Increased security challenges faced by all enterprises, including generational shifts hastened by the ongoing global pandemic, are fueling the need for more consulting and managed security services, according to the head of AT&T Cybersecurity’s consulting business. 

“A lot of organizations had seemingly good processes and controls in place pre-pandemic, but the disruption has just flipped a lot of organizations on their head,” said Todd Waskelis, assistant VP at AT&T Cybersecurity, a standalone security unit formed by AT&T two years ago. 

“They knew what they needed to do in that sort of moat castle mentality,” but when COVID-19 forced companies to completely distribute their environments, move more applications and data to the cloud, and support users “all over the place, their traditional processes and controls just sort of fell apart,” he explained in a phone interview with SDxCentral. 

The entire threat landscape has changed, Waskelis said. Businesses, as a result, are stepping back and embracing a risk-based approach to security and zero trust frameworks, he said. Many enterprises were considering the notion of zero trust in early 2020, but the pandemic forced a more rapid shift to that model, and secure access service edge (SASE) is going to drive most of that, he added. 

AT&T Cybersecurity offers a consulting practice and manages security services on a cloud-based platform with about 40 third-party vendor services. It also formed a unified security management practice following the 2018 acquisition of Alien Vault. 

The managed services arm recently added SentinelOne’s managed endpoint security offering to the fold to help businesses get a better handle on dispersed workers, data, and new threats. SentinelOne’s offering provides agility across the device continuum, but also gives enterprises the ability to collect data from distributed endpoints and pull it back into AT&T’s threat detection and response platform where it can be correlated with all of the enterprise’s data, Waskelis explained. 

“Now you’re looking at the endpoint, you’re looking at their cloud environment, you’re looking at corporate assets, whatever it might be, and being able to pull that all into one picture and then make intelligent decisions on the threats that are identified,” he said.

AT&T Cybersecurity is constantly evaluating new technologies or third-party services because “our goal isn’t necessarily to be a specific technology vendor to a client, but to be a solution provider across the continuum,” Waskelis said. 

AT&T’s cybersecurity consulting practice is also seeing an uptick from small to midsized businesses (SMBs), as well as state and local government agencies, he said. These organizations are exploring a “greenfield opportunity” to redesign their technology stack, business processes, and leverage cloud computing more broadly to deploy and secure a more distributed environment, he added. 

“The shortage of cybersecurity professionals coupled with the dynamics of technology today, it’s making it difficult for organizations of all sizes to be an expert in what they’re trying to do to implement technology or solve security challenges,” Waskelis said. 

“Many organizations have had tremendous budget cuts because of the pandemic. They just don’t have the resources in house and so they’re leaning on organizations like ours to come in and help them with that,” he said.

The consulting business is also seeing a shift from one-time projects with these organizations to ongoing service-based engagements, according to Waskelis. The managed security services platform and consulting practice are both core businesses for AT&T and growing, he added. 

“Organizations now are moving closer with the business in cyber than they had in the past. I think those that did pre-pandemic reacted fairly well, but now they’re realizing that they have to work together because the entire landscape’s changed,” Waskelis said.