T-Mobile Security Solutions

Case study

Application security framework helped global telecom company accelerate its shift security left strategy

Global telecom company successfully implemented scalable and cost-effective platform to orchestrate effective onboarding of applications, Security scanning and shared results in analytical platform to help end users to take informed decisions. This platform covers security control validation in 90% of eligible applications in the enterprise and this is helping enterprise to improve their security posture significantly.

Style

Post-info

OUR CLIENT

Founded 30 years ago, this telecommunications company has become a leading provider of wireless services in North America. Offering flexible, competitive services, the company has almost 115 million customers and generates approximately $80 billion in revenue annually.

THE CHALLENGE

Need for a security orchestration platform.

The enterprise is using different control validation tools to support several types of conformances checks and it is especially important to automate onboarding of thousands of code repositories to these tools. This is only possible through integrating scans in the CI/CD pipeline. The custom platform will take care of all the steps in pre onboarding phase and will also help in extracting results from various tools and make it available to end users with access controls in place.

THE TRANSFORMATION

Implemented comprehensive, security orchestration platform.

With guidance from DevOps, software engineering, and security experts at UST, the client augmented its application development ecosystem with a robust, cloud-native, cost-effective orchestration platform comprised of:

Portal - this user-friendly portal acts as a single place for application teams to leverage various features provided in the platform like, manual onboarding of applications to various scan programs, detailed information of issues found during scanning, documentations etc.
Analytical Platform - Leadership team can use this platform to assess the security posture of their applications and take informed decisions based on real data.
Report generation tools - Security validation reports generated by Security Engineers using these in-built tools to help application team to remediate significant vulnerabilities exposed during manual DAST testing.
Long-term data generation and extracts - All scan results saved in long-term storage devices and various extracts generated to support organizational compliance programs.
A common API repository - Data available in the platform is available for external consumption implemented by providing APIs.

THE IMPACT

This platform saved lot of costs during onboarding process when new scanning tools are available as well as its analytical platform is helping leadership team to take informed decision based on real time data.

RESOURCES

https://www.ust.com/en/industries/tmt-telecom