China Telecom is a Fortune 500 telecommunication operator in China. By the end of 2008, China Telecom owns 214 million fixed line telephone subscribers, 35.44 million mobile subscribers, and 47.18 million broadband customers. Its annual revenue exceeded 220 billion RMB in 2008. With subsidiaries in 31 provinces of China and branches in the Americas, Europe, Hong Kong and Macau, China Telecom provides one stop telecommunication services covering these areas.

ChinaVNET is a subsidiary of China Telecom providing Internet application services. By leveraging on China Telecom’s network and customers and taking advantage of “single point of authentication, access and payment for all network services”, ChinaVNET is able to consolidate all contents and applications provided by service providers. Through this, ChinaVNET is able to provide customers with rich and vibrant media content and services such as movies, education programs, games and other entertainments. ChinaVNET is the “one-stop broadband information and entertainment centre” for consumers. At the same time, ChinaVNET also served as a central payment gateway to enable and simplify online payment and transactions. The business and operation support systems (B/OSS) provide account management, authentication, billing, online payment and APIs for Service Providers. There are more than 30 of these systems running in each province. The centre node, which is located in Beijing IDC, contains nearly one hundred Windows servers which provide inter-province authentication, roaming and inter-province payment settlement. It also provides consumer data mining analysis for decision support systems. The centre node is a mission critical system for China Telecom.

Part of development and maintenance of the ChinaVNET B/OSS are outsourced to various IT service vendors. Outsourcing vendors utilize Windows Remote Desktop Protocol (RDP) to remotely manage and support these systems over the Internet.

Challenge

Due to the outsourcing nature of the business, management of roles, responsibilities and systems for all the different vendors becomes increasingly complex and could eventually lead to unnecessary dissension between various parties. The challenges faced by China Telecom are managing this complexity and also to ensure that contractual obligations are fulfilled by the vendors. Also, systems and data must also be protected. Audit and policies must also be in place to ensure accountability in the event of security incidences.

Solution and Benefits

China Telecom deployed BMST Session Auditor at the centre node to mitigate the different risks associated with outsourced vendor management. They are:

• Information security risks. The servers contain highly sensitive and confidential data, including customer information, billing information, Service Provider information, authentication information, etc. Any leakage or tampering of these data will cause serious damage to the reputation of the company as well as to incur hefty financial losses.
• Incident liability dispute risks. As there are multiple outsourcing vendors involved, incident liability disputes occur frequently. With unsurpassed visibility provided by Session Auditor, outsourcing management team has access to the information for root cause analysis and forensics evidence to manage and resolve disputes and problems.