A10 Networks has published an international research report revealing the challenges and priorities of communication service providers as they respond to the ongoing impact of COVID-19.
The study was undertaken by independent research organisation, Opinion Matters, among 1,251 senior IT professionals from a range of communication service providers in UK, France, Germany, Middle East and India*.
It found that, nearly all (99%) of service providers surveyed had experienced an increase in demand as a result of COVID-19. 67% of service providers surveyed believe their customers will continue to operate with employees working from home to some extent post-pandemic. As a result, they anticipate permanent changes to customer demand and use patterns, and they are seeing changes to procurement strategies. They are also facing intensifying security threats and have changed their investment priorities as a result.
Key findings on the direct impact and response to COVID-19:
The overnight pivot to home working caused by the pandemic has had an immediate effect on demand and distribution:
- 99% of respondents experienced an increase in demand as a result of COVID-19, with an average increase of 55%
- 99% said the pandemic accelerated their transition to a more distributed network
- 55% scaled up infrastructure across the network
- 54% scaled up in specific high-demand locations
- 47% invested more heavily in security technologies
- 32% increased headcount to deal with requirements.
Commenting on the direct impact of COVID-19, Anthony Webb, EMEA Vice President at A10 Networks said: “The switch to working from home caused an unprecedented shift in customer needs and a fundamental change in both geographic and temporal use patterns, as home workers adapted working hours to combine jobs with home-schooling and caring duties.
“At the same time, it represented a rapid expansion of the attack surface, leaving providers battling on two fronts: how to meet demand, and how to scale-up safely. Our research shows providers had a dual focus on scale and security, which is set to continue as they make strategic adjustments to the changed landscape and accelerate their transition to the more distributed network.”
Customer procurement strategies and concerns have changed – the shift to cloud accelerates
As customers have adapted to an altered digital environment, their requirements of communication service providers are changing, with more focus on security, continuity and cloud adoption:
- 56% say customer demand for online platforms such as customer service portals has increased
- 52% say customers are now more concerned about business continuity and resilience
- 44% say customer expectations about security from network service providers has risen
- 58% have seen enterprise customers splitting workloads between traditional telcos and non-telco cloud platform providers to minimise risk to service availability
- 50% have seen enterprise customers expand telco RFPs to add a mix of non-telco providers
Commenting on these findings, Webb added: “Customers are on high alert to the threat of service disruption and are demanding higher security and business continuity standards as a result. They are also being proactive about reducing dependence on individual providers by splitting workloads. The fact they are including non-telco providers in procurement strategies shows that they are planning this approach over the long term.”
Investment plans and priorities
The effect of the pandemic and changing customer priorities has altered communication service providers’ capital investment plans:
- 52% plan to increase investment in security
- 50% are reducing investment in their own networks and increasing use of public cloud providers
- 48% say upgrading firewalls and other security appliances to combat new threats is their highest priority security investment to 2022.
- 45% say DDoS mitigation across network infrastructure is a top priority, while 43% are prioritising DDoS protection as a service for enterprise customers.
Webb concluded: “Communication service providers are reacting astutely to growing customer focus on security and resilience by ramping up investment to protect those areas that have been exposed by the expanded attack surface. Maximum uptime and data protection are paramount for organisations operating in the remote work environment and investment in these areas will pay dividends for providers facing increasing competition from non-telco operators.”
COVID-19 has prompted a resurgence in DDoS attacks targeting digital services. A10 Networks’ most recent State of DDoS Weapons report tracked 12.5million DDoS weapons in the second half of 2020.
A10 Networks’ International Communication Service Provider Insights 2021 show that respondents recognise the imperative to robustly reinforce security, not just because there is a significant legacy network that must be protected, but because threats are escalating, and customers are increasingly aware of the risks of business interruption.
The report also contains analysis of variations between the individual countries surveyed and vertical sectors.
Top Findings from the Middle East
Without a doubt COVID-19 has had a significant impact
99% of all Middle East respondents experienced an increase in demand as a result of COVID-19, on average by 52%.
As a result, service providers who have experienced demand increases have had to scale up in terms of:
- Infrastructure across the network (50%)
- In specific high demand locations (50%)
- Investing more heavily in security technologies (48%)
- Redistributing network capacity to accommodate changes in traffic demand (38%)
A distributed environment is leading to a bigger and broader attack surface
99% of all Middle Eastern service provider respondents said that COVID-19 has accelerated their transition to a more distributed environment with on average 46% of network traffic affected.
Middle East communication service providers are seeing increased demand from different locations, and this has forced them to redistribute network capacity and scale up in specific locations (50%), and due to the increase in demand, 50% of providers have scaled up their infrastructure across the entire network. 38% of Middle East respondents also stated that they have redistributed their network capacity to accommodate changes in traffic demand.
Nearly half have invested heavily in security technologies (48%) as a result and 49% say that, going forward, to deal with this distributed environment, revision of employee cybersecurity training programmes to reflect the hybrid working environment is required. DDoS protection services for enterprise customers (45% of respondents) and DDoS mitigation across network infrastructure (44% of respondents) are the highest priority security investments for 2021-2022 for Middle East service providers.
Communication service providers said that they would need additional capabilities and technologies to protect their customers’ networks from cyber-attacks in the next two years. 45% stated they would need granular DDoS mitigation, 44% will need increased security automation including automated policy support, and 43% said they would require more application-layer visibility of customer traffic to detect malware.
The impact COVID-19 has had on relationships and investment plans
It is a mixed bag when it comes to investment. For the Middle East, the majority of respondents have planned to increase investment in security within the next 3 years due to the increase in traffic/ subscribers (51%). However, a large percentage (49%) have paused their investment plans over the same time period. 47% plan to reduce investment in their own network and accelerate use of public cloud providers, whilst others plan to increase investment in networks (43%).
Where customer relationships are concerned, 52% have seen an increase in demand from customers for online platforms and portals so that customers/subscribers can self-serve, and 43% say that their customers/ subscribers have increased expectations around security from network service providers. 40% of providers have had a larger pool of customers/ subscribers to deal with. 52% are seeing customers concerned about the resilience of their service provider and asking questions around business continuity.
Going forward providers are keen to ensure DDoS detection and mitigation across the network infrastructure, DDoS and ransomware protection services for enterprise customers and upgrading firewalls and other security appliances. All these feature heavily in their future investment plans.
The workplace won’t snap back to how it was
66% of Middle East respondents believe their customers will continue to operate with employees working from home, even post-pandemic. Only 34% believe the environment will snap back to pre-COVID-19 working practices.
As a result, 49% of respondents say their customers are looking to revise their cybersecurity policies and training programmes to accommodate this hybrid working environment, and 48% of respondents say their customers/ subscribers need to offer better security to their employees for their remote networks and endpoints to protect against increasing cyberattacks whilst working remotely. 48% of respondents also say their customers need to roll out multi-factor authentication to their workforce to enhance security and 47% feel customers need to update their BYOD policies to make sure their security is robust.
A move to less traditional non-Telco providers
In terms of purchasing strategies, 61% of Middle East communication service providers say customers have expanded their telco vendor RFP list to include non-telco cloud platform providers. 49% are seeing customers splitting workloads and traffic between traditional telcos and non-telco cloud platform providers to ensure resiliency. 45% say customers are requiring end-to-end security SLAs in order to protect themselves across cloud and data centres for any chosen vendor. And 45% see customers exploring private LTE and 5G options.
Concerns around outages, compliance and multi-cloud environments
When it comes to the diversity of environments, providers are concerned that they can continue to deliver a good level of service, so outages are top of mind (46%), followed by granular visibility of traffic (40%). Compliance with regulatory requirements for privacy and security was a joint third with maintaining consistent subscriber experience (both 39%). When it comes to 5G, the top security challenges felt were evenly split between the unpredictability of subscriber usage with changing traffic patterns on service provider networks (22%), maintaining application availability and security for enterprise customers (22%) and maintaining a quality service and avoiding service outages (21%).
“Nearly all the respondents from the Middle East (99%) stated that they had experienced an increase in demand as a result of COVID-19. However, out of the five countries surveyed, respondents in the Middle East lagged behind and scored lowest in scaling up their infrastructure across the entire network in response to increased demand for data and network bandwidth from customers. It is clear that there is a lot of work that needs to be done in this area. Communications service providers should also prioritise applying more rigour to their security strategy with up-to-date thinking and techniques — to address longstanding vulnerabilities,” concluded Amr Alashaal, Regional Vice President – Middle East at A10 Networks.
*Methodology: A10 Networks commissioned a survey, undertaken by an independent research organisation, Opinion Matters, in January 2021. 1251 senior IT professionals from a range of communications service providers were surveyed from a variety of operators including: mobile, fixed-line telecom, cable, converged, MVNO and MVNA and OTT providers. This is the first insight research A10 Networks has undertaken into the communication service provider environment and it forms part of an international research project across five countries, including: UK, France, Germany, Middle East and India.