In telecom software editing, security and GDPR compliance have become strategic priorities. To explore these crucial issues, our CISO Fred Belemba discussed the structuring and formalizing of security processes.
CISO: a key role in the organization
As a specialist, Fred explains: “Our company already had many security processes before I joined IT-Development. However, these needed to be reorganized. My role here is to map out and formalize these processes to obtain certifications that guarantee our customers the protection of their organization’s interests when faced with increasing threats to telecom infrastructures“.
The key importance of security in telecoms
In a hyper-connected world, security – cyber and physical – is critical both for software editors and telecom companies. Our CISO says: “As ClickOnSite‘s developer, we work on a global scale, and digital trust is essential. Mobile network operators and towercos need to trust us to work optimally“.
Indeed, telecoms players handle huge volumes of sensitive data, including critical personal and business information. A breach of this data can lead to significant financial losses, legal proceedings, and a significant erosion of customer confidence. Telecom networks are also critical infrastructures for a country, supporting essential services such as emergency communications and financial services.
The growing sophistication of cyber-attacks, as well as the need to comply with strict regulations such as the GDPR, require software editors – like us – to constantly strengthen our security measures. Fred adds: “A security incident could seriously damage our reputation as well as our customers’, which is why we are implementing the right measures to prevent it”.
Strategies and security measures
To complete the protection measures already in place for our software and the solutions and service providers involved in our processes, we commissioned an audit from a specialist firm. Our CISO explains: “We were already using vulnerability scanning tools and penetration tests to identify and correct potential vulnerabilities“.
The audit enabled us to identify additional actions, for example in HR processes, document management, protection of premises, and IT assets. Centralized security management solutions have been selected and are currently being deployed. He explains: “The SIEM (Security Information and Event Management) enables us to monitor a very wide perimeter and effectively report incidents or non-compliances. However, skills and resources are required to ensure high-quality monitoring“.
The GDPR compliance: a mandatory requirement for software publishers
Not only required in Europe, GDPR compliance is also crucial for maintaining customer trust. Our CISO insists: “Operators own a lot of data from their users, and it’s imperative to anonymize it. On our side, we have a lot of confidential data from our customers. It is therefore necessary to arm ourselves with caution and secure processes“.
The main requirements of the General Data Protection Regulation (GDPR) include securing data storage, limiting access to data, and justifying the purpose of processing. He adds: “In general, challenges include accurately identifying the purposes of processed data, determining which data is recoverable, and anonymizing data to protect rights and freedoms. In the case of ClickOnSite, the purpose of the data processed does not require any particular treatment in terms of the GDPR most of the time“.
Data management and privacy
To ensure the protection of personal data within the framework of the GDPR, ITD has thus mapped the data, offering good visibility over the data processed. Our IS department mentions that “this project is ongoing and currently remains confidential“. However, user rights requests (such as access, rectification, and deletion) are managed via complex documented procedures, including identification, request analysis, and reply processes.
Vision and future of telecoms cybersecurity
The future of telecom cybersecurity will be marked by the growing complexity of attacks and new defenses. According to Fred: “The rapid integration of artificial intelligence (AI) and machine learning (ML) will enable more accurate threat analysis“. At the same time, the 5G rollout and the continued rise of the Internet of Things (IoT) will introduce new vulnerabilities, requiring rigorous security standards.
Our CISO advises operators and towercos new to integrating security and GDPR compliance: “As software editors, it will be imperative for us to anticipate emerging threats, such as AI-based attacks, and develop effective countermeasures. Telecoms players, entrust this mission to real specialists, whether in-house or external, because security is an in-depth expertise in its own right!“
The GDPR security and compliance should not be underestimated. As Fred reminds us: “The GDPR is an essential tool for the protection of personal data, offering guidelines to ensure optimal management of processed data.”
Looking ahead, ITD plans to obtain and maintain SOC 2 certification, reinforcing digital trust with its customers and partners. In an ever-changing telecommunications environment, staying at the cutting edge of security is essential to protect critical infrastructures and sensitive data.