Home > Case studies

Case Study

Creation of a security concept for new messaging platform

Cybersecurity team working on cyber requirements and documentation

Client

 

telefonica

 

Industry
  • Telecommunications
  • O2 founded as Viag Interkom in 1995, E-Plus in 1993
  • Specialised in providing mobile and internet services for business customers and the mass market
  • 2.098 billion euros turnover in the period July to September 2024
  • Approx. 45.9 million mobile connections and 2.45 million internet connections in Q3 2024
  • 7,500 employees in 2023
  • Parent company Telefónica S.A. headquartered in Madrid, Spain

Challenges

The client’s old messaging platform, which has been in operation for about 15 years, is to be replaced by a new cloud-based product from the same provider and, also to meet regulatory requirements as a critical infrastructure provider, a security concept must be created accordingly and the operations team must be supported wherever possible:

  • Old security concept was created ad-hoc during the runtime of the old product due to regulatory requirements, but cannot really be continued, adapted or updated as it is not contemporary or not directly transferable to the new product version.
  • Despite contractual commitments, the provider is poorly or not at all positioned on cybersecurity: from awareness to technical implementation of relevant modern technical organisational measures, things like vulnerability management, certificate management, access control and others.
  • Insufficient to no cybersecurity test cases provided by the supplier as part of the contractually required ATP.
  • Suboptimal mix of Agile and classical PM, or project management requiring improvement.
  • No documentation of decisions made in, for example, meeting minutes or assets like Confluence and/or not accessible to the entire team.

Solutions

  • Setting up adapted team project management to simply make progress.
  • Detailed processing of technical cybersecurity requirements and documentation together with the Ops team and also the provider, contributing own (operational) experiences and expertise from more than 27 years of professional life in the industry.
  • Based on this, successive filling or continuation of the security concept.

Methodology

  • Open and clear communication of the state of things and expectations.
  • Setting deadlines and responsibilities.
  • Detailed work.

Technologies

  • Standard Office applications (OneNote, Excel, Word, Teams)

Timeline and scope

July 2024 to February 2025 with an average utilisation of 10%.

Results and customer experience

  • Improvement in understanding by the client and also their supplier that taking information security and cybersecurity seriously requires a lot of technical detailed work, especially with inherently complex products like a messaging platform for over 45 million customers.
  • Improvement in understanding internally at the client and their management of what really lies behind a modern security concept.
  • Relief of the Ops team on cybersecurity matters.