AT&T Developer
  • Products
  • Resources
  • Blog
  • Sign In

Technical Library

    Device Technologies
    • Biometrics
    • Device Detection
    • HTML5
    • Mobile Web Fundamentals
    • Mobile Web Standards
    • Multi Core Coding in Dalvik
    • Multi Thread Coding in Android
    • Near Field Communication
    • NFC Forum
    • NFC Use Cases
    • NFC Case Studies
    • NFC Tags
    • GlobalPlatform and NFC
    • User Identification
    • Native Code
    Security and Privacy
    • Application Privacy Guidelines
    • Downloading DRM Content in Android
    • IPv6
    • Likelihood of a Successful Attack
    • Messaging Privacy
    • Mobile Web Security
    • Network Security
    • Security Policy
    • Security at AT&T
    • Types of Security Threats
    • Wireless Application Security
    • Security Policy Enforcement
    UI Elements
    • Slider Controls for Android
    • Check Box for Android
    • Dropdown for Android
    • Image Button for Android
    • Toggle Button for Android
    • Radio Button for Android
    • Segmented Text Toggle Button for Android
    • Static Text Toggle Button for Android
    • Switch for Android
    • Text Fields for Android
    • Getting Started with AT&T UI
    • HTML5 UI Elements
    • HTML5 Checkboxes
    • HTML5 Dropdown
    • HTML5 Image Button
    • HTML5 Image Toggle Button
    • HTML5 Radio Button
    • HTML5 Segmented Toggle Button
    • HTML5 Slider
    • HTML5 Static Text Toggle Button
    • HTML5 Switch Control
    • HTML5 Text Fields
    Network Technologies
    • IP Addresses
    • Long Term Evolution (LTE)
    • Network Timers
    • Wi-Fi
  • Other AT&T Websites
    • Best Practices
    • Hackathon Best Practices
    • Mobile Best Practices
    • Seven Common Errors Around Creating Mobile User Experiences
toggle menu

Security at AT&T

 

AT&T takes security very seriously. After it has come across the airlink, your data enters the AT&T network, where we take great care to ensure that data confidentially and integrity are protected.

To secure data both in transit across the network and stored in the network, AT&T has implemented a comprehensive security program that focuses on 13 major areas. The areas are derived from ISO 17799, COBIT, and other industry best practices.

Although this section describes AT&T's specific security program, you can apply the concepts to carrier security in general. Before deploying a mission-critical wireless application using another carrier, make sure that company's security measures meet your tight standards.

The 13 areas are as follows:

  • Strategy, planning, and governance
  • Policies, standards, and compliance
  • Metrics and measures
  • Education and awareness
  • Application development and testing
  • Intrusion detection and response
  • Network operations and firewalls
  • Patch, antivirus, and vulnerability management
  • User and access management
  • Continuity planning and crisis management
  • Disaster recovery
  • Physical and environmental security
  • Security personnel

 

Strategy, Planning, and Governance

 

AT&T has an Enterprise Security and Privacy Governance council with executive representatives from each key area of our business. The council meets regularly to create strategies and make decisions about security and privacy issues that affect AT&T and our customers.

 

Policies, Standards, and Compliance

 

AT&T has developed policies and standards that cover seven security domains, and we actively monitor our security processes to make sure that the business as a whole is complying with those policies and standards:

  • Identity/user
  • Confidentiality and privacy
  • Networking
  • Systems, hosts, and devices
  • Middleware and applications
  • Security management and process definition
  • General

Additionally, AT&T has an active program for ensuring compliance with the Sarbanes-Oxley Act of 2002. And we have annual security assessments performed by third parties to test the effectiveness of our security program.

 

Metrics and Measures

 

It is not enough just to have security policies and to set standards. To make sure that their policies and procedures are actually followed, enterprises need to define metrics for each area of their security programs and to determine how to measure success and compliance in those areas.

At AT&T, we have established specific metrics for each of the other 12 areas in our security program. Having objective, quantifiable goals and performance measurements ensures that the program is working the way we want it to.

 

Education and Awareness

 

AT&T has a security awareness program that's designed with modules to address the needs of specific job functions and roles. For example, additional technical training is included in the modules for developers, database administrators, and system administrators; modules for executives emphasize more corporate-level policies.

 

Application Development and Testing

 

AT&T has rigorous procedures in place to makes sure that all our applications are fully tested and meet our security requirements. AT&T also regularly tests production Internet applications for security vulnerabilities.

 

Intrusion Detection and Response

 

AT&T has deployed an advanced intrusion detection system that is actively monitored by our Security Network Operations Center (SNOC). SNOC has established procedures to analyze events and to evaluate the threat that a particular event may pose. SNOC also has a Security Incident Response process in place to rapidly investigate and respond to potential attacks.

 

Network Operations and Firewalls

 

AT&T has redundant stateful inspection firewalls at each border connection to the AT&T infrastructure. Appropriate security measures are in place for all traffic that remotely accesses the AT&T infrastructure.

AT&T also has redundant Network Operation Centers operating 24x7, to ensure the proper operation of all security systems.

 

Patch, Antivirus, and Vulnerability Management

 

AT&T actively scans the network environment for potential vulnerabilities, and we have vulnerability management processes in place to mitigate risks. AT&T also has security patch and antivirus management programs to make sure that software updates and virus signatures are deployed rapidly when they become available. Additionally, our comprehensive antivirus program includes rapid virus detection and removal.

 

User and Access Management

 

AT&T uses a workflow tool for processing requests to access our applications and systems. Procedures are in place to verify employment and to review the need for access before the access is granted. Additionally, when employees leave the company, their user accounts are removed promptly.

 

Continuity Planning and Crisis Management

 

AT&T's enterprise-wide Continuity Planning and Crisis Management program is designed to minimize risk to people, profit, process, and property through defined best practices. The program has four phases:

  • Prevention
  • Mitigation
  • Response
  • Recovery

Procedures that support these phases include:

  • Business impact analysis
  • Site risk assessment, policies, standards, and guidelines
  • Personal preparedness
  • Crisis and incident management, planning, and support
  • Government coordination
  • Recovery plan development
  • Disaster exercises
  • Recovery support

 

Disaster Recovery

 

AT&T's IT Continuity Planning and Disaster Recovery Program includes disaster preparedness and recovery planning for critical IT applications, processes and facilities. AT&T contracts with third parties to support critical IT components and also implements in-house recovery strategies to ensure that business processes can continue in the event of disaster. AT&T regularly performs disaster exercises to provide training and to validate recovery capabilities.

 

Physical and Environmental Security

 

All AT&T facilities that contain critical information systems and assets are protected by a combination of physical security measures. These measures may include magnetic badge readers, security personnel, video monitoring systems, and so on. Precisely defined policies in our Data Center Access Policy for AT&T Enterprise Data Centers determine which measures we implement at a given facility.

AT&T manages physical access to facilities through card-key security badges, and AT&T Data Center Operations controls who can access critical assets across the enterprise. Some facilities use a single-badge photo ID and access card (combined); others use a dual-badge system with a separate photo ID and electronic badge that records entry to all critical-asset areas.

Procedures are in place to verify employment and to review the need for access before the access is granted. A critical-asset owner maintains a list of employees who are authorized to access the asset.

 

Security Personnel

 

AT&T employs only well-trained and industry-certified security professionals to manage and support our security program.

Back To Top
  • APIS & TOOLS
    • AT&T Video Optimizer
  • APIS & TOOLS
    • Futurist Reports
    • Technical Library
  • SUPPORT
    • Contact Us
    • FAQs
    • Twitter
  • AT&T Developer Program on Github
  • AT&T Developer Program on Facebook
  • AT&T Developer Program on Twitter
AT&T Logo

Terms of Use   Privacy Policy   Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
©2024 AT&T Intellectual Property. All rights reserved

AT&T, the AT&T logo and all other AT&T marks contained herein are trademark of AT&T Intellectual Property and/or AT&T affiliated companies.

14100000
Session Expiring

Your session is about to expire in !

Stay Signed In
Session Expired

Sorry! Your session has expired.

Skip to content