Communication service providers (CSPs) all over the world are obligated to provide law enforcement agencies (LEAs) with customer communications data, only when its interception is properly authorized, such as by a search warrant. Those requirements, according to specifications in 3GPP, ETSI, and other international standard bodies, may include both the contents of the target communication and control-plane metadata such as call detail records (CDRs).
For any Communications Service Provider (CSP) or Mobile Network Operator (MNO) Lawful Interception (LI) must satisfy regulatory requirement and legal obligation required to operate their networks by Law Enforcement Agencies and Government Authorities. Lawful Intercept allows authorized authorities to perform interception of communication traffic for specific identified users.
The mandates for lawful interception require implementation and maintenance of sophisticated solutions that often do not directly support revenue-generating services, making them pure cost centers for CSPs. At the same time, potential penalties for non-compliance (including outages) make lawful interception a mission critical workload part of providers core network. To streamline this requirement, SS8 has partnered with AWS to provide a lawful interception solution as a turnkey deployment using AWS purpose-built cloud infrastructure and services.
Lawful Intercept functional architecture. Regulatory mandates for lawful interception, including the 3GPP standard.
Meeting Regulatory Mandates for Lawful Interception
The SS8 software platform includes Xcipio, the mediation component CSPs install in their networks to lawfully handle interception requests and delivery back to LEAs. Xcipio is designed for high-speed networks, including complex call flows, while adhering to international standards and requirements, with deployments all over the world for more than two decades. Purpose-built on Kubernetes, the entire SS8 platform runs as a cloud-native SaaS offering based on container-deployed microservices.
SS8 provides robust warrant-management and other mechanisms to ensure that only proper legal processes are followed and adhered to while customer privacy is protected. Handoff of data from CSPs to LEAs follows standards, guidelines, and security best practices developed by international standard bodies to maintain lawfulness of the transaction. The combination of enabling LEAs while safeguarding citizen privacy is central to SS8’s mission to protect society.
Significant changes in CSP networks are dramatically escalating the complexity of supporting lawful interception requirements. 5G services usher in new protocols and interfaces, with massive volumes of encrypted data from novel sources such as IoT endpoints, traveling at faster speeds than ever before. These networks are highly distributed, with forces such as edge computing and cloud infrastructure calling for a microservices-driven approach to deploying the mediation function. The SS8 platform and accompanying best practices are ahead of the technology-adoption curve in meeting the next generation of network requirements as they emerge.
Architecture and Implementation Approach with AWS
The current transitions in CSP infrastructure and business models promise to afford opportunities to CSPs that the enterprise enjoyed for some time. For years, requirements such as carrier-grade reliability and latency required the use of single-purpose, monolithic hardware and software, preventing wholesale commodity architectural changes to CSP networks. Today, the development of cloud-driven architectures utilizing the advances in hardware and software components that underlie them offer CSPs unprecedented agility, scalability, and reliability while delivering cost-effective solutions.
Typical CSPs may continue to operate hybrid infrastructures for the time being that includes both cloud and on-premise components of their networks. In these cases, a cloud-based deployment of Xcipio is suitable for the entire hybrid architecture. Whereas, on-premise deployments are difficult to adapt and benefit from the rapid pace of innovation and agility provided by cloud-based networks. Streamlining the cloud deployment, the solution provided by SS8, deployed on AWS offers a secure, reliable, and scalable option for CSPs to meet mandatory regulatory requirements.
As CSPs roll out new infrastructures and services—for an expanding set of UE (user equipment)—they must meet strategic imperatives to control the complexity and associated cost of extending lawful interception to new network elements. The pre-integrated solution of the SS8 platform on AWS provides a turnkey means for CSPs to meet these goals, with the agility and self-healing nature of a well-architected cloud solution.
Implementation architecture for SS8 platform deployed on AWS.
The CSP Business Case for Deploying SS8 with AWS
Delivering SS8’s state-of-the-art lawful interception platform on AWS public cloud infrastructure takes full advantage of AWS services and suite of tools that are being deployed by CSPs. The engineering behind the solution draws on SS8 and AWS leadership capabilities to align with cloud architecture best practices and design principles. Key guidance followed in this design is to satisfy the six pillars of the AWS well-architected framework:
- Operational excellence. Support development and execution of services, gathering insights that enable continuous improvement to support evolving business and technology requirements.
- Security. Take advantage of cloud capabilities to protect systems, data, and other assets from threats and misuse that could compromise the lawful interception practice, while it runs on public cloud infrastructure.
- Reliability. Ensure that lawful interception workloads perform as intended under all conditions, with measures such as automated failover and elastic scalability.
- Performance efficiency. Apply computing resources efficiently while meeting fluctuating demand, incorporating new technologies for ongoing optimization over time.
- Cost optimization. Execute lawful interception workloads at the lowest price point that can effectively and dynamically meet requirements, providing metrics to add visibility into financial patterns and trends.
- Sustainability. Address the long-term environmental, economic, and societal impacts of the lawful interception deployment, so the business can operate in a responsible manner.
These design precepts enable CSPs to take advantage of the functional capabilities of the SS8 lawful interception platform, with the end-to-end integrity, flexibility, and cloud ecosystem provided by AWS. Consuming this solution provides CSPs forward-looking technical consistency within the broader cloud ecosystem and facilitates automation utilizing operational pipelines. The solution reduces engineering and financial burden on CSPs while ensuring a high-quality and reliable implementation. Existing implementations for large-scale carrier networks demonstrate that the SS8 and AWS teams provide a well-marked path to completion, meeting project requirements more efficiently and effectively than CSPs may have thought possible.
Learn more at aws.amazon.com/telecom and ss8.com
About the Authors
Matt Kozbielak is a Sr. Solutions Architect with AWS Telecommunications Business Unit, helping major Service Providers in their cloud journey and optimizing their architecture and solutions. He has 20 years of experience in the telecommunication industry, primarily focusing on the area of BSS/OSS, DEVOPS and streamlining and scaling operations. He enjoys analyzing and solving complex problems, and working on innovative telecom use-cases helping customers to increase their revenue and improve efficiency.
Scott Stimson is a Sr. Solutions Architect with the AWS Telecommunications team where he helps customers innovate, by differentiating their business, while transforming the end customers’ experiences. Scott is passionate about guiding customers on their cloud journey, building innovative solutions for complex problems. In his spare time, Scott enjoys experimenting with technology, visiting new places, and all things outdoors. Scott has 15 years’ experience supporting enterprise, service provider, and digital native customers.
Franklin Recio has been with SS8 since the foundation of the company. He has been involved in multiple roles including project management, services, sales, and product development, etc. Currently, he’s in charge of Global Field Services implementation and the Acceler8 Alliances program to expand the relationships with other members of the ecosystem. Franklin has an engineering bachelor’s degree in Electronic Communications and a master’s degree in Upper Management and International Development. Currently, he’s pursuing a Ph.D. in Strategic Analysis and Sustainable Development at the Anahuac-Mayab University in Mexico. You can learn more about Franklin on his LinkedIn profile here.
In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web services — now commonly known as cloud computing. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business. With the Cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster.
AWS is how communications service providers (CSPs) are reinventing communications
The race is on for CSPs to find new ways to offer innovative new applications, while balancing the investments required for 5G. AWS brings the most advanced and secure cloud infrastructure, fastest rate of innovation, and deepest telecom partner ecosystem to differentiate and cloudify your business. Together, we are innovating and building secure and scalable software driven networks, simplifying operations and reimagining the customer experience to accelerate tomorrow’s growth.
About SS8 Networks
SS8, a network intelligence company, provides solutions to help customers quickly identify, track, and investigate devices and subjects of interest. SS8 is trusted by six of the largest intelligence agencies, eight of the fourteen largest communications providers and five of the largest systems integrators.