For today’s interview, we have a return visit from Accenture’s Andrew Walker whom we last talked to just about two years ago.  Andrew’s role has expanded from a focus on North America to where he now leads Accenture’s Global Communications & Media consulting division.  Andrew has conversations with players from across the sector regularly, developing strategies for business transformation in the age of cloud infrastructure.  That puts him in a good position to see things from an outside perspective. … [visit site to read more]

There’s been good news recently for South Africa’s telecommunications sector, with Cassava Technologies and AWS announcing major investments and Vodacom saying it plans to enhance its network spending.

Integrated technology company Cassava Technologies has pledged a total of R4.5 billion (about US$248 million) in investment in South Africa through its business units Liquid Intelligent Technologies, Africa Data Centres and Distributed Power Africa. 

Cassava’s investment pledge comprises key projects, including the expansion of the Liquid Intelligent Technologies fibre network, the extension of Africa Data Centres’ capacity and footprint, enhanced cloud and cybersecurity capacity, and the rollout of clean, renewable energy by Distributed Power Africa in South Africa.

Cassava says its investments will contribute towards positioning South Africa as an attractive investment destination and enable greater inclusion of all South Africans consistent with Cassava’s vision of a digitally connected future that leaves no African behind.

Meanwhile, cloud services provider Amazon Web Services says it will invest up to another R14.8 billion (US$815.6 million) in its cloud infrastructure in South Africa by 2029 on top of the R15.6 billion (US$860 million) it has already invested in the country, notably in Cape Town, where it has built a data centre region.

The total investment, says AWS, aims to contribute R68 billion (US$3.75 billion) to South Africa’s GDP and support more than 5,700 jobs.

Finally, operator Vodacom says it will spend at least R12 billion (US$661 million) per year on average on its network in South Africa over the next five years, well above the average R10 billion US$551 million per year it has spent in the past five years.

As with a similar announcement recently from MTN, much of this is likely to be connected to ensuring network resilience against theft, vandalism and power cuts.

Keep up-to-date with all the latest news, articles, event and product updates posted on Developing Telecoms.
Subscribe to our FREE weekly email newsletters for the latest telecom info in developing and emerging markets globally.

Keep up-to-date with all the latest news, articles, event and product updates posted on Developing Telecoms.
Subscribe to our FREE weekly email newsletters for the latest telecom info in developing and emerging markets globally.

Some of the greatest things about the telecommunications industry are the extreme creativity, rapid evolution, and constant innovation. Unfortunately, the darker side of the industry changes quickly as well. Cybercriminals are constantly finding new ways to attack and breach solutions and data.

Security is a hot topic in the communications industry today. Communications resellers feel a hefty responsibility to protect their solution, customers, and data. That is why security is one of our top priorities and we are committed to keep our partners as protected as possible.

Below we discuss the many ways we focus on security in our products and solutions.

Linux Containers

System containers are software packages that virtualize systems or solutions to run in a contained environment, similar to a virtual machine. Containers offer advanced management tools in a safe environment. Some containers, like Linux Containers (LXC), receive regular distributions which include security updates.

SERVERware runs safely isolated Linux containers, giving us first access to Linux security updates. Our web UI enables users to monitor their containers and be proactive about security with tools like Control Lists, BSSUP, 2FA, and sipPROT (we will discuss each of these more below).

For software running outside of SERVERware, file-system isolation is implemented in PBXware by default.

Limited Access

One of the most obvious ways to keep our solutions secure is by limiting access as much as possible. We build access controls and limitations into our solutions and give users full control over how and when they grant access.

Minimal Public Access

Our developers keep our internal services as private as possible. Only the necessary services are exposed to the public Internet and the rest are bound to loopback interfaces only so they remain internal.

SSH Access

Sometimes it is necessary to open up access to your solution for support or maintenance, but sharing your root password is a huge security risk. Bicom Systems developed a special service called BSSUP that utilizes cryptographically-signed and time-limited SSH certificates for safer access.

SSH certificates give access for a limited, specific amount of time – days, hours, or even minutes. Once that time has passed, access will be restricted, ensuring your system is safe and secure.

This restriction is useful not only for granting temporary access to support teams, but also to keep passwords safe in case of lost or stolen hardware or changes in employees.

API Access

Our solutions give users the ability to manage API access in a number of ways, with the system defaults designed to offer protection wherever possible.

We allow users to create multiple API keys so that the same one is not used in multiple areas. Once those keys become inactive they can be automatically suspended so no access is left open unnecessarily.

Furthermore, system administrators have full control of who can access the IP address and hostname.

Activity Log

The Web UI in all of our solutions includes an Activity Log that tracks all actions performed across the system. This allows for accountability and the ability to quickly identify anyone that should not have access.

Account Locking

Our solutions will automatically lock if a password is entered incorrectly a given number of times. This applies not only to our main web interfaces, but also to specific applications that may contain private data like Voicemail or gloCOM.

Passwords and 2FA

A new default password is auto-generated for every single installation of our internal software components. There is no default password anywhere in our software (or ISOs) that would give access to other instances or systems.

Our web interface gives full control over admin, user, and endpoint passwords with protections in place to offer optimal security. For example, the system requires passwords to contain a certain amount of complexity that makes them more secure and requires passwords to be changed after a given amount of time. The system can automatically check online databases and inform users of breached passwords.

Two-Factor Authentication (2FA), also known as 2-Step Verification, requires the user to enter not only their normal password, but also a time-based one-time password (TOTP) received via a mobile app or email address. We recommend enabling 2FA for the extra layer of security.

LDAP (Lightweight Directory Access Protocol) finds and stores information about organizations or individuals. This can be used to control and provision all accounts.

Encrypted Communication

All of our software and services are enabled to use encryption by default. We support ‘Let’s Encrypt’ TLS certificates and have an easy-to-use wizard to help users enable that. Web interfaces are exposed and redirected to encrypted ports by default.

When it comes to voice, users choose whether to use encrypted calls or not (SIP and RTP traffic), however we do recommend encrypted signaling and media. We utilize encrypted WebRTC signaling and media for our video and screen sharing services.

All of our software components that communicate with external services do so with encryption enabled by default. This includes CRM, SMS, archiving, speech-to-text, LDAP, IMAP, SMTP, provisioning services and more. We also enable strong ciphers by default for all of our services.

gloCOM Applications

Our gloCOM desktop and mobile applications are protected by code signing and valid certificates for all platforms. Code signing is a process to determine the origin of the code and ensure it has not been changed. Certificates lend proof that code signing has occurred and that the application is valid.

gloCOM GO mobile app has additional security features. Login credentials and configuration are stored using encryption on the mobile device. Users can add Touch or Face ID to the app for additional protection. And push notifications are encrypted in transit and decrypted only on the user device, so if they are intercepted they will be unreadable.

SIP Attacks

Our SIP firewall protection solution (sipPROT) stops unauthorized attacks instantly and notifies the system administrator.

sipPROT uses advanced detection techniques to identify attacks in real-time. Our innovative technology monitors SIP packets and traffic in real time using pattern recognition, SIP scanner protection, and SIP protocol anomaly detection.

The moment an attack is detected, sipPROT updates the firewall rules and blocks the IP addresses from which the attack is coming. Learn more in our sipPROT brochure.

We also implement safety measures for auto-provisioning of endpoints including configuration over TLS, rate-limiting of requests, block of repeated requests, and mutual TLS client-certificate verification for support devices.

Security Fixes

While we work relentlessly to prevent security incidents using all of the safeguards and encryptions just discussed, we are also aware that security breaches are inevitable when software is used on a daily basis, particularly third party software. We would be remiss not to discuss security fixes in addition to prevention.

One way we prepare to deal with security incidents as quickly as possible is by building our open source solutions using source code as much as possible. This gives us the ability to apply patches on any versions of software that are no longer maintained.

Communication

Last, but far from least, in our approach to security is communication. Though we have never experienced a security breach at Bicom Systems, we do have a Security Incident Procedure to ensure a transparent, efficient, and swift response if any incident ever does occur.

The foundation of that procedure is forthright communication and includes informing partners immediately if a breach is ever identified, sending timely progress updates, and opening a dialogue to help our partners through the process.

Authored by Stephen Scott, Chief Executive Officer, Datalec Precision Installations (DPI)

Every single day, people around the world grab their phones, check their email, watch a YouTube video, or  open their laptops to begin their workday. All of these communal actions create a gargantuan amount of data that’s challenging to even visualize. By 2025 it’s estimated that 463 exabytes will be generated each day in data from … [visit site to read more]

Digital infrastructure and technology provider Cirion has announced the expansion of its fibre network and data centre capabilities across Latin America “to better serve the growing demands of our customers and continue to migrate workloads to hybrid cloud solutions”, as the company puts it.

This expansion includes several new data centres across Latin America that will be interconnected with Cirion´s existing data centres, providing customers with increased redundancy and disaster recovery capabilities.

During 2022, Cirion data centre facilities in São Paulo (Brazil), Buenos Aires (Argentina), Quito (Ecuador) (pictured above), Cali (Colombia) and Lima (Peru) had an approximately 12% increase in installed capacity.

In 2023 expansion plans are continuing with the construction of a new data centre facility in the Quilicura region in Santiago (Chile), another in the industrial district of Macropolis in Lurin (Perú) and a new building in Cotia, São Paulo, in addition to the expansion of the installed capacity of the data centre in Rio de Janeiro (Brazil).

Together, these new or expanded faciities will add more than 6 MW of capacity in 2023. Cirion data centres are implementing new monitoring infrastructure, control and management services while offering customers additional space for housing servers, networking devices and other computing equipment.

It has also expanded its Latin America fibre network and added peering capacity. In 2023, it will increase its submarine capacity to a total of 132 TB. Moreover, six new nodes have been added to the more than 700 in the company’s network in Latin America to offer more services to more users.

Also in 2023 Cirion says it is launching its new Bare Metal Cloud solution, a service that offers automated computational capacity located close to large commercial centres.

In addition the company is investing in ahigh bandwidth Ethernetarchitecture to deliver updated Ethernet services to more than 14 major Latin American cities, and theexpansion of its secure SD-WAN Managed Service, delivering organizations networks and security in what it describes as a single, high-value-added converging solution.