Business Overview
China Telecom is a Fortune 500 telecommunication operater at China. By the end of 2008, China Telecom owns 214 million fixed line telephone subscribers, 35.44 million mobile subscribers, and 47.18 million broadband customers. Its yearly revenue is more than 220 billion RMB at 2008. With subsidiary companies in 31 provinces of China and branches in the Americas, Europe, Hong Kong and Marco, it provides all telecom services covering above areas.
ChinaVNET is a unified brand of China Telecom for Internet application services. By utilizing China Telecom’s network and customer resources, taking the advantages of “one point access, enjoy whole-network service”, “one-point authentication, enjoy whole network pass” and “single point payment settlement for SP”, ChinaVNET concentrates lots of contents and applications provided by SPs and provides customers with rich and colorful content and application services such as movies, education programmes, games and other entertainments. ChinaVNET is the “one-stop broadband information and entertainment center” of customers. Meanwhile, ChinaVNET can serve as a central payment gateway to enable and ease customers’ online payment.
The business and operation support systems(B/OSS) provide account management, authentication, billing, online payment and API for Service Providers (SPs). There are more than 30 support systems running in each province. The center node, which is located in Beijing IDC, contains nearly one hundred Windows servers which provide inter-province authentication roaming and inter-province payment settlement. It also provides consumer data mining analysis for marketing decision-making. The centre node is one of the top mission critical system of China Telecom.
Part of development and maintenance of the ChinaVNET B/OSS are outsourced to multiple IT service vendors. Outsourcing vendors use Windows Remote Desktop(RDP) to manage the support systems via Internet.
Challenge
The outsourcing brings much complexity of role and responsibility and therefore potentially contractual dissension with vendors. How can IT team handle this complexity and make sure the contractual obligation of vendors are correctly followed? How to make sure the security protection to those critical data? How to make sure complete recording and forensics when security incident happens?
Solution and Benefits
China Telecom deployed BMST Session Auditor at the center node to mitigate various risks associated with the outsourcing management:
- Information security risks: The servers contain highly sensitive data, including customer information, billing information, SP information, authentication information, etc. Any leakage or tampering of these sensitive data may cause serious reputation damage to the ChinaVNET brand and incur to financial lost.
- Incident liability dispute risks: Because there are multiple outsourcing vendors involved, accident liability disputes occur frequently. With the total visibility provided by Session Auditor, outsourcing management team has all the information for root-cause analysis and forensics proof.
News & Events
- Cutting-Edge Network Behavior Audit Technology from BMST
- Session Auditor supports X-Window now!
- Session Auditor is enhanced with HP RGS support!
- Session Auditor supports Citrix ICA
- Session Auditor Lite released today!
- BMST gets Hi-Tech Enterprise Certificate!
- BMST Office Moves to new location
- Session-Auditor v1.5 released
- BMST was founded with cutting edge inline RDP/SSH audit product!