Delivering security solutions to customers has progressively become more complex and inefficient for service providers. Because these solutions may comprise a range of point products from different vendors, they force the service provider – and customer – to manage multiple relationships and technologies.
Combining the scalability and flexibility of Software as a Service with the economies of scale of a multi-tenant environment can resolve these problems. A multi-tenant, SaaS security platform can strip out complexity and give service providers the ability to offer white-labelled solutions comprising world-class security technologies to customers.
At FirstWave, we provide a multi-tenant, SaaS platform that service providers can use to provide solutions that protect enterprises from cyberattacks across email, web and firewall vectors. Our Cloud Content Security Platform orchestrates and provisions cloud-based SaaS based on virtualised email and web security, as well as firewall products from leading vendors. These include Cisco, Palo Alto Networks and Fortinet; we aim to add more in future.
The platform – available on Amazon Web Services - can be accessed by service providers with no upfront costs and integration. It incorporates APIs and information feeds that service providers can take into their order management, customer management, ticketing and subscription billing systems. All FirstWave infrastructure, management and security processes are certified to ISO 27001 Information Security Management System Standard and ISO 9001 Quality Management System Standard.
The platform enables users to offer solutions to customers ranging from government agencies, financial institutions and multinationals down to two- or three-person startups from a single instance.
Service providers can provision and activate solutions for customers within minutes and offer them packages of security policies. They can also manage all customers from a single pane of glass, and the customers themselves can have a single pane of glass view of their services and security policies. Our platform is carrier-grade and offers five nines service performance and strong hierarchical and role-based access controls.
Our platform is also compliant with the requirements of the General Data Protection Regulation, which protects the data and privacy of individuals in Europe.
With a world-class, multi-tenant, SaaS platform, service providers are now well positioned to help customers meet current and forthcoming security challenges.
WhatsApp is one of the world’s most popular messaging apps, with about 1.5 billion monthly users. The app is marketed as secure with end-to-end encryption that prevents messages, photos, videos, voice messages, calls and documents from falling into the wrong hands. WhatsApp says neither it nor third parties can access these messages.
However, a recent security breach that affected WhatsApp on iOS or Android phones is a clear reminder that no service is 100% risk-free.
The breach may have allowed a malicious actor to install unauthorised software and gain access to personal data on devices running WhatsApp. The attack – attributed in media reports to a private company working with governments on surveillance – is believed to have targeted a group of human rights campaigners. WhatsApp quickly released an updated version of its app to address the vulnerability.
For businesses, the lesson is clear – security plans, platforms and processes need to account for and minimise the risks of using these types of services. We recommend organisations carefully consider the use of proprietary messaging apps to distribute sensitive corporate or customer information, and implement robust policies governing the use of these services for business-related activities.
These policies need to be backed by education programs that should extend beyond an organisation’s own workforce to partners, suppliers, and other stakeholders.
The incident is also a powerful reminder to IT security specialists of the importance of installing updates as quickly as possible to address vulnerabilities that may leave a corporate network open to attack.
The media reports of the WhatsApp attack present an uncomfortable reminder to businesses that cyber-attacks may be carried out by well-resourced, technically skilled organisations and experts acting on behalf of nation-states, as well as criminal groups and rogue individuals. For businesses involved in critical infrastructure or systems of national importance, this means implementing security platforms, architectures, and processes – and working with relevant government agencies – to reduce the risk and impact of a breach.