May, 2016? More particularly, how has it evolved from how you guys may have originally envisioned it? Has it surprised you in any ways in terms of how people are using it or how it has developed?

Chris Richter: We're seeing a big pickup in customers who don't use our network connecting to it through third-party ISPs, and that kind of took us by surprise, but that kind of makes sense because the service is network agnostic. But the biggest surprise is how customers are pushing us to take the product in different directions. One of those directions is compatibility with SD-WAN -- and I'm talking about SD-WANs from a number of different vendors. SD-WAN has a lot of promise for network flexibility and hybrid access capabilities, but networks still need to have a very robust security for the Internet component of those SD-WAN deployments. So we made the service to be compatible for SD-WANs. We're seeing demand for that.

So we call it a "Swiss Army knife" security solution because it can do so many different things, but we're constantly being pressed to add more tools to that Swiss Army knife and expand the footprint into additional locations. It's a very exciting time as the product is growing on a number of different dimensions.

TT: Speculatively, is there a sort of final vision on Level 3's part in terms for its global cloud-security network and its global compilation of Adaptive Network Security gateways? In five years or ten years, what might this look like?

CR: We do have a vision for that. Without going into too much detail on our roadmap, we plan to minimize the requirement for as much security and network infrastructure in the customer premises as possible because just as data centers are giving way to cloud computing, there's no reason why you have to have a lot of complex routing and network and security infrastructure inside. IT has gone to the cloud; network and security should go to the cloud as well.

We believe the network should be the firewall. We believe the network should be the threat intelligence and intrusion prevention and detection platform. There's no reason to buy up all this expensive equipment, run up power charges, try to find the people to manage this stuff, pay the maintenance on it, and replace it every five years or so when the technology becomes obsolete and you've got to do a forklift upgrade. That is the Jurassic era. Five years from now we believe that will be the Jurassic era of IT security.

It has to move up. And we want to be the global leader in network-based IT security. That's our grand plan and vision. There's a lot that goes into that. There are a lot of features, functionality and flexibility extending far beyond offices and locations but also to remote users and mobile users, cloud, and access to SaaS-based resources. One of the benefits that Level 3 has is that because we have such a large global network, we can take security to the customer, proximity to the customer, and still be on the network, still be in the cloud. That's the whole concept behind having gateways geographically located very closely to our customers because it vastly improves performance, and, in doing so, reduces latency and makes for a much better customer experience.

TT: I imagine that this cloud-powered, network-based security is also a little easier compliance-wise if you're multi-jurisdictional at such a scale.

CR: Absolutely correct. If you're in a region, customers don't want their data going out. For example, with the German data-protection laws, and the GDPR, which is forthcoming. Companies in Germany want to restrict their traffic to a Frankfurt-based gateway and not to go through a London gateway. I mean, we can do that today for customers. But as compliance laws change, and as there are more geographic restrictions -- yeah, you're exactly right.

Culturally, I think there's definitely going to be a bigger push for more GDPR-like mandates globally -- although in the US we're not nearly as strict. But privacy has to be more of a core focus for what we do, and I think it's not just driven by the protection of individuals' personal identities, but also for national security reasons. If we raise the bar on protecting personal identities and personal information, the bar will also be raised for protecting all kinds of information assets.

I think that rogue nation states are after our personal information for the purposes of gaining competitive position -- not just in industry but also perhaps militarily. For all of those reasons, I think it's a good idea to take further steps. I think that's how it's going to evolve. I think we're going to see more stringent requirements to protect all kinds of personal information, possibly even personal IP addresses. GDPR goes all the way down to the IP address, in some instances considering that to be PII [personally identifiable information].

TT: Do you have any final thoughts you'd like to share on this evolution of cloud-based security and Adaptive Networking Security?

CR: This has been one of the areas of our biggest investment as a company at Level 3 because of the adoption rate we've seen with the service and just the incredible enthusiasm we've seen from our customer base with our strategy around Adaptive Network Security. We have had more than one customer tell us that this is definitely the direction the industry is moving and we are building the future of security. Those are actually quotes from customers. That's what's fueling our enthusiasm and our investment in this platform.

— Joe Stanganelli, Contributing Writer, Telco Transformation