Turkcell Enhances Cybersecurity for Millions of Customers with CyberArk

• Cybersecurity & Privacy - Application Security
• Cybersecurity & Privacy - Endpoint Security

• National Security & Defense
• Telecommunications

• Quality Assurance

• Cybersecurity
• Tamper Detection

• Cybersecurity Services
• System Integration

Turkcell, a leading digital operator in Turkey, faced a significant challenge in protecting its 40 million customers, 300,000 network devices, and 40,000 employee and partner identities across Turkey, Ukraine, Belarus, and Northern Cyprus. As the largest telco in Turkey, Turkcell offers a wide range of services, making cybersecurity a critical business operation. The company has won several awards for its digital security products and plays a key role in the Turkish cybersecurity industry. However, the company's aggressive digital transformation path, which includes new digital services such as instant messaging, TV and music platforms, personal cloud services, search engine, and email services, increased its attack space. The COVID-19 pandemic further complicated matters as most staff began to work remotely, potentially exposing Turkcell to new, unforeseen risks. A risk assessment initiative highlighted a potential vulnerability in Windows servers, prompting the company to seek a robust security solution.

Turkcell is a digital operator headquartered in Turkey, offering a unique portfolio of digital services along with voice, messaging, data, and IPTV services on its mobile and fixed networks. Turkcell Group companies operate in four countries – Turkey, Ukraine, Belarus, and Northern Cyprus. The company also provides services in the techfin sector with Paycell, which provides payment services, and Financell, which offers financial services. Turkcell launched LTE services in its home country in 2016, offering up to 10 Gbps fiber internet speed with its FTTH services. The company has been listed on the NYSE and the BIST since July 2000 and is the only NYSE-listed company in Turkey.

To address its cybersecurity challenges, Turkcell partnered with CyberArk, a market-leading security solutions provider. Turkcell adopted CyberArk Privileged Access Manager Self Hosted and CyberArk Endpoint Privilege Manager, expanding the CyberArk platform as the business grew. Currently, Turkcell manages more than 70,000 accounts using CyberArk and protects over 10,000 endpoints with CyberArk Endpoint Privilege Manager, focusing on high-risk high-impact teams like developers and system admins. The company also uses CyberArk Secrets Manager to protect machine identities and eliminate hardcoding passwords. To resolve the security risk on Windows servers, Turkcell used CyberArk to limit local admin rights and store passwords in CyberArk vault systems. This approach significantly limited attackers' options to move laterally from local applications to critical systems and eliminated the need for users to write down or store passwords on computers.

• The implementation of CyberArk solutions has significantly enhanced Turkcell's cybersecurity defenses. CyberArk forms a key part of the Turkcell Security Operation Center, which monitors current threats and cyberattacks 24/7. This has enabled Turkcell to offer its digital operator competence, as well as its integrated cybersecurity and information security experience, to corporate and individual customers. The partnership with CyberArk has been strong, with Turkcell viewing the relationship as a partnership rather than a conventional customer-vendor relationship. With CyberArk, Turkcell has achieved a level of security that many of the company’s customers are asking to replicate for their own organizations.

• Strengthened cybersecurity for 40 million customers, 300,000 devices, and 40,000 staff
• Protected 70,000 accounts and 10,000 endpoints
• Streamlined privileged access management operations