Communications service providers (CSPs) have, over many years, become besotted by different forms of assurance. I’m not talking about insurance here; it’s more about making sure things work properly they way they were designed to and the way customers expect them to work.
Depending on the priorities, the emphasis could be on service assurance (making sure services work right) or revenue assurance (making sure all the revenues are accounted for) and business assurance (making sure the whole business is operating at optimum levels).
The experience they have gained is now being adopted by other industries like banking, retail, insurance and even healthcare. Regardless of whether businesses have enjoyed massive or modest profits, the pressures of economic ups and downs, stakeholder pressure, compliance and regulation have forced a major rethink for C-levels worldwide.
To add to the mix, no business today is immune from malevolent activity, either external or internal. There is also much discussion about the increased risk of doing business over the internet, and the processing and storage of data in the cloud, but accurate information on the level of those risks is not easy to find.
What is certain is that business operating principles from fifty, even ten years ago are being tested but not for the reasons you might think. Originally all business processes were done manually and recorded on paper or via crude mechanical accounting systems.
Issues were discovered, eventually, from external audits, network outages or unusual variations in service levels or revenues. Faulty processes could go a year before being picked up by auditors and fraudsters could work with impunity knowing that they had time in their favor and law enforcement was not tuned-in to the way they operated.
Today, with the advancement in communications and computing power, anomalies are being discovered more quickly, but the volume of data being processed and the sheer number of systems in operation ‘virtually’ anywhere in the world is still proving to be a challenge.
CSPs used to pride themselves on being devotees of the ‘five-nines principle’, making sure everything was at least working 99.999% of the time and with accuracy of 99.999%. That theory was shot to pieces when early revenue assurance and fraud management systems uncovered an average of 10% leakage in most operators. Strangely, you never hear 99.999% mentioned these days.
But the constant introduction of new services and new systems to support them, plus new network technologies that can never really be tested fully before commissioning, means that assurance systems are having to be kept constantly updated.
These systems incorporate service level, revenue and business assurance principles but are, essentially, near real-time or post-event monitors. Although fraudsters are still very active, their ‘efforts’ can be quickly detected and their activities curtailed before too much damage is done.
The bigger threat today comes from ‘hackers’ targeting information and data systems. They rarely target financial or operational systems because they know they will be caught out.
Personal and corporate data has a high value and in the wrong hands can be used to discreetly access bank and credit accounts of individuals, groups, and right up to trade secrets of the big corporates.
Hacking is being carried out not just to steal data and disrupt businesses but even as a terrorist tool to achieve anything from disabling communications to crippling defenses of the state. Some hackers just do it for fun or to prove how clever they are.
It is the random nature of hacking that makes it so difficult to monitor, and even more difficult to prevent using security systems and firewalls. This is especially so with data being stored ‘virtually’ anywhere these days.
Surprisingly enough, it’s those assurance systems mentioned earlier that are often best positioned to pick up a breach – whether at network or systems level - and any risk assessment for any type of business today should include them. If prevention proves to be impossible then containment must surely be the next best option.
It’s all about damage limitation these days, reactive rather than proactive prevention. It’s hard to prevent something you have never seen before but recognizing something is amiss and stopping it ASAP is, by far, the best we can do these days.