Big Interview

Homegrown security

JOVE 2019 5.jpg

Capacity’s Natalie Bannerman speaks to John Vestberg, CEO of Clavister, about the company’s view of the security landscape and the ‘best of breed’ approach to network defence

To those in Europe, the name Clavister should be synonymous with network security, or as its tagline says, “Security by Sweden”. With a portfolio comprised of SD-WAN, SASE, SDN/NFV and a range of cybersecurity solutions that span edge and 5G networks, it is a name to know in the space.

October 2022 saw the company renew a long-standing partnership with Nokia that started in 2016. Under the original agreement, Nokia offered firewall solutions to its customers that were powered by Clavister’s NetShield. The new and expanded deal will see Nokia offer NetShield and other solutions from Clavister as Nokia Managed Firewall Services under Nokia Managed Security Services.

Speaking on the significance of this announcement, John Vestberg, chief executive of Clavister, says that although his company’s original collaboration with Nokia led to NetShield being used by roughly 30 Tier 1 operators, it was limited to only one of Clavister’s products.

“We do have a wider portfolio, which also includes client-side software that includes identity and access management and so on,” says Vestberg. “The previous contract with Nokia didn’t really expose the other products to those operators or to their customers.”

Moving into management

At the same time, Vestberg says what began as a reselling concept has transitioned into a managed service concept.

“Nokia have their own Managed Service division, and as part of that they have their managed firewall service that they provide as part of their portfolio,” says Vestberg. “The new contract enables them to, first of all, make use of more products from our portfolio, but also gives them the opportunity to run firewalls as a managed service.”

Vestberg believes that managed services is experiencing an upward growth trend, largely driven by the growing complexity of the cybersecurity landscape.

“Looking back a few years, the world was a bit simpler when it came to security. You needed perimeter security, you bought a firewall, you needed an antivirus protection, and for the most part you were done,” he says. “That’s not the case anymore. Everything from hybrid working to having parts of your applications residing in a public cloud, private cloud or on-prem - the traditional way of securing networks isn’t doing it anymore.”

With the average small to medium-sized business having “a dramatic lack of competencies in cybersecurity”, Vestberg says “the natural step is to source from someone who might be overseeing your overall IT environment”.

Describing the rollout of 5G as “slower than expected” and acknowledging that most of the 5G networks to date have largely been 5G radio services bolted on to 4G core networks, the biggest challenges for those that have launched 5G standalone networks is virtualisation and software-defined components.

“With software-defined and virtualised concepts the traditional perimeter limits get blurred and you cannot have the big iron type of protection for a 5G network,” says Vestberg. “With software-defined and virtualised security you can’t only have one instance of security, you need it to be attached to whatever product or service is for a specific use case. It’s much more complex.”

But while a holistic approach is best when it comes to security, Vestberg reminds us that “you can’t be an expert in all areas”, and you can end up with a “best of breed” scenario where you have a managed security provider that selects various security solutions from the best vendors for your specific use cases. While this is very much in demand, it requires interoperability that we are still a ways off from getting.

A new space

Satellite security is its own use case, and an area that Vestberg admits is new to Clavister. Many security applications for this type of infrastructure happens at ground level, and data centre security forms part of the service. But as a vertical, defence is an area where the company has been making progress.

A few months ago, Clavister was awarded a proof-of-concept contract from the Swedish Defence Materiel Administration for work in using satellite communications in defence.

“What they realised is that there’s an increasingly direct vector or attack vector on satellites, and they would like our help to look at how our technology can be used to detect anomalies in satellite communication,” says Vestberg.

Vestberg says the 12 months or so at Clavister will be focused on finding the company’s “sweet spot” and leveraging its advantageous location to its benefit.

“What we’ve learned over the last year because of the geopolitical situation, a big of portion of operators have stated that they need cybersecurity to be originated from within the EU and driven by compliance needs,” he says. “This is going to be our sweet spot moving forward.”