UK’s NCSC Advises PAM for Telecom Networks

UK’s NCSC Advises PAM for Telecom Networks

Feb 22, 2021 / Kron

Cybersecurity is one of the primary focus of governments around the world. Since expanding attack surfaces create more vulnerabilities for cyber threats, data privacy and security have become more and more vital. Because of this, industries like telecommunications especially should avoid any cybersecurity gaps within their systems that could disrupt their entire service. For this reason, these industries are regulated under security regulations to assure seamless and secure service. The United Kingdom (UK) has been addressing these concerns with their Telecom Security Requirements (TSRs) and updating them constantly. Let’s get a close look at the UK TSRs.

About the UK Telecom Security Requirements (TSRs)

It's been more than a year and a half since the UK government published its Telecom Supply Chain Review, which includes improvements in cybersecurity risk management and outlines plans to more intensely regulate the UK telecom industry.

The review addresses concerns about the security posture of telecom networks and recommends setting up an up-to-date, resilient security framework for the UK telecom sector. The framework is based on a set of new Telecom Security Requirements (TSRs) controlled by Ofcom and the government.

Initially, TSRs have been published as a formal guide setting the National Cybersecurity Centre's (NCSC) expectations regarding telecommunication networks’ security. It was first published at the beginning of 2020 and was revised in July 2020. Telecom operators have been invited to “voluntarily” adopt and implement this framework to become compliant with these requirements.

Nevertheless, the government is expected to introduce strong enforcement backing this extremely important Telecom security regime, overseen by the government itself and Ofcom. Based on the latest news, the UK government expects telecom operators to give due weight to this recommendation in all their interactions with NCSC and plans to implement this regime as legislation at the earliest opportunity.

Why is Privileged Access Security crucial for UK Telecom Networks?

TSRs aim to introduce security controls and principles that will help to shrink the security surface and mitigate the risk around its five main areas. One of the primary intents of the TSRs is the segregation of critical management operations and implementing security measures to control direct access to networks related to the management plane. The TSRs propose the Privileged Access Workstation model to secure access to critical network equipment and ensure the required level of trust for management is implemented.

This model refers to segregating users’ access through a privileged access workstation, which has the same level of trust as the managed equipment to implement management activities, to minimize factors that may pose significant risks. This model also allows for more advanced access controls to be implemented, such as segregation of duties, ensuring the required level of trust, and applying least privileged access policies, so that it can be possible to secure access for administrative access, minimizing inconvenience.

Why is Single Connect the best solution for Telecom’s Privileged Access Management concerns?

Kron Technologies is a Gartner recognized information security company providing the most Telecom oriented Privileged Access Management (PAM) solutions on the market, Single Connect. Our customer satisfaction success rate comes from our strong Telecom background and the understanding of the needs of Telecom Operators.

To help Telecom organizations address these challenges, mitigate the security risk, and reduce the operational complexity of privileged access, Kron offers the fastest to deploy and most comprehensive access security platform on the market.

Telecom’s access security problems differ from other industries. Orchestrating dozens of different authentication systems (TACACS, RADIUS, LDAP, AD and more) on a multi-vendor heterogeneous device ecosystem where multi-divisional organizational involvement in operations and decisions are inevitable, creates massive complexity. One of the main reasons is that the regulations required the service provider to indisputably log every change made to their infrastructure to prevent malicious configurations.

Unlike agent-based traditional PAM solutions, Single Connect combines PAM features with built-in multi-factor authentication, AAA server functions (TACACS/RADIUS), and database firewall capabilities in an agentless, vendor agnostic, and proxy-based privileged access security platform.

Apart from that, as the pioneer of a seamless proxy-based privileged access security approach, our PAM platform, Single Connect, enables secure access segregation to reach critical infrastructure, strengthened with the required level of trust principals. Besides, the browse down technology utilized for terminal protocols such as RDP and VNC, provides a significant risk reduction in privileged access to servers and business applications within the organization. If you would like to get further information about our Telecom business use cases, you can find it here.

As the UK Telecom companies continue to embrace the new TSRs, Kron’s PAM solution and its team are ready to support the need for end-to-end privileged access security. We also strongly advise you to check the following recommendations from NCSC.

https://www.ncsc.gov.uk/blog-post/protecting-system-administration-with-pam

https://www.ncsc.gov.uk/blog-post/protect-your-management-interfaces

Highlights

Other Blogs