Cloud Data Protection for Telecom and Communication

Learn why some of the world’s largest Telcos count on us to secure their clouds

Overview:

Telecom and digital communications providers maintain vast amounts of sensitive customer and business information. This data pulses throughout these enterprises, driving the effectiveness of their service delivery and their customer interactions. In a highly competitive marketplace, nurturing and safeguarding customer relationships are key and the acknowledged critical foundation of building these relationships is trust and belief in the operator’s brand.

Providers operate in a highly regulated environment. They have to take the appropriate precautions to ensure privacy of customer data, including billing information and payment card details. In many instances they are also subject to data sovereignty requirements which mandate that Personally Identifiable Information (PII) associated with customer accounts cannot leave the home-country of the customer, an extremely difficult proposition for providers that operate across multiple countries/regions and for those that desire to adopt cloud computing solutions from international providers.

Blue Coat Solution:

Telcos and digital communications providers have been utilizing techniques like tokenization and encryption internally within their networks for years to limit where sensitive customer data flows. And now, with Blue Coat, the concept can be extended to work with public cloud SaaS solutions. Blue Coat’ innovations have solved a key issue with cloud encryption/tokenization - when data in the cloud is tokenized or encrypted the process breaks critical cloud application functionality. For example, how could you pull up a customer record by searching on a last name field it the data has been replaced with a token value in the cloud system?

Blue Coat’ Gateway allows customer details, including payment information, to be tokenized or encrypted before it leaves the Telco’s own data centers and goes to cloud SaaS systems, while simultaneously preserving the usability of the cloud application. Makes cloud use possible without requiring providers to place sensitive values outside their span of control.

Customer Case Study:

Telecommunications Provider Performing Outsourced Services for a Large Government Agency

Challenges

The B2B division of this global telecommunications firm won a large contract to provide services (telecommunication and computing outsourcing) to a large federal government agency. In order to stay cost competitive, cloud services where incorporated into the proposal where possible. But certain data had security mandates specifying that it could not be stored or processed in public cloud environments because of its sensitivity.

Requirements

The telecommunications provider started to assess their options. The data in question was required to be part of cases and record files that would be used by Service and Support organizations to provision and trouble-shoot services. They explored using on-premise deployments of software solutions for these portions of the service, but the financial models quickly showed the costs of on-premise applications where not consistent with the contract’s constraints.

The team started to do additional research, contacting industry analysts like Gartner and Forrester to discuss the dilemma and see if there were any solutions that would allow them to keep data out of the cloud without hampering the usability of the system? Was there a way to keep data obfuscated while it was being processed? They learned of a new category of products called Cloud Data Protection Gateways, did a thorough analysis of the leading solutions in the space, and selected to provide the solution to get the over their impasse.

Solution

Blue Coat worked with the project team to implement a service and support cloud solution design that relied on the Blue Coat Cloud Data Protection Gateway to keep all sensitive data within the Telecom provider’s secured network environment. This data is kept completely within the service provider’s data center. The Gateway, based on data protection policies defined by the provider’s data privacy and security teams (informed by the client’s compliance team), tokenizes or encrypts sensitive data before it leaves the Telco’s physical boundary. Therefore, the sensitive information is obfuscated before it is sent to the public cloud SaaS applications being used for to manage the provisioning of services and support. The Telco team was able to demonstrate that any unauthorized party that might be able to access any of the information directly in the cloud service would see nothing but substituted obfuscated (meaningless) values instead of the original data. And, just as critical, the Blue Coat Gateway ensured that the application functionality that the Telco’s customer service personnel where dependent on, such as the ability to Search on personal identifier details and network and hardware identifiers that had been obfuscated, was completely retained.

Resources

Cloud Data Protection Gateway Datasheet
Cloud Data Protection Gateway Encryption Solution Brief
Cloud Data Protection Gateway Tokenization Solution Brief