Kcell Makes the Right Call on Information Security

Protecting key business systems and web services with a comprehensive suite of cloud-based security tools.

Based in Kazakhstan, Kcell JSC is a part of the largest Scandinavian telecommunications holding, TeliaCompany. Kcell provides mobile communication and data services over the GSM, UMTS/WCDMA, LTE (4G) and LTE Advanced standards.

Founded in 1998, the company operates under two brands: Kcell, which focuses principally on the B2B segment, and activ, which focuses on B2C.

Seeking a Bulletproof Security Solution

Providing mobile network coverage to 96 percent of Kazakhstan, and mobile Internet access to 72 percent of the population, Kcell faces immense pressure to deliver high-quality telecommunications services around the clock, no matter what.

Dmitriy Sorokin, Information Security team representative at Kcell JSC, elaborates: "As a telecoms provider, we make it possible for customers to connect with their loved ones and share special times in their lives.

"We pride ourselves on providing top-quality, always-on services, as well as ensuring end-to-end protection of customer data and confidential information. With this in mind, we need a suitable technical backbone to support the delivery of continuous, secure services."

As cyber threats against companies grow more common – and potentially dangerous – than ever before, Kcell needs to be fully equipped to identify and mitigate any potential risks before they have an impact on its customers.

"Our information security department is in its infancy, as it was established only three years ago,” says Sorokin. “We are continuously working to refine our approach to information security management. In the past, we used a heterogeneous combination of tools to run security scans and fix any vulnerabilities, which wasn’t ideal as it made the whole process a lot more time-consuming, and its various stages more difficult to standardize and verify."

In order to gain full, up-to-date visibility into all its systems, and to prioritize fixes for the most critical applications, Kcell looked to upgrade to a unified and more advanced security solution it could trust for IT security and compliance posture.

Calling on Qualys’ Security Expertise

As the information security department was already leveraging several Qualys solutions, Kcell chose to adopt a more unified approach by deploying Qualys as the strategic platform of choice for all its security needs.

Today, a comprehensive suite of Qualys cloud applications – including Qualys Vulnerability Management (VM), Qualys Web Application Scanning (WAS), Qualys Malware Detection (MD), Qualys Continuous Monitoring, Qualys Policy Compliance (PC) and Qualys PCI Compliance – supports all critical services running on Kcell’s LAN network.

"With Qualys VM and Qualys WAS we scan around 2,200 IPs and hundreds of Windows and Linux servers," comments Sorokin. "We use Qualys Continuous Monitoring for critical external IP addresses and for a number of internal services.

"Having a single vendor and a shared set of security standards is infinitely better as it boosts the consistency, verifiability and reliability of our monitoring and detection efforts. With one toolset we can scan both web servers and web sites and get comprehensive, accurate reports that we know we can trust."

Building on the newfound rigor that Qualys solutions have brought to its own security operations, Kcell is working to extend the benefits to its end-customers, diversifying its service portfolio to become a managed services provider and reseller for Qualys.

"In the future, we plan to deliver Qualys VM on both a Software-as-a-Service (SaaS) basis and as an on-premises solution for customers who do not want to let data out of their own data centres. This enables us to expand our catchment area even more and establish ourselves as a comprehensive, trusted and capable provider,” explains Sorokin.

Enhancing Security to Boost Customer Satisfaction

With Qualys solutions driving tighter, more accurate and up-to-date control over its systems, Kcell now has peace of mind that any potential risk – from minor vulnerabilities to disruptive threats – will be expertly identified and resolved at speed.

Sorokin confirms: "In the past, we were generally able to fix only about 10 percent of our critical vulnerabilities. By leveraging the Qualys solutions, we have fixed approximately 90 percent – a huge, unprecedented improvement."

He concludes: “With Qualys, we are now ahead of the game as we have implemented a truly holistic information security process which offers us full visibility and control over our systems.

"When our systems are secure and protected, it means that our customers can enjoy reliable, always-available services from their favourite provider, with full confidence that their personal information is being kept safe and sound."