More and more businesses and consumers rely on digital communication solutions. We want it to be available at all times, uninterrupted. You could safely say a modern business can hardly operate without.
Unfortunately, these incredible communication solutions that we rely on so much, are also extremely attractive to those who intend to cause harm, mainly for monetary gains. For instance, through toll fraud. Undoubtedly a familiar term for professionals active in telecommunications, toll fraud is the unauthorized use of communication services or equipment to make long-distance calls, costing the industry around the world an estimated 10 billion dollars annually. But there are also attacks that could compromise the availability like (D)DOS attacks, or the ‘popular’ ransomware. Of course, the high confidentiality/privacy of the data also attracts the attention of those who are interested in stealing this data, either for their own use or to sell and sometimes even as a way to pressure companies or individuals.
Protecting the Confidentiality, Integrity, and Availability of both the services and their data and ensuring the privacy of our users are part of our key tasks.
We take special care in the development of our services, using modern, proven techniques to minimize security risks.
An important pillar in our cyber security, is the testing for vulnerabilities. Enreach’ core services are tested at least annually (so-called penetration test) by the external, independent, specialist party Secured by Design. Each penetration test is followed up by an extensive report and presentation to all involved Developers. This report typically contains a number of recommendations, which Enreach prioritizes depending on the impact. In some cases, a re-test will follow to assess whether the recommendations have been properly followed.
These tests are of course in addition to the testing Enreach does, such as: Quality Assurance and Peer reviews in our Development Process and Internal Audits. Enreach also has an internal team of Ethical Hackers who have been specially trained to look like an outside hacker to our own services and internal applications. Enreach' approach to information security and quality is also (independent) assessed annually in the ISO27001 audit.
It is essential that Enreach ensures the quality of our organization, products, and services is consistent. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses Quality Assurance and control of processes as well as products to achieve more consistent quality.
Several quality processes have been built into the way of working for every engineer.
One process to control the quality of their work is the maintenance process. This process requires engineers to record changes with potential impact. This record is then reviewed and challenged by members from the Change Advisory Board and in the case of high risk and/or high impact by Governance members.
Next to the prevention of issues after changes via the maintenance process, we also prevent recurring incidents with problem management practices. This is done in multiple ways. Everyday incidents tickets get analyzed by the Technical Assistance Center on potential prevention possibilities by creating Problem tickets. Also, recurring risk assessment meetings are held with platform engineers. The risks are bundled with other risk records from the organization, classified, and presented for prioritization.
Prevention is key, but to ensure optimal response and recovery times in case of an outage the Service Incident Process has been implemented. This process activates the Service Incident Coordinator role. That role has the task to coordinate and communicate on the disruption, while the normal support process takes care of the ticket handling. The recording of all outages and follow-up actions is also connected to this process. This makes sure that reports can be analyzed and risks of recurrences are minimized.