With an initial investment of over $2 million towards building an advanced cyber security centre, the first of its kind in Bahrain, VIVA Bahrain is making a bold move.
Telcos worldwide are a critical force for economic growth, and innovation within the industry has become essential as people and businesses connect in ever evolving ways. This dynamic change has set operators to focus on diversifying their revenue streams leading them into creating dedicated business units to handle enterprise and SME business by investing heavily into this market segment.
In line with this, VIVA Bahrain launched its enterprise division in 2012. Recently, it has expanded its services by joining forces with McAfee to establish Bahrain’s first world-class cyber security centre (CSC) as a step to enhance the cyber security capabilities for enterprise and SME customers in Bahrain. The addition of managed security services (MSS) to VIVA’s cloud services portfolio is aimed at providing Bahrain's enterprises a one-stop-shop for all communication and data security requirements. The telco has invested over $2million for the initial phase alone, and is projecting that the centre will increase VIVA’s enterprise revenue by 20% over the coming three years.
Needless to say, most people lead an e-life today– connected, shared and exposed. Data is one of the most preserved commodities – equally critical for small business, banking and finance, industry, government or even personal. Securing the information is a major concern to businesses today. “VIVA realised the need of businesses in securing their information and embarked on an expedition to be the first in introducing the cyber security centre,” says Eng. Ulaiyan Al Wetaid, CEO, VIVA Bahrain. “The CSC will be focused to provide a complete range of solutions and services to ensure information is secured, managed and monitored in a cost-effective model,” he adds.
“In early 2015 when VIVA Bahrain decided to step into ICT solutions and services, the information security topped the list as the area with most growth potential due to forecasted demand and shortage of resources. Thus, we conducted a comprehensive study including the regional and global offer benchmarking with other operators offering MSS,” says Al Wetaid. The VIVA CSC will be a complete solution and services centre for information security services. The establishment for the complete scope is planned for three different phases, which will span over 12 months’ time, according to the operator’s estimates. The first phase is targeted to be completed within H1, 2017 and services shall be offered to the customer in Q3, 2017. (As CommsMEA went to press, the phase-1 deployment had been completed and the final user acceptance and integration with VIVA sub systems was underway.)
Al Wetaid tells CommsMEA that VIVA has invested over $2million for the initial phase with information security monitoring and reporting with McAfee. “The scope will expand with further investments in human capital to bring in and develop information security expertise to ensure the overall security service offering,” he adds.
In terms of RoI, it might be still too early to characterise the project in terms of the effects it will have on reducing costs or increasing revenues. However, given the fact that data and information security is a key concern of any organisation today, VIVA sees the MSS offering as a key driver for the telecom and ICT solutions that it currently offers and will introduce in future. “The planned information security services will play an important part in positioning VIVA as a trusted service provider witha new portfolio of services enhancing customer loyalty and complementing VIVA’s business offering,” says Al Wetaid.
Information security is not a “one size fits all” – hence it cannot be covered with one single vendor. Each security vendor is specialised in its own niche. Taking that into consideration, VIVA plans to bring the best of all in a single offering. There are other partners that will work with VIVA in extending the services on top of the monitoring and reporting infrastructure being setup with McAfee. McAfee will remain the prime partner for end-point and security information and event management (SIEM) solutions and services for VIVA Bahrain.
It’s been evidenced by several reports that there’s a severe shortage of cyber security talent; so it’s worth being curious about how the workforce for the VIVA CSC will be organised. Al Wetaid says that VIVA is equipped with skilled resources in-house, the staff who are in charge of managing the telco’s network and host-based security. However, he doesn’t rule out the fact that as the offering is taken to market, a lot more expertise will be required to address market demand. The plan is that McAfee will help VIVA to build this expertise, nurture local talent with the right skillsets and enable VIVA and Bahraini talent to excel in the realm of cyber security services.
“We shall provide on-site resident engineers who will run the platform, and the SOC for a certain time; in the meanwhile, we will transfer the knowledge, train the VIVA staff, and then we can hand it over to them,” says Tarek Jundi, MD, McAfee, Middle East and Turkey. He adds: “We also have support organisations on the backend that would help in configuration, integration, putting in order some use case scenarios, to make sure that the promise made to the enterprises and SMEs is effectively delivered.” In terms of customer servicing, VIVA enterprise support will remain the single point of support escalation for all VIVA customers. For managed security services, the VIVA SOC will be proactively monitoring the services and reporting to customers of any potential cyber threat.
Thwarting our concerns that in such scenarios, there’s the chance of the service provider becoming a bottleneck in the customer’s business by being the single point of failure, Al Wetaid says: “VIVA ensures that all business-critical services are designed to be inherently highly available. The same methodology is being used for our CSC offering, with high available service core and different on-premises deployment options to suit customer requirements.”
Jundi highlights how McAfee is simultaneously working to support the telco’s own internal security infrastructure as well. “When we work with any telco, we advise them across several different areas, like the internal IT security as well as the telecom network security. We have a service organisation which works with the telco to provide several reports like risk assessment, vulnerability assessment and compromise assessment, on the readiness and gaps in the infrastructural readiness,” says Jundi.
Elaborating further on the partnership model with telcos for managed services, Jundi says that any MSP partnership model is established primarily as a standard partnership, and later on, the managed services specialisation is added ‘like a cherry on the top’. “The MSP is a partnership where we provide the technology, and operational support, while the telco provides its platform of managed services. Basing on that, we do joint marketing activities, joint account planning, and come up with a compelling market proposition jointly.” The partnership with VIVA and the MSP model acts as a more easy, and effective channel for the McAfee’s go-to-market strategy. Additionally, the vendor gets to leverage the huge customer base of its telco partner and build upon the existing relationships to provide its solutions and services.
Backed with their connectivity expertise, telcos have the excellent opportunity to bundle the connectivity along with other ICT needs of the business customers. The uniqueness and efficacy of the bundling can differentiate the telco’s value proposition relative to other telcos as well as other pure-play ICT providers.
The geo-economic challenges have forced organisations to consider alternate offerings to optimise operation costs with less travel, data and resource consolidation. Hence the cloud is being considered as the preferred model of IT operation by major organisations across the globe. VIVA Bahrain’s current enterprise portfolio comprises cloud services, data centre, web-hosting services, and IP telephony. The VIVA CSC aims to be a provider of complete information security offerings comprising leading vendor based security solutions, information security process definition, security compliance and audit services on top of managed event monitoring and reporting services.
The services will be offered to all business verticals including SMEs. VIVA is also planning to use SDN and NFV later on to scale up delivery.
As part of the McAfee partnership, VIVA will have access to always-on, McAfee global threat intelligence (GTI), a cloud-based threat intelligence service enabling accurate protection against known and fast-emerging threats by providing threat determination and contextual reputation metrics. McAfee GTI integrates directly with McAfee security products, being offered by VIVA, to instantly protect against emerging threats and reduce operational efforts and time between detection and containment.
Al Wetaid is bullish about the competitive advantage of the MSP offerings. He says: “Unlike niche solution or service providers, VIVA brings complete telecom and ICT solutions and services under a single integrated offering. With an affordable monthly fee, trusted business partner, customers can enjoy the latest technologies, services and support that otherwise may cost significantly to implement and further increasing cost of support year-on-year.”
In addition to the right security solution, the challenge for the organisations remain hiring and retaining the security experts to handle different types of solutions and their integrations enabling the end-to-end security services and solutions. Al Wetaid believes this would be a prime differentiator for VIVA since the VIVA will offer all the needed security expertise in an affordable OPEX model.
McAfee has successfully completed similar projects in Qatar; in Europe with Orange, and Vodafone; and in the US with AT&T. The vendor has also signed a pan-Gulf agreement with NexGen group. Jundi further hints at various other exciting projects in the pipeline. There are ongoing discussions for similar MSP projects in the UAE, Saudi and Turkey.
VIVA-McAfee engagement does not end with the implementation of the phase-1 of the VIVA CSC project. It is a relationship that has been built with a common vision to establish a centre where customers in Bahrain and in the region can rely on for their information security audit, compliance, monitoring and management. VIVA will continue to partner with McAfee to bring expertise in the security professional services to Bahrain and the region.