Securing the chain of trust in tomorrow’s IoE

Paul Bradley, Head of 5G Strategy & Partnerships, Gemalto, will take part in a panel discussion entitled “The value of trust in a hyper-connected context” at TM Forum’s Internet of Everything InFocus 2017 event in Amsterdam in November. Ahead of the big event, read on for some of his related insights.

Recurring data breaches have meant that user confidence is becoming a requisite for tomorrow’s digital transformations. In parallel, we are witnessing the beginning of the end of the first phase of mobile connectivity: While smartphones have become users’ main interface to mobile services, innovation has recently begun to plateau compared to the enhancements made over the past decade.

What comes next will be key to how the industry shapes the future of mobile customer experience management. Mobile operators will have to shift their user-focused paradigms and adapt their organizations. Gemalto’s two most recent surveys reveal that user confidence and experience will be the foundation of the new human element from 2020 onwards.

Security accountability

Our Data Breaches and Customer Loyalty report found that consumers are increasingly aware of online security risks, and together with regulators, they now hold businesses responsible for data breaches. Consumers are putting the responsibility for protecting their personal data firmly at the hands of the organizations holding their data – and not themselves.

According to the 9,000 people surveyed in 11 countries, 70 percent of the responsibility for protecting and securing customer data lies with companies and only 30 percent of the responsibility with the consumers themselves. Yet, just a third of consumers believe companies are taking the protection of their personal data seriously. This comes as consumers are becoming increasingly fearful of their data being stolen and believe that it will happen to them in the future. After all, more than 7 billion identity data records have been exposed since 2013.

Unsurprisingly the lack of security measures harm consumer confidence and engagement with service providers.

Firstly, half of consumers have taken legal action against the parties involved in exposing/taking their personal information, or are considering it. Almost all users would consider taking legal action against any of the parties involved in exposing their personal information if they were a victim of a breach in the future.

Secondly, a majority believe they would be unlikely to do business with an organization that experienced a breach where their sensitive information was stolen.

Who to trust

Our report Mobile Customer Experience 2025 looks to the future, where this rising concern about security among users impacts who they expect to be the most trusted provider of services, and in which organizations they confide their data.

Mobile users prefer to trust handset manufacturers with the provision of a secure overall experience, followed by connectivity providers, OTT players and all three players equally. It also shows that consumers intend to rely mainly on themselves for managing their own digital identity.

An education process is needed to demonstrate to consumers the steps mobile players are taking to protect their data and secure their customer experience. With the explosion of internet of everything (IoE) devices in the years to come, this is an even more fundamental requirement. To establish this foundation of trust, a new security architecture must be defined leveraging mechanisms at the device, the mobile edge and the core levels. This will help to protect identities and data, thus securing interactions between highly diverse devices and cloud services:

1. At the device level

The establishment of trust starts with a device (whether it belongs to an end user or is a machine) acquiring and interacting with multiple user identities that are strongly secured and managed for multiple and independent service providers.

For example, implementing and then educating consumers about protocols like two-factor authentication and encryption in simple terms is a first possible step to show consumers that the protection of their personal data is being taken very seriously.

The 5G IoE revolution brings extreme diversity around use cases, with a broad range of new devices which have different security needs, capabilities and price-points. A single one-size-fits-all solution for security will not work, and the requirements for security will need to be customized from end-to-end per segment around the sensitivity of the data and the automated decisions that will be based upon it.

Security is like an insurance policy which provides a suitable level of assurance against attacks and their business consequences. Finding the right security combination for a given segment is a balancing act between the security in the device and security at the core.

2. Virtualized network security at the core and mobile edge

Virtualization will bring flexibility and scalability to network operators and service providers. Security defense mechanisms in the cloud must enable multi-provider/multi-device/multi-RAN technology use cases at the core and mobile edge clouds whilst protecting this multi-tenant environment. The de-materialization of physical equipment creates a need to establish trust between the virtualized network functions composing a network slice, which is then tailored to a service level agreement between a connectivity service provider and their customer.

Meeting Ultra-low latency use cases brings a great challenge for network latency. This should be achieved without compromising security, and Gemalto sees this as a major risk today for communications. Traffic within the virtualized core and exchanged with the mobile edge should be confidentiality protected at high-speed to avoid eavesdropping/data manipulation attacks.

3. Big data handling at the mobile edge

With the emergence of mobile edge computing and, for example, smart city use cases, the role of a data broker is possible at the edge where data can be collectively analyzed based upon its sensitivity. For example, a temperature at a given location could be used by different entities hosting applications at the mobile edge, and this could automatically be used as part of their analytics to anticipate an increase/decrease in energy usage needs, a need to grit the roads, etc.

The characteristics of a data set (for example is it public/private/confidential), as well as the integrity protection of the data and metadata itself (for verification purposes) will need to be made available securely to the applications at the mobile edge which may need to leverage it. The true promise of 5G, IoE and mobile edge computing will only be fulfilled if collected data can be shared for analysis, and a chain of trust must be assured around this process.

Interested in attending the Internet of Everything InFocus 2017 event? Register here, or check out the agenda for further info.


    About The Author

    Head of 5G Strategy and Partnerships

    Paul Bradley has held various consulting and product management roles in the digital security field since joining the company in 1999. Prior to his current role, Bradley was Technical Director for the North America region and led technical teams deploying innovative, pioneering security solutions for some of the world’s first LTE networks.

    Leave A Reply

    Back to top