CES 9 Operational Efficiency. Reducing costs and improving operations in service provider IT environments

Similar documents
Amdocs Web Service Factory

Unlocking the True Potential of Usage Data. Amdocs White Paper November 2014

CES 9 Virtualization. Reducing costs and improving operations in service provider IT environments

Amdocs Data Integrity Management Suite. Rediscover your network

WANT TO STRENGTHEN YOUR CUSTOMER RELATIONSHIPS? THE RIGHT SALES STRATEGY WILL HELP

Amdocs Field Service

Mobile Application Testing

Amdocs Multichannel Selling Solution

Amdocs Smart Device Support Solution

The Amdocs Enterprise Customer Management Solution

Leveraging Business Process Management with Smart Project Orchestration

Amdocs CES Multi-Play Smart Pack. A customer care and billing solution for multi-play service providers

amdocs > customer experience systems innovation Amdocs Convergent Billing 1

AMDOCS BILLING SYSTEM TRANSFORMATION DELIVERS NEW TRIPLE-PLAY SERVICES TO KAZAKHTELCOM CUSTOMERS

amdocs > customer experience systems innovation AMDOCS SELF-SERVICE AMDOCS SELF-SERVICE 1

Amdocs Commercial Billing Solution. Central Fee and Interest Manager

Amdocs Smart Agent Desktop

TELINDUS BELGACOM ICT REDUCES COSTS WITH THE AMDOCS CES SMART AGENT DESKTOP

EXPANDING RELATIONSHIP WITH AMDOCS HELPS ADSA ENTER NEW MARKETS AND ENHANCE THE CUSTOMER EXPERIENCE FOR ADSA S PRINT AND ONLINE ADVERTISERS

Amdocs Turbo Charging and IBM Bladecenter blade servers for breakthrough real-time performance

OSS Managed Services A New Business Model for Service Providers

How To Be Successful In The Czech Republic

Customers have noticed that we are very responsive, meet our service level agreements, and are more cost conscious. MIKE ROBINSON

Answering challenges of the VoLTE era

Driving business value from Amdocs pre-integrated Order-to-Activation

gives Pelephone the business flexibility to stay at the forefront of evolving customer needs and expectations. Amdocs DORON KURTZ

AMDOCS INTERACTIVE CUSTOMER SUCCESS STORY HONG KONG CSL

Amdocs Network Rollout Solution. Cut time and cost for network rollout and change projects with process orchestration

TELEKOM AUSTRIA SUCCESSFULLY COMPLETES SERVICE FULFILLMENT PROJECT

Amdocs Energy Solution

AMDOCS CRM FOR FINANCIAL SERVICES INSTITUTIONS

amdocs > customer experience systems innovation AMDOCS SALES QUOTE ORDER

GREENFIELD WIRELESS INNOVATOR OUTSOURCES MISSION-CRITICAL FUNCTIONS TO AMDOCS FOR RAPID SUCCESS

BELGIUM S LEADING MULTI-PLAY SERVICE PROVIDER IMPROVES THE CUSTOMER EXPERIENCE AND AGENT EFFICIENCY WITH AMDOCS

AMDOCS OSS HELPS OPTIMUS DELIVER SERVICE EXCELLENCE OVER NEXT GENERATION NETWORK AND FIBER-TO-THE-HOME INFRASTRUCTURE

Selected Managed Services Case Studies. Amdocs Global Strategic Sourcing

NETCOM DRIVING DOWN THE COST OF BACKHAUL WITH AMDOCS CRAMER

UPGRADED AMDOCS CONVERGENT BILLING SOLUTION HELPS XL INCREASE CAPACITY AND ACCELERATE TIME TO MARKET FOR PREPAID AND POST-PAID SERVICES

amdocs customer SucceSS StORy Duncan Bennett

Amdocs SMB Social Experience Solution. Get social with your SMB customers

Meeting the Communication Needs of SMBs and Large Businesses. Amdocs OSS Service Fulfillment White Paper

T-MOBILE DEPLOYS INNOVATIVE TECHNOLOGIES AND REINFORCES MARKET LEADERSHIP WITH AMDOCS CHARGING SUPPORTING CUTTING-EDGE BILLING SERVICES

Creating Differentiation by Simplifying Customer Experience

Where every interaction matters.

CES 9.1 Unleash the Power of Experience

Amdocs Network Cloud Service Orchestrator

LEADING NATIONAL COMMUNICATIONS SERVICE PROVIDER STREAMLINES ITS OPERATIONS THROUGH INVENTORY CONSOLIDATION WITH AMDOCS OSS

OPENREACH SET TO DELIVER CUSTOMER SERVICE TRANSFORMATION WITH AMDOCS CONSULTANCY

Prepaid loyalty: fact or fiction?

Amdocs Testing Factory

Amdocs Blueprint to Digital. From Vision to Reality

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

AMDOCS > CUSTOMER EXPERIENCE SYSTEMS INNOVATION

Amdocs Smart Net Solution

WHITE PAPER DON T REACT ACT! HOW PROACTIVE REVENUE MANAGEMENT CAN PAY OFF BIG IN TODAY S MARKETS

Amdocs Compact Convergence for Mobile Virtual Network Operators (MVNOs)

05.0 Application Development

TRANSFORMING THROUGH OUTSOURCING: MANAGED SERVICES AS A STRATEGIC TOOL FOR COMMUNICATION SERVICE PROVIDERS

Amdocs Customer Management

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Amdocs Policy Controller

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Web Application Security Assessment and Vulnerability Mitigation Tests

Agile Testing: Best Practices to Ensure Successful Transformation to Agile Methodologies

Bringing NFV to Life. Technological and Operational Challenges in Implementing NFV. Amdocs White Paper

How To Get The Ifs Cloud On Microsoft Azure 2.5 On A Microsoft Cloud On A Cloud On An Ios (Cloud) On A Server On A Supermicrosoft Cloud (Cloud On A Mini

Magento Security and Vulnerabilities. Roman Stepanov

Adobe Systems Incorporated

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Network Test Labs (NTL) Software Testing Services for igaming

Ensuring the security of your mobile business intelligence

Vulnerability Management

Provide access control with innovative solutions from IBM.

and technology engineered for agile business

IFS ApplIcAtIonS For ElEctronIc components xxxxxxxxxxxxx

Application Firewall Overview. Published: February 2007 For the latest information, please see

Overview of the Penetration Test Implementation and Service. Peter Kanters

TeraScale. Amdocs White Paper January 2015

Dimension Data s Uptime Support Service

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

How To Manage An Ip Telephony Service For A Business

AMDOCS CLARIFYCRM HELPS BTEXACT REALIZE 100% ROI ON MILLION-DOLLAR SOLUTION

DELIVERING THE RIGHT CUSTOMER EXPERIENCE EVERY TIME WITH AMDOCS OSS FOR UNIVERSAL SERVICE PROVISIONING

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

NFV Checklist. Designing Agile, Scalable Networks for Carrier-Grade Performance

SERENA SOFTWARE Serena Service Manager Security

Preemptive security solutions for healthcare

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Sitefinity Security and Best Practices

Cisco Smart Care Service

OWASP AND APPLICATION SECURITY

CISCO NETWORK CONNECTIVITY CENTER

Table of Contents. Page 2/13

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Transcription:

CES 9 Operational Efficiency Reducing costs and improving operations in service provider IT environments

CES 9 OPERATIONAL EFFICIENCY 2 Contents 1. EXECUTIVE SUMMARY...3 2. MAXIMIZING OPERATIONAL EFFICIENCY OVERVIEW...4 2.1. The Challenge of Operational Efficiency...4 2.2. Best of Suite Approach...5 3. MONITORING...6 3.1. End to End Monitoring...6 3.2. Amdocs Monitoring Framework (AMF)...7 3.3. AMF Toolkit and Gateway...8 3.3.1. Toolkit Module...8 3.3.2. Gateway Module...8 3.4. Summary...8 4. SOFTWARE LIFE CYCLE...9 4.1. Software Lifecycle Management in IT Environments...9 4.2. Strategies for Improvement...10 4.2.1. Consolidation...10 4.2.2. Single Software Lifecycle Management...10 4.3. Amdocs Solution for Software Lifecycle Management - XPI...10 4.4. Amdocs XPI Key Capabilities...11 4.5. Summary...11 5. SECURITY...13 5.1. Addressing Security Violations...13 5.2. Amdocs Security...13 5.2.1. Mitigating Security Threats...14 5.2.2. SOX Compliance...15 5.2.3. PCI DSS Readiness...15 5.3. Amdocs Security Manager (ASM)...15 5.3.1. Integrating with Existing Security Systems...15 5.3.2. ASM Key Capabilities...16 5.4. Summary...17 6. CONCLUSION...18

CES 9 OPERATIONAL EFFICIENCY 3 1. Executive Summary As a true Best of Suite solution, Amdocs CES can greatly enhance operational efficiency and unify operations to reduce diversity and complexity in IT environments. Deploying the Amdocs CES 9 suite with the Unified Foundation uniquely offers: Best of suite offering an end-to-end BSS-OSS portfolio of pre-integrated products Unified Foundation - a common framework foundation layer and tools shared by Amdocs CES suite products Openness - open architecture for easy integration with third parties Single product catalog using a well-defined common data model and catalog End-to-end design and usability focusing on the customer experience and usability

CES 9 OPERATIONAL EFFICIENCY 4 2. Maximizing Operational Efficiency Overview 2.1. The Challenge of Operational Efficiency Operational efficiency creates business agility, generates new opportunities, reduces costs and ultimately enhances the customer experience. For service providers, optimizing operational efficiency is a constant and elusive challenge, impacting both technology and business. Service provider IT environments are large and complex. They are typically assembled from multiple homegrown and third party systems - accumulated over the years following development, acquisitions, mergers, and expansion into new lines of business and services - and integrated to a greater or lesser extent of. Each system may be individually managed, and have proprietary tools and processes for installation, configuration and maintenance. Each system needs to be integrated with other products that are part of the IT environment - such as monitoring and security systems as well as with a common data model, customer databases, product catalogs and so on. NEGLECTING TO LOOK AT AN END-TO-END TECHNOLOGY ENVIRONMENT WILL LEAD TO LOW AGILITY, SUCH AS PAINFUL END-TO-END INTEGRATIONS, SIGNIFICANT DUPLICATIONS AND POOR PERFORMANCE GARTNER, MARCH 2011

CES 9 OPERATIONAL EFFICIENCY 5 2.2. Best of Suite Approach To mitigate these challenges and to maximize operational efficiency, service providers need to ensure that their products and IT environments are characterized by openness, welldefined frameworks and platforms, adherence to industry standards and use of common tools. Amdocs CES can greatly enhance operational efficiency and unify operations to reduce diversity and complexity in IT environments. The Unified Foundation of Amdocs CES 9 suite uniquely offers: Best of suite approach a pre-integrated portfolio of products spanning BSS, OSS and beyond representing an important part of a service provider s mission-critical IT systems Foundations a common framework foundation layer and tools such as monitoring, security, software life cycle management and more, shared by Amdocs CES suite products Openness open architecture for easy integration with third parties Standard based compliance with industry standards Single product catalog Using well defined common data model and catalog End-to-end design and usability focusing on the customer experience and usability INTEGRATION INTEGRATION FRAMEWORK WEB SERVICE FACTORY SIMPLIFY EXPERIENCE HARNESS DATA CUSTOMER DIGITAL SERVICES REVENUE OPERATIONS SUPPORT SYSTEMS NETWORK CONTROL STAY AHEAD BE EFFICIENT CROSS SUITE TOOLS ENTERPRISE PRODUCT CATALOG CROSS PORTFOLIO INSTALLER SMART CLIENT FRAMEWORK SECURITY MANAGER MONITORING FRAMEWORK PROCESS MANAGER PLATFORMS CERTIFIED STACKS VIRTUALIZATION FIGURE 1: THE AMDOCS UNIFIED FOUNDATION ENABLES THE TRUE POWER OF THE SUITE This document focuses on specific areas in which the Amdocs CES 9 suite can assist service providers in their ongoing quest for operational efficiencies.

CES 9 OPERATIONAL EFFICIENCY 6 3. Monitoring Effective monitoring is critical to maximizing performance of business applications, efficient operations and compliance with Service Level Agreements. When monitoring systems provide timely and accurate information, service reps can identify trends early, detect system performance changes, make informed decisions, take action to increase productivity, troubleshoot on time and deliver a better customer experience. However, in complex, diverse IT environments, effective monitoring of uptime and system health poses a daunting challenge. 3.1. End to End Monitoring Service providers typically use third-party management tools such as HP Open View, IBM Tivoli and WebNMS to monitor their operational environments (including hardware, middleware, applications, and so on). End to end monitoring requires the ability to collect and analyze all relevant health and performance metrics from the entire suite of products and channel them to visualization and management tools. This is a necessity as in many cases issues arising in the data center span and impact different systems and processes. The complexity and variety of collection points and data mandates openness and standard-compliance. The success of any monitoring solution is dependent on the applications themselves exposing all the required information as a feed to the monitoring tools in a consistent and easy manner. In addition, a monitoring solution needs to address: Troubleshooting - to check the server, application server, database server, network and, of course, any proprietary application layer Trend analysis - to extract intelligence from the metrics and data gathered Reporting and dashboards - for visual representation of the key processes and metrics to ensure immediate detection of issues without the need to analyze mountains of data

CES 9 OPERATIONAL EFFICIENCY 7 3.2. Amdocs Monitoring Framework (AMF) ify ience ss nt Amdocs CES 9 provides end to end monitoring across our comprehensive CES 9 BSS-OSS platform through the Amdocs Monitoring Framework (AMF) a component of. Data gathered provides accurate and Amdocs timely information Unified on the Foundation applications service level state and behavior, facilitating visibility of system INTEGRATION health so that system administrators can take proactive corrective measures to maintain the applications within their operational service level agreements. INTEGRATION FRAMEWORKS WEB SERVICES FACTORY CUSTOMER SIMPLIFY EXPERIENCE HARNESS DATA STAY AHEAD DIGITAL SERVICES INTEGRATION INTEGRATION FRAMEWORK WEB SERVICE FACTORY CUSTOMER DIGITAL SERVICES REVENUE REVENUE OPERATIONS SUPPORT SYSTEMS CROSS SUITE TOOLS OPERATIONS SUPPORT SYSTEMS NETWORK CONTROL NETWORK CONTROL BE EFFICIENT ENTERPRISE PRODUCT CATALOG CROSS CROSS PORTFOLIO SUITE TOOLS INSTALLER SMART CLIENT FRAMEWORK Amdocs CES 9 Monitoring enables easy integration with market leading monitoring tools by focusing on the following principles: Exposing metrics in a standard and future-proof manner reduces the cost of integrating Amdocs products with third-party management platforms Examples of metrics exposed via Amdocs Monitoring Framework include application queue size, application cache eviction rate, API execution time and process progress. Openness enables exposure of additional metrics. Agility information is aggregated prior to sending it to the management system. This reduces monitoring implementation costs and allows fast integration with third-party platforms. ENTERPRISE PRODUCT CATALOG CROSS PORTFOLIO INSTALLER SMART CLIENT FRAMEWORK SECURITY MANAGER MONITORING FRAMEWORK PROCESS MANAGER SECURITY MANAGER MONITORING FRAMEWORK PROCESS MANAGER PLATFORMS PLATFORMS CERTIFIED STACKS VIRTUALIZATION CERTIFIED STACKS VIRTUALIZATION

CES 9 OPERATIONAL EFFICIENCY 8 3.3. AMF Toolkit and Gateway Amdocs Monitoring Framework includes Toolkit and Gateway modules. 3.3.1. Toolkit Module The Toolkit module provides a set of monitoring and metering APIs, including: Counter increment/decrement counter timer that computes the timing of a selected code and maintains a sliding average Meter measures the rate of events over time Gauge simple value holder Status Indicator reports current status of application entities 3.3.2. Gateway Module The Gateway module implements the JMX JSR-160 protocol exposing a JMX northbound interface. In addition to a notification mechanism, this module includes a component which provides the REST protocol access to the northbound interface. 3.4. Summary Amdocs Monitoring Framework, which is part of Amdocs Unified Foundation, addresses the needs of full suite monitoring through: Exposure of relevant and aggregated metrics from all applications Easy integration with leading third-party monitoring software Enabling effective end-to-end monitoring of the Amdocs BSS-OSS suite The Gateway Module maps the entire catalog of available metrics and periodically checks for new metrics created by monitoring processes. The automatic aggregation of low-level metrics performed by this module exposes the higher-level metrics required for external monitoring system queries, reducing the number of metrics the external system needs to collect and increasing the efficacy of the monitoring system.

CES 9 OPERATIONAL EFFICIENCY 9 4. Software Life Cycle Management Efficient software lifecycle management can cut TCO, increase agility and even improve the customer experience. In complex distributed and integrated IT environments, such as those typical of communications service providers, modernization and consolidation of existing systems can be an important first step towards simplifying software management. However, to maximize efficiencies, it is necessary to deploy tools that can manage both multiple products and multiple environments in a unified and userfriendly manner. 4.1. Software Lifecycle Management in IT Environments The challenge of software lifecycle management, however, goes beyond the borders of the back office. Fear of extended downtime and adverse impact on service levels reduce confidence in software management processes and may create hesitancy to update/upgrade or introduce new systems. To address these challenges, organizations with large, complex IT environments must be prepared to adopt strategies that simplify their IT environment software lifecycle management processes. Software lifecycle management refers to the installation, configuration, maintenance and management of software. Managing software in an IT environment is a cumbersome, tedious and error prone task. It requires people with expertise in multiple fields. Software management requires the knowhow to manage, configure, update and upgrade each product, complemented with an understanding of the impact that changes made to on one system have on all related systems.

4.2. Strategies for Improvement Simplify Experience 4.2.1. Consolidation Harness Consolidation and reduction of the number Dataof IT systems is a key goal of many strategic modernization Stay initiatives. Consolidation reduces overheads and Ahead TCO, and can return agility to system operations. Amdocs Be has pioneered Efficient modernization projects that have reduced the number of BSS IT systems from dozens to no more than a handful, or even less. Consolidation reduces the number of third party systems present in the IT environment. However, in many cases vendors may neglect integration between products thus leaving little room for consolidation and extending the need for software lifecycle management tools. 4.2.2. Single Software Lifecycle Management Typically, software lifecycle management products are provided by a vendor with vast experience in handling integration, configuration, maintenance and other lifecycle management needs. The broader the range of products, the greater the value and, most significantly, the greater the saving the customer enjoys. Successful software lifecycle management requires both a common foundation and a common set of management tools for the managed products. CES 9 OPERATIONAL EFFICIENCY 10 4.3. Amdocs Solution for Software Lifecycle DIGITAL Management - XPI SIMPLIFY EXPERIENCE HARNESS DATA INTEGRATION INTEGRATION FRAMEWORK WEB SERVICE FACTORY CUSTOMER DIGITAL SERVICES INTEGRATION INTEGRATION FRAMEWORKS WEB SERVICES FACTORY CUSTOMER SERVICES REVENUE REVENUE OPERATIONS SUPPORT SYSTEMS NETWORK CONTROL STAY AHEAD BE EFFICIENT CROSS SUITE TOOLS CROSS SUITE TOOLS ENTERPRISE PRODUCT CATALOG SMART CLIENT FRAMEWORK ENTERPRISE PRODUCT CATALOG CROSS PORTFOLIO INSTALLER SMART CLIENT FRAMEWORK SECURITY MANAGER MONITORING FRAMEWORK PROCESS MANAGER SECURITY MANAGER MONITORING FRAMEWORK PLATFORMS PROCESS MANAGER CERTIFIED STACKS VIRTUALIZATION PLATFORMS OPERATIONS SUPPORT SYSTEMS CERTIFIED STACKS VIRTUALIZATION Amdocs CES suite shares a common foundation with common platforms, common security, a common information model, a common monitoring platform and more. A key element in Amdocs Unified Foundation is a single unified solution for lifecycle management called Amdocs XPI (Amdocs Cross Portfolio Installation Framework) which handles the installation, maintenance and management of the CES 9 suite s software lifecycle. XPI spans all phases of the software lifecycle including: Deployment a wizard-based installation dramatically simplifies deployment of the Amdocs CES 9 suite with an efficient and straightforward deployment process that eliminates the need to conduct long and laborious integration processes. The entire Amdocs CES portfolio can be deployed in two hours! Update software updates (e.g. hotfixes, patch bundles) are provided using XPI packages. During the update process only the artifacts of the product that are impacted by an update are replaced. This minimizes the risk of deployment and the scope of testing associated with the update. Moreover, with XPI you can modify and enhance the installed system by adding additional resources as machines, UNIX accounts and application resources. Repair in the event of a failed deployment, a defined procedure repairs only the components of the installation that failed. Rollback in the event of unsuccessful software updates, you can easily roll back to the previous version. This capability enables service providers to deploy updates without fear of system setbacks. NETWORK CONTROL

CES 9 OPERATIONAL EFFICIENCY 11 4.4. Amdocs XPI Key Capabilities Additional features of XPI include: Central repository that holds and displays all system information providing full visibility of the system including the history of changes applied. For example, it stores the history of all software updates applied or configuration changes applied since the system was installed. CUSTOMER RELATIONSHIP Installation packaging and installation of the software using either a graphical user interface or a command line interface Zero risk deployment for configuration changes across the Amdocs CES 9 suite. Configuration changes can be applied either onsite or can be prepackaged for onsite deployment Analysis and reporting - reports generated both prior to and following installation describe the changes applied. The analysis and reporting capabilities deliver improved traceability and clarity of activities performed FIGURE 2: PORTFOLIO TOPOLOGY VIEW Topology editor enables viewing, editing and managing the topology environment. Users can add components and change the values of configuration parameters. The editor also provides a graphical interface to view, search and filter the environment. The views display all installed components and the relationships between them. Built-in integration layer built-in integration points between products When configuration changes are made to one product the relevant changes are automatically made to dependent products Remote diagnostics offer a clear view of environments requiring monitoring, thereby reducing the time required for analysis of environment issues and improving system visibility CRM DATABASE FIGURE 2A: CRM TOPOLOGY VIEW 4.5. Summary Amdocs XPI, which is part of, is revolutionary in its ability to manage, via a single tool, an entire suite of IT applications. XPI can cut costs and TCO, simplify software management, reduce installation effort, increase confidence in software update processes, and enable business agility. FIGURE 2B: CRM DB TOPOLOGY VIEW

CES 9 OPERATIONAL EFFICIENCY 12 5. Security 5.1. Addressing Security Violations Service providers require security mechanisms to prevent hostile attacks and abuse of customer data. Today, hackers are organized, business-driven and equipped with financial and physical resources to support their activities. Service providers store data of customer location, habits, payment method, banking and credit information and more. This information can be stolen and sold to competitors, spammers, and others. It can be altered for personal gain and exploited to inflict damage on the service provider and end-customer. Moreover, due to the large number of IT systems in a typical service provider environment, implementing effective security systems typically requires substantial implementation and integration effort. 5.2. Amdocs Security In Amdocs CES 9, Amdocs is delivering its most secure release ever. Security is built from a number of layers. Amdocs Security Manager (ASM) is a part of Amdocs CES Unified Foundation that handles end-to-end security in the suite. Additional security layers reside in the products and in security measures implemented in the product development lifecycle. Service providers have no choice but to address a multitude of threats; application security, in essence, focuses on the controls and mitigations required to protect data and software from malicious wrong doers.

CES 9 OPERATIONAL EFFICIENCY 13 5.2.1. Mitigating Security Threats Amdocs follows guidelines provided by different organizations/forums such as OWASP and NIST, covering the main securityrelated vulnerabilities. The table below highlights OWASP top 10 threats and Amdocs mitigation for each. THREAT DESCRIPTION MITIGATION Injection Cross Site Scripting (XSS) Broken Authentication and Session Management Insecure Direct Object References Cross Site Request Forgery (CSRF) Security Misconfiguration Insecure Cryptographic Storage Failure to Restrict URL Access Insufficient Transport Layer Protection Invalidated Redirects and Forwards Tricking an application into including unintended commands in the data sent to an interpreter Raw data from attacker is sent to a user s browser Missing credentials, tokens or any proof of authentication within every request allows hackers to skip login and bypass authentication Application exposes objects (e.g., files) without properly protecting them with authorization. This allows hackers to gain unauthorized access to the various application objects A victim s browser is tricked into issuing a command to a vulnerable web application. Vulnerability is caused by browsers that automatically include user authentication data (session ID, IP address, Windows domain credentials, ) with each request Configuring the different architecture layers (OS, application server) inappropriately Storing sensitive data insecurely Allowing direct access to URLs that should be accessed only by authenticated/ authorized users only Transmitting sensitive data insecurely Redirects frequently include user supplied parameters in the destination URL. If these parameters are not validated, attackers can direct their victims to a site of their choice Proper validation of any input coming from the user and limiting the characters to a well-defined range Proper input validation as described above or output encoding that replaces malicious characters with their browser-friendly counterparts Amdocs protects all pages and access points into the application by requiring submission of credentials or any proof of authentication, denying unauthenticated users from using the protected application s resources For each object accessed by the application, a role-based authorization is added A randomly generated token, valid for a defined period of time only, is added to each request, making it extremely difficult for a hacker to craft a proper request that also includes a valid token. The token is based on ASM session ID. Amdocs provides secured implementation guides. guides for its major applications. Implementers should follow the guidelines to secure the production platform All sensitive data is encrypted in storage using either Oracle TDE or the ASM encryption service All access points to non-public information in CES9 requires authentication/authorization CES9 allows usage of SSL for all sensitive data transports The applications validate user originated data properly and eliminate injection of paths or commands that allow a hacker to take control over a valid flow

CES 9 OPERATIONAL EFFICIENCY 14 5.2.2. SOX Compliance 5.3. Amdocs Security Manager (ASM) Amdocs continues to support customers compliance with the Sarbanes-Oxley Act of 2002. Amdocs provides accounting (logs) of events related to financial transactions and security. 5.2.3. PCI DSS Readiness To minimize risk of credit card theft, service providers need to comply with the credit card Simplify companies standards. Experience CUSTOMER Amdocs systems are PCI DSS Harness (Payment Card Industry Data Data Security Standard) ready. This allows Amdocs customers to better prepare for their PCI-DSS Stay audit on site. CES 9 Ahead supports PCI requirements, including: Be All credit card numbers are Efficient encrypted while in storage and in transport Credit card numbers are removed from log files and error messages, and masked on display Amdocs does not store CVV data Products undergo penetration tests to uncover vulnerabilities such as XSS, CSRF, SQL Injection and many more. Amdocs provides mandatory application security courses for developers Improved accounting (logging) of credit card access for improved auditing 5.3.1. Integrating with Existing Security Systems Integrating a new security system into an existing environment can be a major undertaking. Implementers need to identify each and every resource and activity requiring restriction throughout the applications, define appropriate policies to protect those INTEGRATION resources and activities, and create a wide set of roles to accompany the policies. In addition, each entry point into the application has to be identified as well as have a login process suitable to the solution chosen. INTEGRATION FRAMEWORKS WEB SERVICES FACTORY DIGITAL SERVICES SIMPLIFY EXPERIENCE HARNESS DATA STAY AHEAD BE EFFICIENT REVENUE INTEGRATION FRAMEWORK WEB SERVICE FACTORY CUSTOMER OPERATIONS SUPPORT Amdocs Unified SYSTEMS Foundation INTEGRATION DIGITAL SERVICES REVENUE OPERATIONS SUPPORT SYSTEMS NETWORK CONTROL NETWORK CONTROL CROSS SUITE TOOLS CROSS SUITE TOOLS ENTERPRISE PRODUCT PRODUCT CATALOG CATALOG CROSS PORTFOLIO INSTALLER CROSS PORTFOLIO SMART CLIENT FRAMEWORK INSTALLER SMART C MONITORING SECURITY MANAGER SECURITY MANAGER FRAMEWORK PROCESS MANAGER MONITORING FRAMEWORK PROCES PLATFORMS CERTIFIED STACKS VIRTUALIZATION PLATFORMS CERTIFIED STACKS VIRTUAL

CES 9 OPERATIONAL EFFICIENCY 15 Amdocs Security Manager (ASM) can dramatically cut the cost of deploying and integrating a BSS-OSS wide security solution. ASM enables the products in the suite to speak in a common security language to determine user identity and permissions throughout a transaction. Pre-integrated with Amdocs products, ASM acts as a central point of integration for external security solutions, relieving the need for application changes. ASM has been developed in accordance with leading security concepts and standards. It adopts the Spring Security Framework for better and simpler security mechanisms for authentication and authorization. It also allows faster integration with third-party Single Sign On solutions through a set of ready-made Spring plugins. As Amdocs BSS-OSS products are typically deployed alongside an existing IT environment which already has a security solution in place, ASM facilitates the deployment by offering a single point of security integration. 5.3.2. ASM Key Capabilities ASM is a pure Java library allowing fast and easy deployment alongside the applications, and is aligned with industry standards. It utilizes capabilities provided by the open source Spring Security Framework, which allows ASM to be lean and efficient in its authentication and authorization processes. This framework also allows ASM to support a variety of security solutions found in the industry, and enables quick integration with them. Readymade Spring plugins also simplify Single Sign On with different providers. Whilst ASM keeps evolving and adopting new approaches and technologies, it is fully backward compatible with CES V8.1 and allows interoperability in a mixed version run time environment.

CES 9 OPERATIONAL EFFICIENCY 16 ASM offers: Administration capabilities through a UI and APIs User management that allows a personal profile definition of each user including a set of privileges for the application Password management complex password policy and password encryption in storage allows safekeeping and un-guessable passwords 5.4. Summary ASM, which is part of, is field proven in many installations at a wide range of the world s leading service providers. When deploying Amdocs products, ASM delivers an effective, standard, cross-suite security solution that integrates easily and quickly with existing security systems. Single Sign On central session and ticket serving all applications, allowing a user s identity and accountability - to accompany a transaction end-to-end Policy server that allows the definition and administration of protected resources and protective policies Accounting Logging of security events such as login, logout, authorization events, etc. This serves as evidence and audit material and addresses non-repudiation

CES 9 OPERATIONAL EFFICIENCY 17 6. Conclusion As service providers IT environments continue to expand in scope and complexity, service providers need to find new ways to reduce cost of ownership, improve operations and maximize operational efficiencies. This requires them, for example, to adopt new cost-effective hardware technologies and address pervasive broad-impact suite-wide challenges. This white paper has demonstrated how deployment of a single suite with a common foundation can optimize efficiencies in areas such as security, monitoring and software lifecycle management. Amdocs is unique in being able to provide such solutions, based on: Our extensive suite of products covering the core, mission-critical BSS-OSS needs of service providers, and A true best of suite approach with a single foundation and a powerful set of common foundation products covering installation, maintenance, management, configuration, security, monitoring, and more in a unified fashion. The commonalities of the Amdocs CES 9 foundation and Amdocs best of suite approach reduce software management overheads, integration efforts, costs and Time to Market while creating operational efficiencies and ultimately improving the customer experience.

About Amdocs For 30 years, Amdocs has ensured service providers success and embraced their biggest challenges. To win in the connected world, service providers rely on Amdocs to simplify the customer experience, harness the data explosion, stay ahead with new services and improve operational efficiency. The global company uniquely combines a market-leading BSS, OSS and network control product portfolio with value-driven professional services and managed services operations. With revenue of $3.2 billion in fiscal 2012, Amdocs and its 20,000 employees serve customers in more than 60 countries. Amdocs: Embrace Challenge, Experience Success. For more information, visit Amdocs at www.amdocs.com Amdocs has offices, development and support centers worldwide, including sites in: THE AMERICAS: ASIA PACIFIC: EUROPE, MIDDLE EAST & AFRICA: BRAZIL AUSTRALIA AUSTRIA ISRAEL SPAIN CANADA CHINA CYPRUS KAZAKHSTAN SWEDEN COSTA RICA INDIA CZECH REPUBLIC THE NETHERLANDS UNITED KINGDOM MEXICO JAPAN FRANCE POLAND UNITED ARAB EMIRATES - DUBAI UNITED STATES PHILIPPINES GERMANY RUSSIA SINGAPORE IRELAND SOUTH AFRICA TAIWAN THAILAND VIETNAM For the most up-to-date contact information for all Amdocs offices worldwide, please visit our website at www.amdocs.com/corporate.asp Copyright 2013 Amdocs. All Rights Reserved. Reproduction or distribution other than for intended purposes is prohibited, without the prior written consent of Amdocs. The trademarks and service marks of Amdocs, including the Amdocs mark and logo, Intentional Customer Experience, CES, Clarify, Ensemble, Enabler, Return on Relationship, Intelecable, Collabrent, XACCT, DST Innovis, Stibo Graphic Software, Qpass, Cramer, SigValue, JacobsRimell, ChangingWorlds, jnetx, OpenMarket Inc., MX Telecom Inc., MX Telecom Ltd, Streamezzo, and Bridgewater Systems are the exclusive property of Amdocs, and may not be used without permission. All other marks are the property of their respective owners. Created 02/2013

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information