Make it happen – Strategies for improving cybersecurity
Download the related report: Security imperatives for digital transformation, for the full insight.It’s clear that digital transformation creates new information security risk for communications service providers (CSPs). As part of the transformation process, operators should undertake an end-to-end cybersecurity risk assessment and focus on protecting the integrity of data throughout the entire business. Here are some steps to take:
Be humble but bold
CSPs should recognize that their track record in security across their organizations is mixed rather than outstanding and that new security threats pose a real risk to their digital transformation goals. The security team needs to be positioned as a supplier of critical security services to internal customers, and internal customers should be incentivized to welcome their services. In addition, operators should look at their employees as being in the front line of security policy, not just as sources of vulnerability.
Build upwards from a solid foundation
CSPs should provide ongoing investment in a strong data governance framework as the foundation of their approach to information security. As well as hardening the organization’s security stance, a strong framework is also key to ensuring the quality of the data available to realize digital transformation targets.
Drive security from DevSecOps
In the development environment, telcos should have a roadmap for incentivizing teams to embed security earlier and earlier in the development cycle by upskilling development and operations teams with security best practices. For some services, this should lead to security being on a par with functional design and performance right at the outset of the design process.
Think mitigation and automation
Whether it’s application program interfaces, artificial intelligence or vendor software, importing these technologies into a CSP’s environment carries clear risk as well as opportunity. Some of the fixes for this are mature, some maturing, some still quite immature. Leadership in security requires high levels of competence in mitigating these risks, and automation is the key to mitigating quickly.
Commit to security as a differentiator
Security is becoming an area where leading CSPs can distinguish themselves from competitors. Ambitious operators should invest in security as a differentiator, especially for 5G vertical industry use cases. Operators should target a highly automated and orchestrated security model comparable to that practiced by leaders in the airline industry.
Get involved in collaboration
Consider joining TM Forum’s Collaboration Community to develop security best practices for the Open Digital Architecture. A security working group is exploring how to assess and contain cybersecurity risk by designing security and privacy into operational and business support systems. To learn more, please contact
George Glass.