Telecommunication companies handle vast amounts of sensitive data, making security and privacy a top priority. At the same time, Telcos are also on a transformative journey, steadily evolving into tech powerhouses as they seek to harness cutting-edge technologies to improve customer experience and add new revenue streams.
We built Turbine to help Telcos create new mobility insights (for new revenue streams and network optimization) using the vast amount of network data they have with both the highest level of security and privacy in mind.
Information security primarily revolves around protecting data from unauthorized access by implementing measures such as encryption, access controls, network security, and monitoring. Privacy, on the other hand, focuses on ensuring that individuals' personal information is handled in accordance with privacy regulations and best industry practices like anonymization, consent management, and transparency in data processing to respect users' privacy rights.
Turbine achieves both these objectives by leveraging data models and algorithms that are deployed in a telco’s chosen data clean room or cloud environment. This proprietary feature helps telcos gain valuable insights from their datasets without ever allowing data to leave the Telco’s secure environment. Below is an example of how this is accomplished on Google Cloud Platform (GCP).
A typical Turbine-Telco GCP Architecture
The Telco and Unacast create three different projects as part of the initial setup. Each project is under the control of Telco’s billing account ensuring full visibility, control and governance on the part of the Telco.
Telco Core Project
This is a GCP Project within the exclusive control of the Telco. This allows raw data needed for mobility insights (CDR, BSE, Tower Data) to remain on the technical premises of the Telco. Under this framework, Unacast Turbine has no access to the data inside the Telco’s network, which maintains complete authority over network configurations and related access controls.
Telco Buffer Project
The Buffer Project acts as an intermediary zone between the two different projects (Telco Core and Unacast Project). This provides a controlled pathway for data and models to pass through, all the while enforcing security measures.
Once prompted, the Telco will transfer a sample dataset into the intermediary zone. The Telco maintains the flexibility and discretion to determine how much data to “push,” which is usually only a representative sample or a subset of Telco data.
Unacast Project can upload new versions of the Turbine to capture advances in ML data models and algorithms that are better able to describe mobility. Telco Core Project can choose to deploy the new version of Turbine after testing it within this environment. Doing so adds a further layer of deployment security, allowing for thorough testing of new Turbine versions at the Telco’s discretion.
Unacast Project
This is where Unacast uses the data provided by the Telco to configure the data models of Turbine engine to work as each set of Telco data has its nuances. New development of features and testing also takes place in this project. When new functionality is ready for deployment it is pushed into the Telco Buffer Project
How does this setup ensure security of Telco Data
Having this three project configuration ensures Unacast never has direct access to the telco data. The Telco grants access to a subset of data deemed suitable for configuration and development of Turbine. Usually this is a small sample, for example 10% of one week’s worth of data which acts as a representation of the original data set. These small representative datasets are sufficient for Turbine models to be well-configured.
How does this setup ensures Privacy of Telco Data
Any data shared by the Telco into the Buffer Project which could be considered as PII (for example the device-ID) is automatically hashed ensuring that no identifying fields ever leave the Telco Core Project.
All data that is pre-aggregated can be K-filtered by the Telco. A K-filter allows telcos to maintain a minimum number of devices with particular attributes for every aggregate to mitigate against the risk of re-identification. This K value can be tuned according to local privacy requirements. By applying this filter Telcos can ensure that a minimum threshold of aggregate obfuscation is met, and no individuals or devices are identifiable through behavioral features.
