Swisscom: Protecting 10 million sensitive customer records

Swiss communications giant Swisscom uses format-preserving encryption to protect 10 million sensitive customer records in 15 applications from misuse - without compromising performance or system adjustments. 

Protect data and avoid application downtime

Swisscom is one of Switzerland's leading companies in telephony, Internet and communications for business and private customers, and IT services. To protect over 10 million customer records, a security solution was evaluated. In addition to protecting the data from cyber-attacks or misuse, Swisscom recorded the following points on the requirements specification:

1. Deployment in 15 different applications

2. Prevention of application interruption and performance degradation

3. Protection of data at rest, in transit, and in use

4. No system change

Dr. Klaus Brand, Product Manager at Swisscom Security Products and Services, underlines the challenges: «In-system data encryption would mean a profound redesign of business-critical applications. We feared a degradation of system performance and didn't want to change our systems and processes drastically when defining an appropriate data security strategy.»

Proof of concept: analysis of data structures, data flows, and integration points

After reviewing several security solutions, it quickly became apparent that only data-centric security could meet Swisscom's high requirements. Focusing on data encryption instead of the complex protection of the entire infrastructure means that the Enterprise Encryption platform can be easily integrated into the existing IT architecture.

To gain a thorough understanding in advance of how the data needed to be protected would be accessed and processed, Prewen conducted a proof of concept along with its internal specialists. This involved assessing and analyzing the data structures and flows and the integration points. With the insight gained into the relevant underlying processes and the data handling, it was possible to determine which data from which system was needed in which form and when the data needed to be available in plain text, and when it did not.

Phased integration and resilience

Ensuring that failures were eliminated was the top priority for implementing the security solution during onboarding and in a subsequent operation. Swisscom, therefore, decided in favor of a private, cloud-hosted encryption platform from Voltage SecureData, which was set up in two geo-redundant data centers. The rollout to all departments and the 15 designated systems was done in phases.

Throughout the implementation, it was possible to leverage insights from data analytics. "Because we had such a comprehensive understanding of our data flows, the encryption platform could be integrated directly into our applications without requiring any changes," says Dr. Brand. As anticipated, the implementation went smoothly. In parallel, Prewen trained the people in charge to run the application.

Data Encryption-as-a-Service

The decision to implement data encryption as a service means that the security solution is highly scalable without upgrading the infrastructure. After successfully protecting all 10 million records in 15 applications from cyberattacks and data misuse, Dr. Brand sees future potential for Swisscom: "We initially managed the most business-critical applications, but there are many more applications that would benefit from the data-centric approach."

Additional applications or systems may be easily integrated into Prewen's universally usable security solution.

Why Prewen and the data-centric approach?

The launch of the security solution at Swisscom is an example of how companies with individual data processing needs can benefit from the scalability of data encryption-as-a-service and the format-preserving encryption method. 

Not only enterprise customers but also SMBs will benefit from this approach. It is increasingly difficult or impossible for data security managers to guarantee security using traditional methods. They are looking for innovative solutions. The data-centric approach offers a flexible and unmatched plan - a paradigm shift into future-proof data security.

Learn more about data-centric protection or Prewen's data security offering.