Vladimir Dryukov, Rostelecom-Solar: The market is ready to receive services of cyber security from a cloud

Vladimir Dryukov: It is, probably, the most difficult question for today as the name of any product – creative history, the choice goes long enough and not easy. For today the name of the solution - "Single Platform of Services of Cyber Security" (SPSCS) brought to the market.

Vladimir Dryukov: The platform is applicable for two different types of clients – the large federal companies and rather small regional structures. The first type of customers has the big distributed federal network of departments or other points of presence therefore for them application of the EPSK platform is, first of all, an important story about question economy. Instead of specialized means of protecting (information security facility) on each point, expenses on their service, storages of the spare equipment (ZIP), we give to customers the chance to significantly save funds in general for the project. The second type of clients appeared in connection with recent waves of the mass attacks of the network layer – WannaCry, the attack using vulnerabilities of the equipment Cisco and some others. A large number of small regional customers were not ready to it as they had no corresponding tools and due examination. Function defense of perimeter became today crucial therefore for such companies our cyberservices are reasonable as the advanced safety feature. The main driver is staff shortage here, capable to resist to such attacks, to quickly adapt a system for new threats.

Vladimir Dryukov: The basic principle of architecture – centralization for what the innovative technology of SD-WAN popular including in the West is used. At the same time we facilitate the equipment on the platform of the customer: instead of putting heavy means of protecting, the client sets at himself CPE (Customer Premises Equipment) – the small network device. It creates a secure channel of communication based on IPSec and routes the customer's traffic towards our core. In DPCs of Rostelecom the cloud platform of Telco Cloud at which EPSK also works is unrolled. It allows to collect on a centralized basis traffic of customers, aggregating it in the service chains isolated from each other. If to fall by the level of basic logic, a task – to take traffic of the customer and of required rules to wrap it in our DPCs where the customer also begins to receive services of cyber security. There is it in the virtual or physical segments of data center (engl. tenant) selected under each customer where data of the client are aggregated and problems of providing Information Security are directly solved.

Vladimir Dryukov: For today three basic functions are implemented: protection of e-mail of the customer against spam and phishing mailings, firewalling based on "piece of iron" of UTM (Unified Threat Management) capable not only to block access, but also to detect invasion, to perform content filtering and many other things, and web protection of applications on the party of the customer. Thus, returning to the question of architecture of the platform, the two-unit structure is implemented: the first link – the infrastructure allowing to give correctly the customer's traffic to DPC for postprocessing – the Telco Cloud platform, and the second link – actually services of cyber security based on different technological solutions.

Vladimir Dryukov: A strategic partner for us is the Nokia Corporation company as on Nuage Networks technologies and EPSK is constructed. Nokia already has experience of creation of service platforms based on SD-WAN, but the huge sizes of our country do EPSK project scale unprecedented. As for technologies of protection, it is the field of internal regulation therefore the used solutions were checked by two criteria: functional readiness and existence of the Russian certificates. Technologies of Fortinet company became the platform from the point of view of UTM and protection of e-mail, in respect of web protection of content solutions of the Russian company Positive Technologies are used.

Vladimir Dryukov: Next year two big areas of work are planned: adding of new services of cyber security and expansion of the list of vendors. For today about 40 Russian and foreign vendors want to become a part of the platform. And a lot of work at the choice of those with whom we will cooperate, – the procedure called by us onboarding is necessary to us. In fact, it is check of vendor on a possibility of "landing" of its technologies on our platform as in terms of functionality, and technically.

Vladimir Dryukov: Any history of application of service model consists of three parts and the first of them – significant increase by controllability process economy. When using classical infrastructure at the customer arise overhead costs of licenses, technical support of vendor and integrator, ZIP, the salary of specialists. In case of the federal customer with a distributed infrastructure these expenses grow just to the enormous sizes. Use of services of cyber security based on the centralized platform allows in this plan to save seriously as all difficult decisions are found in the center, and on the platform of the customer there is only CPE - almost free "piece of iron".

The second advantage – economy when scaling the solution. For example, the customer has a channel of access to 5 Mbit, and the piece of iron from vendor – at least 10 Mbit, at the same time at the customer periodically arises need for expansion of the channel – for a video conferencing or a backup. It is obvious that at classical infrastructure the customer should overpay. EPSK gives the chance to work on an algorithm of PAYG (Pay As You Grow), i.e. to pay only that volume of services which was really used.

Besides, at a certain stage the customer needs to increase capacities, to buy the new equipment, to somehow utilize old. In case of service approach based on our platform it is required to scale only CPE, and all the rest is scaled at the kernel level.

And the third problem which concerns not only spheres of cybersecurity is a deficit of the specialists capable to service the difficult equipment. In our case we provide "turnkey" service - operation of a core, its administration, monitoring of working capacity, response to the attacks – all this our expenses. Respectively, the customer receives big economy on the salary of specialists.

Vladimir Dryukov: The main complexity – mental reorganization, but today this problem is already not so relevant. When we began to build Solar JSOC in 2012, it were the withdrawal pains of consciousness of the customer for which the thought of transfer of the data in a cloud, on outsourcing for the purpose of identification of incidents of cybersecurity was perceived with big pain. Today we quietly say with the customer that his information flows are passed through our DPC. In fact, we undertake support function of business continuity (business continuity) as Internet connection – very critical moment for all business applications.

Vladimir Dryukov: The first critical moment – communication. We carried out many tests also found out that for most of customers of problems with communication will not arise, but in some cases routing of information flows in the center and can back cause some delays. For the purpose of the guaranteed removal of this problem we are going to scale EPSK in data centers of Rostelecom in the Urals and in Siberia as for today our platform is located in Moscow. The second difficult moment consists in innovation of the project first in the world in scale. I think, some problems therein can arise though now it is difficult to foretell what.

Vladimir Dryukov: CPE is connected "in one contact", without additional setup on site. The device is connected to network, by means of the notebook by click-through all necessary configuration is automatically loaded and the device begins to work. No special qualification from the customer's employee on site is required. In the production schedule there are also foreign CPE, and the Russian assembly. The line includes several modifications differing in different capacity - for big, average and rather small business. It is in the long term going to expand functionality due to the cybersecurity functions.

For today CPE performs function of the easy client, implementing as it was already told above, only routing and tunneling of traffic of the customer.

Vladimir Dryukov: Forces of sales managers conducted preliminary survey of clients, interest in the platform is available. A number of customers – both state, and commercial - tested services in the pilot mode and confirmed that the platform functions exactly as it is required. Moreover - we already have several customers who are testing a system and passing through the platform, "fighting" traffic on the basis of the relevant SLA. So now we pass from work with focal clients to wide audience.

Vladimir Dryukov: Other telecom providers move to start of the complete solution on providing services of cyber security, but it is difficult to define degree of their readiness for a product output to the market. Yet in the Russian market there are no solutions similar to EPSK.

Vladimir Dryukov: I will remind that we are engaged in services of cyber security since 2012 when Solar JSOC began to function. Today we will make a start from needs of the client – either economy, or receiving the IB advanced function. The main thing for today - the market is ready to receive services of cyber security from a cloud.

Vladimir Dryukov: In the current scale of charges the platform is aimed both at the big corporate customer, and at representatives of a segment of SMB. As for an essence of economic feasibility, at the total cost of ownership (TCO) for the big customer the maximum volume of expenses - purchase of licenses, on the second place – ZIP. Respectively, the economic feasibility arises that we aggregate these expenses and we replicate within the platform and the concept of Pay As You Grow. In case of rather small customer the cost of the equipment is small, but the specialist servicing it costs much. And we aggregate these expenses too, distributing on a large number of clients, reducing thereby hardware maintenance cost on the party of each of customers.

Vladimir Dryukov: The directions of development a little and the first – expansion of the list of services. The current three functions closed a basic task – defense of perimeter of cyber security. Next year we are going to go further and deep into, expanding a set of the technologies provided by us.

Today protection of DNS traffic, protection against the malware delivered on different channels in a format of cloud "sandbox" and some other are relevant for the market. The second important direction of development of EPSK – to add to the customer of variability in respect of the choice of technologies and vendor that the platform could work with any IT infrastructure of the customer. And the third direction – already mentioned geodistribution of the platform with an output of a part of a core of EPSK in DPCs in the Urals and in Siberia.