With Telecom APIs on the Rise, Access Security becomes an Imperative

The global telecom API market will grow at a CAGR of 24% from 2015 to 2022 and it is expected to reach US$325 Billion by 2022, according to a recent report by Market Research Engine.

Privileged Access Management solutions can help avoid security breaches that may keep the telecom industry  from optimizing this rapidly growing, high-value business.

The Telecom API market includes  the API services provided by telecom carriers, service providers and aggregators to their application designer customers generally building mobile applications. Telecom APIs, consumable via Communications-Platform-as-a-Service (CPaaS) offerings, make it easy for application designers to coordinate different data sources that add value to their applications. Administrators, for example, can subscribe to services to enable everything from location-based services through GPS information, to payment integration, voice, messaging and video capabilities, SMS and WebRTC-based features and more.

API-based services pull valuable data from the CSPs into applications making them more intuitive, useful, and friendly.

Applications like Waze consume billions of bytes of real time data every day, delivering directions and much more to drivers, bicyclists, and pedestrians, and leverage an advertising model to monetize.

Telecom APIs provide endless creative possibilities for product designers. With the explosion of the Internet of Things (IoT), this is only going to grow and provide a massive revenue stream to operators and services providers wishing to monetize the transformation of their networks, including into 5G.

So what are the potential pitfalls?

Security is going to be paramount, and the time to think about its implications are now. While some developers will claim security is built into APIs – that is not always true.

A major concern associated with opening telco APIs for calls and messaging to developers is malicious and fraudulent usage; telecoms started to invite developers to build new revenue streams from value added services, but their core networks and security systems were not built for such usage. Telecom equipment is inherently insecure only because it has been traditionally hosted behind vaulted doors.

Adding to that, culture within CSPs and large enterprises is conservative by nature, and understandably so. Even for the internal IT organization of a telco operator it has traditionally been difficult to access the core network. Now, with software-defined networking and the promise of such new revenue opportunities, network architects and CISOs, together with their product teams, are designing means to build new offers but they must do so without compromising their main infrastructure assets, resulting in catastrophic business losses in case of breach.

Many of the same security technologies still apply in this case, but utilized in more elegant and modern ways.

Today, the basics of securing APIs must include:

  • Authentication, Authorization and Accounting/Auditing of apps accessing telco APIs
  • Encryption of IP network protocols via HTTPS, SIP TLS, DTLS/SRTP
  • Network Firewalls
  • Intrusion Detection Systems

What is needed, and what Krontech offers today, is a comprehensive Privileged Access Management solution with extensive modules designed from the ground up to support multi-cloud, multi-application, multi-network Telecom API solutions.

Most modern Telecom API products offer adequate security support, including those around new standards such as WebRTC, which is continuing to grow at a steep pace. This is shifting more of the communication traffic from insecure telco infrastructure to the public Internet with private networking software overlays, and new methodologies associated with session management. But that is a transition/transformation that will take years.

Let’s be real: Telco operators have a high growth area of opportunity with opening their APIs but inherently still are in a very mixed environment of diverse communication networks and clouds, making this an ideal playground for malicious developers who can wreak havoc across massive networks, initiate attacks into apps which can pivot to whole systems and databases, and more.

The roles and responsibilities of administrators are also ever evolving with supporting of complex integrations and ecosystems, the likes of which not seen in recent history. The whole opportunity  quite exciting, and it is in fact going to drive billions of dollars in revenue and profits, as forecasted by many industry analysts.

Whether protecting from unintentional or intentional internal threats, or locking critical infrastructure down from external attacks – to fully benefit from the Telco API economy, as a service provider or an apps developer – ensuring a solid PAM strategy and platform are in place will make the management of innovation and the long-term growth of new services not just a probability, but a reality.

Krontech is ready to support Telcos today in their API journey with its E2E comprehensive PAM SW suite.