Telecoms are critical infrastructure—now their security must match

Oliver Neuberger, Managing Director—Accenture Security, describes how telcos are critical infrastructure, with their security now equally essential. 

During the COVID-19 pandemic, societal dependence on our critical national infrastructure has been laid bare. Many industries have stepped up and served customers with resilience—utilities, food supply, healthcare and transport to name but a few. 

But to my mind, telcos are one of the unsung heroes—quietly holding so much of our lives together, while their network traffic skyrocketed and their contact centres went virtual in days. At the start of the pandemic, few were questioning their ability to cope, and although there were a few wobbles, in general they delivered. 

Telcos’ efforts have paid dividends, with 45% of small and medium businesses (SMBs) trusting their landline provider even more since the pandemic began. This is no mean feat, especially with such a huge increase in load. So how do telcos capitalise on this opportunity, while remaining resilient and secure?  

The trends that will shape telcos’ futures 

• New behaviours: As a result of the pandemic, everything companies knew about customers has fallen away overnight, with telcos no different. For example, Accenture’s 2021 Fjord Trends unpick customers’ ‘interaction wanderlust’—their thirst for new experiences and new channels. Consider that 60% of customers would feel little or no loss if the telco dropped off their high street. 
• New horizons: My telco clients know that their future depends on delivering new products and services off the back of 5G, connecting customers to new value-added solutions, and being agile and efficient. This is complicated by the fact their competitors are increasingly well funded digital natives who can engineer software much faster. 
• Cloud: Cloud will be a key lever. In the short term, it can provide the resilience for surviving disruptions (for example, for surges in remote working). In the longer term, cloud can enable product and services modernisation, new user experiences, and lean and efficient operations. 
• New ecosystems: Connectedness will be the order of the day, with telcos increasingly partnering with other companies for new value propositions, or developing new supply chains to give customers what they want. Think smart home devices, or homeworking help, or 5G services.  

The delta for security 

Telcos are an increasingly attractive target, with new security risks, in terms of the sophistication of potential attacks and the increasing capabilities of those responsible. All of which keeps my clients’ CISOs up at night. Here are some reflections on how to get ahead. 

• Make security more federated. The centralised “command and control” security function works well with gated waterfall delivery models, but can’t cope with the pace of delivery required to give customers the experiences they expect quickly enough. A more “hub and spoke” model enables a central security function to retain overall control, but delegate certain aspects of security to development teams—within carefully defined and managed guardrails. 
• Work with partners. Working effectively and securely with partners will become table stakes, while exploiting the rich data that telcos hold. This means developing capabilities in techniques such as tokenisation, masking and redaction at scale must become part of business as usual, to enable this data to be utilised while managing risk. 
• Develop talent in traditional security architecture areas, but with a specialist focus on hybrid cloud. Maintaining a secure cloud environment for a digital first company, within a single cloud provider, using the off the shelf security tools they offer, is relatively straightforward compared with the multitude of clouds and on-prem that we typically see in large, long-established clients. This requires experienced security architects. 
• Stay focused on good security basics. Often, I speak to clients who are making investments in advanced security tools, in the absence of the basics of security hygiene. The pace at which cloud development enables you to work often means network resources are incorrectly segmented (usually in the interests of speed—it’s easier to put everything in the same virtual private cloud (VPC) and avoid firewall configuration), and as a result more vulnerable then they need to be. The basic disciplines of patching and vulnerability management still need the focus that they always did. Plan for refactoring—cloud environments do not age well without maintenance. 

It’s time for telcos’ security to match the critical nature of their operations and services. Contact me to find out more about how. 

This content is provided for general information purposes and is not intended to be used in place of consultation with our professional advisors. 

Copyright © 2021 Accenture. All rights reserved. Accenture and its logo are registered trademarks of Accenture. 

Oliver Neuberger is Managing Director - Accenture Security. Oliver recently joined our Cloud Monthly Webinar on the role of cloud in telco infrastructure, and you can find him on LinkedIn here. You can also follow Accenture UK on Twitter and LinkedIn. 

To read more from #DiversifyingTelecoms Campaign Week check out our landing page here.