Think in data, act on data privacy

Communications service providers (CSPs) are some of the biggest collectors of data in the world, which also makes them a target for cybercriminals - a successful cyberattack can disrupt mobile and internet services, as well as granting unauthorized access to sensitive information.

Data privacy is the utmost priority for CSPs, who work every day towards creating and maintaining a relationship of “digital trust” with everyone they deal with.

 However, the CSP alone cannot guarantee data privacy for their customers; data is shared throughout the network support chain, which makes it important for CSPs to choose the right partners – partners that share values and that have built up the same kind of “digital trust” as them.

Protecting data privacy in 5G networks

The advent of 5G networks and the ability to provide more advanced services to subscribers has exponentially increased the amount of data that is generated. Many end users and CSPs are asking how best to protect that data, which in some cases is personal and sensitive.

Reference: Ericsson Mobility Report Q2 2022

Many regulatory bodies have already identified 5G networks as critical infrastructure which need to be protected against different threats, and as a result, data privacy requirements have been, or are being, imposed on CSPs.

Leading legislations for data privacy and protection

These requirements are different depending on the territory – the European Union’s General Data Protection Regulation (GDPR) is one example and is an important component of EU privacy and human rights law.

Differing regulatory environments can pose different challenges for operators who operate in more than one jurisdiction, and simply ignoring data privacy requirements is not an option.

Threat landscape

The Global Cybersecurity Outlook published in January 2022 by the World Economic Forum gave some insight into the threats currently being faced, with 30 percent of respondents saying that they had been affected in a third-party cyber incident in the two years.

80 percent of cyber leaders stressed that ransomware attacks are a dangerous and evolving threat to public safety. Such attacks often target personal data, and 50 percent of respondents said that that ransomware is one of their greatest concerns.

It doesn’t stop there - 24 percent said they were worried about the possibility of identity theft due to security breaches, and a further 10 percent feared the loss of personal assets.

According to the latest Ericsson Mobility Report 2022, mobile data traffic has increased tremendously. With new applications and devices increasing in number, more data is being used and stored than ever, which in turn increases privacy concerns.

According to the research from CrowdStrike, a US cyber security company, the telecommunications industry is one of the industries most frequently impacted by targeted intrusions, with the number of attacks rising fourfold in the last year.

As Ericsson, we are observing that our service delivery centers have been receiving and supporting security related requests increasingly. The number of security requests has grown 3 times higher since 2018 until today.

Growth in the mobile traffic data and increasing security attacks create demand for security service requests

Digital trust E2E in the network chain

The role of a network support provider is to support the network operation organization of CSPs with solutions to network problems, and to proactively provide services to avoid any critical network incident. This is to make sure that CSPs can provide excellent service to subscribers, enterprises, and governmental organizations.

When providing network support service, network data needs to be used to provide a high-quality service. The service needs also to be cost-effective while protecting and securing the data that is used to deliver the service.

These three dimensions - network quality, cost, and data privacy - need to be balanced in an optimal way, and this in turn requires any network support service to be designed with them in mind.

The network support service design needs to cover all aspects of people, tools, and processes. The service should also be flexible enough to adjust to different country-specific privacy regulations, the different needs around network quality per CSP, and different cost requirements.

Think data privacy in all areas

When Ericsson designed its new Support Service Portfolio for 5G networks, data privacy was one of the major requirements. These requirements have an impact on service scope, the delivery of the service and the impact on cost. There is also a need for flexibility to adjust to customer- and country-specific data privacy requirements.

1. In the people dimension, everyone involved in network support services within Ericsson has a broad knowledge of security and data privacy. They know how to treat data professionally and securely, what data is needed to deliver the service and when it is needed. This organization is also supported by security and data privacy experts. In the people dimension, certain flexibility is available, such as security certification of support engineers and delivery locations as examples.
2. In the processes dimension, all support services processes need to follow the ISO 27000 security standard, which is certified on a yearly basis. The ISO 27000 certification process is a stringent one, detailing requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) with the aim of helping organizations make the information assets they hold more secure.
3. In the tools dimension, a new communication platform has been introduced to increase the data privacy capabilities. One example of this is data control access, to make sure only those that need access to a specific customer case have that access, for the purpose of delivering the service to the customer. The flexibility of data storage, controlling whether or not that data is transferred between countries, and a controlled way of deleting data when it is not needed, is also provided.
   Ericsson has also introduced a tool to pseudonymize data, when transfer of real network data or personal data is not allowed.
   Additionally, Ericsson has enhanced its remote support tool to control and protect network data with superior encryption technologies, monitoring what actions have been taken and who has used the remote support services solution.

Data driven network level support with security focused tools, experts and process

The network support provider has a key contribution to make in protecting and controlling data, since data transfer and data processing is needed to provide network support in an efficient way.

In an ever-changing threat landscape, building a digital trust throughout the data chain will be critical. And that it not just about meeting the legal requirements on data privacy but to help shape data privacy actively. To do so, the CSP needs to choose carefully when selecting their network partners to ensure to always protect your data and your rights as an individual.

Learn more on our Network Support Services page