Harnessing data to support effective vulnerability management across Vodafone Germany

Addressing vulnerabilities in critical infrastructure

Keeping up with the rapidly evolving cyber-security landscape is a huge challenge, especially for operators of critical infrastructure. Vodafone Germany sought Analysys Mason’s assistance to fulfil its ambitions to achieve the highest levels of cyber security, and to reduce the significant risks associated with network resilience, legal risks, data security and confidentiality. 

Collecting the right data to achieve strategic alignment 

Over an 18-month project, we worked in close co-operation with the Vodafone Germany team to transform its IT security monitoring to minimise short-term vulnerabilities, but also to generate valuable data resources and re-engineer corporate systems and relationships to create confidence and insight over the long term. 

By embedding Analysys Mason consultants within Vodafone Germany’s team over a long period, we were able to create tailored dashboards that transformed visibility and understanding of vulnerability management key performance indicators (KPIs). We designed and implemented an impact rating system to assess severity, and to prioritise remedies according to different factors.  

Dashboards became an important instrument for management to use for monitoring vulnerabilities, but were also invaluable at a technical level to dictate concrete change and reduce vulnerabilities across the IT estate and network infrastructure.

Our engagement with Vodafone Germany allowed us to function as a useful bridge between departments, allowing integration and collaboration, and a permanent transformation in business systems, communication and processes. 

Mapping and transforming the data was a key challenge to ensure all relevant departments could extract the insight they need, and the system was designed to continue to grow in value with the increasing volume and richness of data held. 

Achieving external validation of improved systems

Our reports gave Vodafone Germany the evidence to demonstrate compliance with higher standards than previously, to meet internal targets, and to achieve an improvement in the externally assessed grading of vulnerability management. Our dashboards were instrumental in improving Vodafone Germany’s vulnerability score in an independent assessment (a specified objective for the cyber-security team in 2023) and upgrading the score to substantially effective. 

From a broader operational perspective, our support allowed Vodafone Germany to identify areas of weakness, and to make effective use of cyber-security resources, minimising cost for maximum positive impact and security, and ultimately helping to protect Vodafone Germany’s operations and reputation.