Leading Turkish digital telco protects millions of customers with CyberArk

Company profile

Turkcell is a digital operator headquartered in Turkey, serving its customers with its unique portfolio of digital services along with voice, messaging, data and IPTV services on its mobile and fixed networks. Turkcell Group companies operate in four countries – Turkey, Ukraine, Belarus, and Northern Cyprus. In addition, Turkcell provides services in the techfin sector with Paycell, which provides payment services and Financell, which provides financial services. Turkcell launched LTE services in its home country on April 1, 2016, employing LTE-Advanced and three carrier aggregation technologies in 81 cities. Turkcell offers up to 10 Gbps fiber internet speed with its FTTH services. It has been listed on the NYSE and the BIST since July 2000 and is the only NYSE-listed company in Turkey.

• Industry: Telecommunications
• Annual Revenue: US$4.09 Billion
• Employees: 21,800

Challenges

Emre Tanrıverdioğlu has a daunting task. As the Identity and Management Operations Manager at Turkcell, he is charged with protecting 40 million customers across Turkey, Ukraine, Belarus and Northern Cyprus. In addition, he needs to safeguard 300,000 network devices and 40,000 employee and partner identities.

Tanrıverdioğlu’s challenge is incredibly complex. Turkcell is the largest telco in Turkey offering telephone, mobile, internet and corporate networking and data services. Cybersecurity is one of the critical business operations Turkcell performs for both its own business and for customers. The company has won several awards for its digital security products including four Cybersecurity Excellence Awards, from one of the most prestigious international cybersecurity organizations. In fact, Turkcell plays a key role in researching, developing and supporting the Turkish cybersecurity industry. The company was the first telecommunications operator in Turkey to receive ISO 27001 Information Security and Management System certification in 2008.

Aggressive Digital Transformation
The telco is on an aggressive digital transformation path with new digital services such as instant messaging, TV and music platforms, personal cloud services, search engine and email services.

“Turkcell positions itself as a digital telco operator offering a host of different digital services, but that gives us an attack space much larger than a traditional telco,” stated Tanrıverdioğlu. “Our aim and vision is to protect our business and the business of customers, employees and partners across all business operations in the most effective way.”

Faced with a fast-changing digital world and increasing numbers of more complex cyberattacks, Turkcell wanted to make its security defenses even more secure than they already were. For example, the COVID-19 pandemic had forced most staff to work remotely, and the company launched a risk assessment initiative to ensure this shift did not expose Turkcell to new, unforeseen risks. One of the issues that the risk assessment highlighted was a potential vulnerability in Windows servers, so the business started a project to extend Application Controls on Windows servers. As a highly experienced cybersecurity expert, Turkcell selects only market-leading security solutions which is why the company chose to partner with CyberArk.

Solutions

Since remote work and more digital and cloud-based services create more cyberattack opportunities, one of the key areas that CyberArk addresses is Identity Security. “Identity is the beginning of our cybersecurity defense, so we make sure all of our efforts and projects are targeted at securing the identities,” added Tanrıverdioğlu.

Securing 70,000 Accounts
Turkcell adopted CyberArk Privileged Access Manager Self Hosted and CyberArk Endpoint Privilege Manager, expanding the CyberArk platform as the business has grown. Currently, Turkcell manages more than 70,000 accounts using CyberArk and protects over 10,000 endpoints with CyberArk Endpoint Privilege Manager, focusing on high-risk high-impact teams like developers and system admins. The company is also using CyberArk Secrets Manager to protect machine identities and eliminate hardcoding passwords.

Turkcell has a large IT infrastructure footprint comprising of Windows servers and eight data centers including in Ankara, the largest in Turkey. All Turkcell services, applications and business systems are hosted in the company’s data centers.

“Endpoint Privilege Manager helps us to protect our endpoints because the first thing that an attacker tries to do is compromise user identities.Then the attacker abuses the compromised identities, logs onto the endpoints using the obtained credentials and executes malicious code.” commented Tanrıverdioğlu.

“CyberArk acts as the first guard against malware or malicious codes on our endpoints,”

-Emre Tanrıverdioğlu, Identity Management Operations Manager, Turkcell

To resolve the security risk on Windows servers, Turkcell used CyberArk to limit local admin rights and store passwords in CyberArk vault systems. This way, attackers have incredibly limited options to move laterally from local applications to critical systems and users do not need to write passwords down or keep them on computers.

Initially after deploying CyberArk, Turkcell had encountered some resistance from employees because of changes in the way users access systems. But as they saw the advantages of CyberArk in creating a safe and secure environment, trust in the security team and CyberArk solutions increased. “At first, there were quite a lot of complaints. But as people experienced the capabilities and features of CyberArk, it became much easier to extend the solution across the business. Now we are using features of Privileged Access Manager for all our services,” shared Tanrıverdioğlu.

Results

CyberArk forms a key part of the Turkcell Security Operation Center which is used to monitor current threats and cyberattacks 24/7. This allows Turkcell to offer its digital operator competence, as well as its integrated cybersecurity and information security experience, to corporate and individual customers.

Partnership, Not Customer-Vendor
Speaking about the importance of the partnership with CyberArk, Alper Eryılmaz, Identity & Access Management Associate Director at Turkcell summarized, “The experience with CyberArk teams has and continues to be strong. I would even say there is no conventional relationship between our two companies because we are not customer and vendor, we are partners.”

“Whatever we need and whenever we need it, CyberArk is on our side.”
– Alper Eryılmaz, Identity & Access Management Associate Director, Turkcell

“With CyberArk Endpoint Privilege Manager, Turkcell only needs one person dedicated to managing endpoint security. My duty is to make sure policies are up-to-date and work closely with the wider cyber defense team for monitoring alarms and spotting malicious code or ransomware attacks. But because CyberArk automates detection and remediation, the process is quick and easy,” disclosed Alim Kökçü, Senior Cyber Security Admin at Turkcell.

“Turkcell gets attacked every day because criminals see us as a target,” said Şeref Özkal, Security Planning Master Expert at Turkcell. “But our job is to show up and defend ourselves, our partners, and our customers. And we feel very confident that we are doing a great job and we are well protected, primarily because of the CyberArk solutions we have in place.”

With CyberArk, Turkcell has achieved a level of security that many of the company’s customers are asking to replicate for their own organizations. Imitation is often the sincerest form of flattery.

Key benefits

• Strengthened cybersecurity for 40M customers, 300K devices and 40K staff
• Protected 70K accounts and 10K endpoints
• Acted as first line defense against malware or malicious code
• Set a high-quality security standard that customers want to copy
• Streamlined privileged access management operations