10 million sensitive customer records protected
Scalability and flexibility with private cloudbased data encryption-as-a-service
End-to-end data encryption platform with data protection at-rest and in-transit
High availability through robust infrastructure
Full data analysis and phased onboarding reduced risk

Challenge

Protect 10 million sensitive customer data sets across an integrated set of 15 applications without degrading performance or modifying systems.

Details

A data-centric approach to prevent application disruption

When an internal audit revealed that some of the customer data held in the organization’s service provisioning and fulfilment systems was at risk of cyber-attacks, Swisscom senior management mandated the protection of sensitive data. With over 10 million records in a central database accessed by 15 key applications, this could be a complex undertaking, as Dr. Klaus Brand, Product Manager, Swisscom Security Products and Services, explains: “In-system data encryption would mean a deep redesign of businesscritical applications. We were worried about degrading system performance and we did not want to drastically modify our systems and processes in defining a suitable data security strategy. After evaluating different options with our trusted security partner Prewen, we decided to focus on protecting the data, rather than the network, servers, databases, and applications associated with the data. Prewen recommended Voltage SecureData as the way forward. This datacentric approach is database and application agnostic and protects the data both at-rest and in-transit, creating an end-to-end data encryption platform. Most importantly, it employs Format-Preserving Encryption (FPE) which has no impact on data structures, schemas, and applications.”

We are pleased we involved an experienced integration partner from the start. Prewen helped set up our initial environment and trained our Center of Competence members. With their support, SecureData has given us a stable, data-centric, security solution that requires virtually no operational effort on our part.
Dr. Klaus Brand
Product Manager, Swisscom Security Products and Services, Swisscom AG

A Proof-of-Concept (POC) orchestrated by Prewen demonstrated that SecureData could address all issues. Once the decision was made, Dr. Brand’s team and Prewen collaborated in a Center of Competence, thoroughly analyzing all data structures and flows, including the integration points. This gave them a full understanding of the underlying business processes to determine who needs data from which systems. This also told them when sensitive data needed to be presented in plain-text and when it could be encrypted. SecureData’s motto is ‘encrypt at source and decrypt rarely’ which fits Swisscom’s ‘need-to-know’ principle.

Because we had such a comprehensive understanding of how our data flows, SecureData slotted right into our applications, without any changes required. It was very clear that we were working with an enterprise-ready solution.
Dr. Klaus Brand
Product Manager, Swisscom Security Products and Services, Swisscom AG

Phased onboarding to reduce impact and potential risk

This was an enterprise-wide project with full executive sponsorship. Swisscom departments normally have autonomy in their IT decisions, but with this top-down approach, including central budgeting decisions, all priorities were aligned. There was close collaboration to work towards the common goal of protecting sensitive data across the enterprise. The team decided on a data encryption-asa-service approach. This meant the solution would be scalable and could be implemented by other Swisscom teams without having to put the infrastructure in place.

Swisscom decided on a private cloud-hosted SecureData encryption platform set up in two geo-redundant data centers to ensure failover capability. “We created a SecureData development, preproduction, and production environment,” says Dr. Brand. “The end-to-end data encryption was integrated into our enterprise monitoring system and we performed thorough testing, including disaster recovery scenarios. After initial encryption of all data, we decided on a phased onboarding of all 15 systems to reduce impact and potential risk.”

The full data analysis paid dividends in the implementation phase, as Dr. Brand comments: “Because we had such a comprehensive understanding of how our data flows, SecureData slotted right into our applications, without any changes required. It was very clear that we were working with an enterprise-ready solution.”

Data encryption-as-a-service with SecureData

Now that 10 million records across 15 applications are fully encrypted and protected from cyber-attack, Dr. Brand can see the future potential: “We managed the most business-critical applications first, but there are many more applications that would benefit from our data-centric security approach. Data encryption-as-a-service, relying on the SecureData infrastructure and the Center of Competence, is our blueprint for success. Our team can support other business departments in the onboarding process, benefiting from the experience we’ve gained.”

He concludes: “We are pleased we involved an experienced integration partner from the start. Prewen helped set up our initial environment and trained our Center of Competence members. With their support, SecureData has given us a stable, data-centric, security solution that requires virtually no operational effort on our part.”

About Swisscom AG

Swisscom offers mobile telecommunications, fixed network, Internet, and digital TV solutions for business and residential customers. It is also one of the largest IT services providers in Switzerland.