Challenge
The Telecommunications (Security) Act 2021 (TSA) aims to improve the resilience and security of telecoms infrastructure to ensure it maintains availability during emergencies such as natural disasters and cybersecurity events. The TSA includes the ability of the UK Government, in liaison with the National Cyber Security Centre (NCSC), to make regulations and recommendations that improve cybersecurity and resilience within telecommunications providers.
The recommendations are currently in final draft format and the telecoms industry has worked with the National Cyber Security Centre (NCSC)to identify best practices and the implications on their security strategies to fulfil the requirements of the TSA. Many of the recommendations being considered for TSA compliance include management of privileged access to services and devices that are components of critical national infrastructure. TalkTalk started the process of finding a suitable provider of privileged access management (PAM) solutions to improve security in this area.
Once they started managing access to IT systems, they saw that user account management would be a critical capability. They had to ensure that the right people were members of the right groups, that access permissions were correctly linked to these groups for new starters and also updated when staff moved between teams or left the company. As a manual task, access management is time-consuming and open to potential errors.
User workstations are the largest potential entry point for attackers as there are so many laptops and desktop systems to manage. TalkTalk undertook a desktop modernisation programme part of which was to confirm that users didn’t have local admin rights. Some teams, especially software developers, have legitimate reasons for temporarily elevated rights, so TalkTalk needed a solution that didn’t interfere with their work but still provided control over how these powerful rights were used.