The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort.
It's the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be difficult to measure, telecoms are often at the receiving end of government fines for their cybersecurity and privacy failures.
There are few industries in the world that collect as much sensitive data as telecom companies. In recent years, telecom companies have accelerated their digital transformation, shedding legacy systems and reducing costs. These changes, coupled with the need for stronger collaboration with third-party vendors, have led them to SaaS applications to handle their CRM.
Today, telecoms are using SaaS apps for billing, HR, call management, field operations management, tracking call center effectiveness, and hundreds of other applications. While these apps facilitate communication and help improve processes, the sheer size of these companies requires extra security precautions to be taken, particularly in the areas of collaboration and identity management.
The Purpose & Pitfalls of Telecom SaaS App Use
Demographics, behaviors, purchase history, family data, mobile preferences, and browsing history are just a few of the data points that are collected in a global Telecom.
This data is analyzed, packaged, and shared with mobile advertisers. The advertisers are given access to the telecom's SaaS apps, where they can mine for data and develop powerful marketing and advertising campaigns.
However, the partnership between telecoms and their vendors requires app settings to be configured in a way that allows external access while preventing unwanted visitors from seeing, copying, and downloading data.
When configurations drift, they can expose personal data to a far greater audience and put the telecom at risk of breaches.
Telecom partnerships extend to other telecoms. Roaming charges need to be shared between GSM providers for billing purposes, while MVNOs build their entire business model on the telecom's network. This data is captured and stored within SaaS applications, and it may be vulnerable at the point where it is shared between operators.
Controlling Access in Telecom SaaS
Telecom companies are among the largest employers in the world. With turnover rates hovering at about 18%, a telecom with 200,000 employees can expect 36,000 employees to leave the company every year, or about 140 per workday.
Much of the employee deprovisioning process is automated. HR removes the employee from the company directory, which triggers processes that shut down their email, network access, SSO access, and other identity-based access points.
Some SaaS applications are connected to the company directory, but many are not. They require additional efforts to deprovision. An admin on a SaaS application, for example, may have multiple logins to the SaaS – one through the SSO and one with a username and password to allow access in the event of an SSO outage. While the SSO access may be automatically revoked, oftentimes in SaaS applications, the secondary access remains active.
Former employees, especially those who are being removed from their job, need their access revoked immediately to prevent the likelihood of data leaks, breaches, and other cyber attacks.
Detecting Telecom SaaS Threats
A strong SaaS posture is a must-have for any company. Communication service providers, however, are a tantalizing target to threat actors and need to take their threat detection capabilities to the next level.
SaaS threat detection involves reviewing data from the entire SaaS stack to identify indications of compromise (IOC). These signs of malware, data breaches and other suspicious events within the SaaS ecosystem can direct the security team to any compromised account, and allow them to mitigate the threat.
Protecting the Telecom SaaS
SaaS Security Posture Management (SSPM) is the first line of SaaS defense. Telecom operators can use the tool to manage their sensitive configurations. Its round-the-clock monitoring of all settings will alert the security team in the event of drift, and its remediation guidelines will show app owners how to secure their data.
SSPMs are also used to monitor users. It can search user rolls from across the SaaS stack to find former employees that need to be deprovisioned, and guide users on how to best remove access. Meanwhile, SSPM's threat detection capabilities can alert the security team when they are facing an imminent threat.
With an effective SSPM in place, telecom operations can use their SaaS applications with confidence, knowing that their data is secure.