Security | Agile
Technology, Telecom and Media
Rotterdam-based telecom company KPN considers itself a very Dutch company. Indeed, the largest telecommunications provider in the Netherlands started as part of the Dutch postal system in 1752, which later combined with telephone services. When the system was privatized in 1997, the name KPN (Koninklijke PTT Nederland) was officially borne. KPN provides landline, mobile, internet, and video services throughout Europe under various brand names. Its landline service numbers 6 million customers in the Netherlands alone. Its mobile service operates in Belgium, Germany, France, the Netherlands, and Spain with 33 million users. Since 2015, KPN has operated with 100% climate neutrality using only green energy while continuously striving towards sustainable growth. By 2025, the goal is to reach 100% reusable materials.
Security Within and Without
KPN’s departmental and IT infrastructure came with its own set of security challenges. For one, KPN’s security department worked largely independent of the rest of the company, creating a distinctly separate hierarchy. Security analyst Peter Meulemans explained: “Security experts should become more like counselors and trainers than cops. They should explain the risks and mitigations and coach development teams to come up with solutions.” Secondly, fragmentation of legacy systems and information led to less flexibility, slower turnaround, which created difficulty in gaining insight into customer profiles. This in turn affected the capacity for security to adequately perform assessments or conduct business impact analysis. KPN requested Xebia’s expertise to help make security a collaborative, smooth process.
Peace of Mind
Consolidating a complicated IT architecture consisting of multiple back-ends and front-ends with different customer information presented a dynamic task. Combined with KPN’s methodology-heavy security and compliance department, Xebia had its work cut out. Evolving markets demand faster output. Security needs to manage risks before new products are rolled out. The two need to be in sync. What Xebia sought to accomplish was simplifying KPN’s security apparatus and using an Agile adaptive means of integrating security into the company’s IT landscape without compromising validation structures and safety.
Achieving Agile Security
The process of streamlining KPN’s IT and security landscape was a matter of simplifying. Mitigating KPN’s hundreds of rules was necessary, as they proved unwieldy and ultimately time-consuming and inefficient. By paring down these controls, each requiring validation, Xebia’s experts were able to form a simplified questionnaire. This was then used as a smart filter to expedite and assign tasks accurately when rules were triggered. This allowed more critical business endeavors to take precedent over minor occurrences and allowed for more accountability. Instead of security siphoned into one separated sector, the departments worked together in an Agile way to come up with an active, productive, successful solution.