From Zero to Hero: How MEF is Building an Industry-leading Service Provider Cybersecurity Framework
QLC Chain’s Strategy and Technology Advisor, Andreas Freund, outlines MEF’s cybersecurity framework.
In a predominantly digital world, the ICT industry is not only faced with exponential new business opportunities crossing and blurring traditional lines between industries but also facing exponential digital threats both from the outside as well as within its own security perimeters — as the recent Solar Winds and Kaseya security breaches, impacting thousands of companies and dozens of governments, amply demonstrated. Cybercriminals, often operating under the direction of state actors, have demonstrated their rapid adaptability to deployed countermeasures. This requires that companies do both advanced threat detection and protection, and regular cybersecurity “blocking and tackling” within and across enterprise trust boundaries.
MEF is well established as an industry leader in developing commercial automation APIs and services standards for inter-provider service delivery, helping providers reduce operating costs and allowing them to focus on the revenue side of their business. In addition, MEF has published and continues to develop new standardization work in cybersecurity for digital services provided by digital service providers. The goal of MEF cybersecurity-related standards is to enable service providers to reduce their own attack surfaces and those of their customers and partners in a scalable way to protect against constantly evolving cybersecurity threats.
The customers and partners of MEF members are facing specific challenges beyond the exponential evolution of cyberattacks. There is a lack of general security awareness and understanding within a significant number of enterprises combined with:
- the lack of a holistic industry approach to securing digital services, and
- a huge volume of information that must be processed and mapped to digital service implementations, and
- substantial vendor hype together with a lack of consistency in vendor offerings and use of common terminology.
With these challenges in mind, MEF’s cybersecurity work is part of an overall strategy to ensure that MEF-defined services, products, and associated business automation can be secured in a standardized way with the latest technologies and implementation approaches available in the market.
MEF is focusing its cybersecurity efforts on three main areas:
- More secure application flows in SD-WAN services (MEF W88) and sessions in SASE services (MEF W117).
- Stronger authentication and authorization with the industry’s first standardized approach to Zero Trust (MEF W118) and by applying the latest approaches and standards (e.g., OAuth 2.0, OIDC, W3C DIDS, IdPs/X.509) for mutual authentication and access authorization for API interactions between Buyers and Sellers (MEF W128).
- More secure, federated trust domains by enabling pseudonymous maps of the complete supply chain through Distributed Ledger Technology (DLT)-based Smart Bilaterals and Smart Omni-Laterals (MEF W114). Also, enabling verifiable credentials in a federated trust domain for participants in a digital supply chain through multi-ecosystem digital identities.
Participation by cybersecurity experts from our MEF membership increases the robustness of the resulting standards and allows our members to:
- Influence the pace and direction of cybersecurity standards for digital service providers
- Track the latest cybersecurity work within MEF to ensure a member company’s product strategy aligns with industry consensus on cybersecurity in digital services
- Position the company as a thought leader in digital services cybersecurity
- Build new standards-based security products that create large revenue opportunities for member companies within the ICT industry and adjacent industries such as mobility.
MEF provides a critically important environment for service providers and related technology companies to understand and influence cybersecurity approaches for the digital services marketplaces. To take full advantage of these offerings, MEF member companies should have at least one cybersecurity expert participating in MEF cybersecurity work.
MEF members can learn about the latest industry-leading cybersecurity work taking shape by visiting the MEF Wiki. We encourage you to explore our blogs and other resources to stay current on cybersecurity development.
Strategy and Technology Advisor | QLC Chain
Andreas is the Co-founder of the ConsenSys Kapture Fan Engagement platform, the Tata Consultancy Services 2017 Distinguished Engineer for his contributions to Blockchain technology, a seasoned business and technology leader and Six Sigma Black Belt. As a Strategy and Technology Advisor for QLC Chain, he now specializes in creating exponential organizations and innovations through rapid digital Blockchain strategy and product development and implementation spanning Fortune 500 to Private Equity companies.