Why Security is Necessary for OSS/BSS Industry?

OSS/BSS manages some of the world’s most crucial telecommunications infrastructure. Thus, it’s very essential to protect them from cyber-attacks. There’s no denial of the fact that security is the key, but it is often underestimated.

Let’s start by What is OSS/BSS and how are they susceptible to cyber intrusion

OSS (Operations Support System) is used by the CSPs to manage their networks. It supports several functions that are needed to effectively manage a telecom network like network inventory, service provisioning and activation, fault management, and network configuration. An OSS system is generally accompanied by BSS (Business Support System) that acts as a user interface and acknowledges all the service-related requests made by the customers or operators. These requests are forwarded to the OSS so that the required action can be taken on the network.

Various types of information and data are fetched from the OSS/BSS platform; you can think of it as an inventory system. For example; if you have the correct credentials with you, then you can access the whole network inventory from the system including the customer’s data. Now, this access presents a risk of exposing intellectual assets to the outside world and it might also lead to internal fraud.   

In case there is malware running on the admin’s computer, then it also gets access to the sensitive APIs. This data can be easily transferred to the boot manager that can utilize for information exchange or cyber-attacks.

It is necessary to have an interaction between the devices and this communication is generally done within the management network that can be utilized by the administrator. The only security factor presented is by the password. Thus, the network is vulnerable to attacks.

Also, there are management networks, specifically in large-scale organizations where management activities are outsourced to different 3PP (3rd Party Procurement) entities. In this case the admin’s system entities VPN (Virtual Private Network) to the management network in order to manage end devices. And as these systems are not subjected to the user security policy rules of the organization, they offer a backdoor for hackers and bots to the sensitive data.

Then comes the security implications of modifications in the OSS infrastructure. There is a crucial need to apply security policies for diagnosing these systems and also to keep scheduled scans for any new or potential vulnerabilities. The management network is needed to be protected especially when it is shared with multiple companies. Such networks can be logically categorized by Service Activation/Resource Provisioning tools. It’s advised to collect and store access logs in a central location so that they can be easily reviewed by security personnel.

Organizations need to understand that OSS/BSS security is one of the most important concerns now, as more ‘open’ interfaces for management and reporting are present. Being open, these systems allow everyone to access the user information which is risky in case a hacker tries to reach it. The only way to overcome this challenge is to apply the necessary security controls.      

Now, we have addressed that it is essential to secure the OSS/BSS systems, but how to do it…

Security Trust Zones

Security starts with how the systems and network are segmented, as with segmentation it is easier to restrict malicious access to sensitive data. Below given are different types of security trust realms that are created to prevent cyber-attacks in OSS/BSS.

  • Active Network Realm of the Operator: It comprises the network that carries the live customer traffic and is monitored by the CSP in the form of virtual or leased entities. This segment contains switches, routers, hubs, muxes and more that are responsible for creating the network. Thus, this zone is needed to be highly secure.
  • Corporate or Enterprise Network of the Operator: It includes the network that comprises all the IT assets of the organization. This is the segment where all the employees get to interact with the core business services such as desktop tools, etc.
  • The Internet/Cloud Realm: The external infrastructure that is used by the business which doesn’t fall under their direct control comes in this category. This can incorporate internet services and various essential components of the OSS/BSS stack when offered as public cloud services.
  • The segregation between the zones is offered by the Security Control Points that act as firewalls.
  • In the best-case scenario, the security trust model will include more than three zones, but these are required to be an absolute minimum. For example, the Active network should be separate from the Corporate/Enterprise network, so that it can provide services to the users even when the connection is lost.

Identifying the security trust zones is the first step in ensuring the security of the OSS/BSS systems. The next is to determine where the management stack resides within the segments. We will discuss that in another blog.  

Anubhav Goel

Recent Posts

Common Mistakes Organizations Make with Cloud Network Deployment

Common Mistakes Organizations Make with Cloud Network Deployment The hybrid cloud market is expected to grow to USD 97.6 Billion…

1 day ago

Digital Security: Not a product, but a Process

Being secure is the most wonderful feeling in the world and one can’t deny it. Be it physical, mental, or…

2 weeks ago

B2B2X – Key for Telecom Industry to go Beyond Connectivity & 5G

Highlight: Telco are no longer going to be just offering telecommunication services but their role is being evolved as techco…

1 month ago

Contextual Engagement: An Opportunity for Telcos

Highlight: With real-time actions, DSPs can complement streaming data-driven insights Contextual Engagement: The advent of native digital players is modifying…

2 months ago

Why Subscription Based Billing is So Popular?

There used to be a time when pricing for products and services was straightforward and businesses would set a specific…

2 months ago

Keep the Telecom Business in Business with BSS and OSS

Being a telecom operator today is much different from what it was twenty or thirty years ago. With time the…

3 months ago