Empowering ATN to secure enterprise access during rapid M&A growth

ATN International enables people around the world to connect to data

As a global telecommunications holding company, ATN International focuses on providing underserved communities in rural America, the Caribbean, Australia and many other locations with access to internet, broadband, television, and mobile services. Data analytics plays a key role in this mission.

In recent years, an ongoing digital transformation has brought new requirements for securing users and data, along with a Snowflake data warehouse reshaping its data ecosystem. With data living everywhere, the company needed to be able to enforce strict governance and control across its complex data ecosystem. “Cybersecurity has been a huge focus for us,” says Ben Doyle, CIO of ATN international.

Rapid growth brings challenges around data access and compliance across systems

As a holding company, much of ATN’s growth comes through M&A. To support its data-driven business strategy, ATN needs to be able to blend the content from acquired telecommunications companies into a common data environment, including subscriber, account, network, billing, and marketing information.

This includes reconciling a diverse mix of data access policies developed organically over the course of decades to meet the specific needs of various distributed markets. “Our data access model has grown organically over twenty-plus years,” says Fournier. “One of our biggest challenges is trying to modernize that into a modern, scalable architecture that lives in the cloud.” To reduce the risk of privilege abuse and data breaches for sensitive customer and business information, ATN needs to maintain strict governance over data policies and permissions wherever data resides.

Beyond the cybersecurity implications of data access, ATN also needed to ensure compliance with numerous domestic and international regulations from the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), to Bermuda’s Personal Information Protection Act (PIPA) and the Cayman Islands Data Protection Law, to rules governing Customer Proprietary Network Information (CPNI) for telecommunications companies. These mandates include requirements for companies to understand and prove who has access to sensitive data, and to enforce the principle of least privileged access.

Veza helps ATN gain centralized visibility into identity and access across the data ecosystem

As the industry’s first cloud data security platform rooted in authorization, Veza offered a way for ATN to confidently answer questions about who can and should take what action on what data. The Veza platform provides a single control plane to understand and control enterprise-wide authorization for any enterprise identity to any enterprise resource, including data systems, applications, and cloud services. “Veza gives us a single view of our data environment and how it connects to Okta, our identity provider,” says Doyle. In addition to Okta, ATN has integrated Veza with Azure and Snowflake and AWS in the cloud. “Having an integrated view also means that we can see the whole security schema at once, helping us understand where there are gaps,” says Fournier. “If a user suddenly doesn’t have access to Tableau, we can see why without having to spend all day tracking it down.”

Looking ahead

With a centralized data security platform across its entire hybrid cloud environment, ATN will now be able to extend visibility to cloud identity and data systems like Okta and Snowflake, Cloud IAM (AWS IAM), and its thousands of on-prem SQL databases, helping it support governance, privacy, and zero trust consistently wherever data resides. This capability will be critical to ensure that M&A activity doesn’t bring unintended consequences such as cross-company access to customer PII, which can jeopardize regulatory compliance and certification. Moving forward, ATN will use Veza as part of its due diligence process for new acquisitions to understand their data environment and mitigate any potential risks they may present.

About ATN International

ATN International, Inc. (Nasdaq: ATNI), headquartered in Beverly, Massachusetts, is a provider of digital infrastructure and communications services in the United States and internationally, including the Caribbean region, with a focus on rural and remote markets with a growing demand for infrastructure investments. The Company’s operating subsidiaries today primarily provide: (i) advanced wireless and wireline connectivity to residential, business and government customers, including a range of high-speed Internet and data services, fixed and mobile wireless solutions, and video and voice services; and (ii) carrier and enterprise communications services, such as terrestrial and submarine fiber optic transport, and communications tower facilities.