How companies protect customer, employee, or other sensitive data is one of the most important questions facing our industry today. Nokia has dedicated processes to address this which focus on technical protection, process, and people. For example, technical protection includes security information event monitoring (SIEM) by our security operation center (SOC), access controls, and making authentication and encryption mechanisms available for system users.
Process-related controls include business-driven governance, security as part of global business processes, integrated enterprise risk management, and active third party management. Our internal processes address the proper handling, storage, transmission and destruction of sensitive or confidential information.
Getting privacy right
With the growing complexities provided by today’s technology and business environment, it is imperative that we lead and enable strategic and consistent management of privacy-related risks as well as ensuring we are in a position to make the most of all the opportunities ahead. With the arrival of 5G and IoT, in a world where everyone and everything are increasingly connected, cloud storage, big data, and other technology advances, getting privacy right is not only desirable, it is a necessity.
Our privacy management model is set out in our group-wide Privacy Management Policy, which provides clear privacy principles and a governance framework to implement sound privacy-related practices across our businesses.
We continue to strengthen our framework with supporting policy and procedures. We review and update related data governance processes, ensuring they remain fit-for-purpose. Thanks to our programmatic approach, Nokia remains in a position of strength to safeguard personal data entrusted to us.
Getting security right
Our market research reveals that security is a growing concern within the telecommunications industry. Nokia is dedicated to protecting next-generation networks from attacks and is a leader in the provision of network security solutions. We hold our annual Nokia Security Day which has been combined with the Nokia Analyst Security Day and our annual Nokia HackAthon for the first time.
Nokia established a response function that consists of three teams – Incident Response Teams (IRTs), Major Event Team (MET) and Nokia Crisis Management Team (CMT) – depending on the type of incident or crisis. Each team has well defined tasks and teams carry out training on an annual basis. Teams consist of subject matter experts from all areas of the company. Regular training and internal and external testing on Nokia’s Breach Management capability is provided. The testing includes annual internal table-top exercises and also annual external “outside-in” simulated attacks. As is the case for all international companies with Internet-facing services, we face daily attack attempts.
All Nokia employees and external contractors are required to take mandatory Information Security e-learning courses every two years. New hires must take an e-learning course when starting with Nokia and our security awareness and culture is measured annually. We also run Red Team exercises every year where an external professional security company tests Nokia’s security capabilities.