Telstra adopts enterprise-wide security framework

Telstra's Principal Security Consultant Keith price explains how the company has developed an enterprise-wide security framework.

Spurred by the needs of customers connected to its new Next G and Next IP networks, Telstra has developed a new security framework for its business that the company says is a model for other organisations.

"Through the process of designing the new networks, we discovered that complex business-to-business, business-to-consumer and business-to-employee solutions foster innovation," Keith Price, a Principal Security Consultant at Telstra told the Gartner Security Summit in Sydney yesterday (Tuesday). Price argued that such innovations can only be safeguarded through what he called "a complex, enterprise-wide security framework."

Telstra's framework has four layers, one each for strategy, management, operations and technology, in descending order. Complex interrelationships see the layers work together to identify the business' needs, measure outcomes and ensure security, while also driving for ISO 27001 accreditation.

"Our objective is focusing protection efforts on those aspects of our operations that are important to the business," Price said, with few aspects more important than giving customers the sense they can trust Telstra services.

"Consumers' trust in e-business transactions is at the heart of trust in a company," Price said, adding that he hopes the program can even spur greater e-commerce adoption but that this kind of public confidence cannot be achieved with piecemeal efforts.

"The scale and complexity of the Internet commerce era mandates an enterprise-wide security program that operates across the many dimensions of people, technology and process," he said. "The benefits of this kind of framework are too numerous not to do properly."

The benefits will also soon be something Telstra is willing to offer its customers as a consultancy service.

"There are 35 of us in the security consultancy team," Price said. "That makes us one of the largest teams in Australia and you will be hearing more from us soon."

Read more on IT risk management