COUNTRY FOCUS : UK telco for the better
themselves suitably ‘ incentivised ’ to begin planning seven-figure , multi-year transformation programmes .
The six key areas covered by the Act and its supplementary regulations include :
• Network Security : Redesigning networks so that they are more secure , stopping any would-be attack on one part of the network from affecting another .
• Infrastructure-as-Code : Operational practices should be automated wherever possible , with any manual administration creating an alert .
• Security Patching : Patches must be implemented within 14 days and services relating to network oversight functions rebuilt every 24 months – including both the operating system and app software .
• Observability : Providers must automate monitoring and analysis of security critical functions , ensuring that all data is held securely for at least 13 months .
• Supply Chain : There is a marked change in how providers select , manage and work with any third parties . They will be expected to retain sufficient in-house expertise to re-tender their managed services arrangements ( including public cloud ) at any time .
• National Security : Providers must ensure they are able to identify the risks of security compromises occurring and be able to operate the network without relying on services from outside the UK .
It is also important to note that this is just the beginning ; the Act is clearly a step-change in the expectations put upon providers and we should expect future revisions
www . intelligentcio . com INTELLIGENTCIO EUROPE 51