Digital ecosystems: Security and identity

The speed of digital change driven by innovation will drive the need for making application-driven ecosystems identity-aware, trusted and secure.

This speed of change must not put the ecosystem stakeholders at risk when it comes to providing, storing and processing sensitive information. For example, with initiatives such as GDPR and PSD there are severe financial penalties for mismanaging information and data entrusted to a stakeholder.

Consumers will expect that their chosen providers can be trusted to use data only for the purposes they provided it. Stakeholders that are collecting, storing and processing such data need to ensure that their platforms and processes are robust and effective enough, that data isn’t turning into ‘toxic waste’ and attracting liabilities and penalties. 5G standards and platforms will change the nature of connected applications and ecosystems. The industry has evolved from the days of analog and early digital mobile phone systems that were targeting voice and message communications.

We have seen data rates increasing, latency going down, and operations and management increasingly being automated. With 5G we can expect:

  • Devices capable of connecting at 1 to 10 Gbps or more
  • Latency in the 1ms range
  • 90 percent reduction in network energy usage
  • 1000x increase in bandwidth per unit area
  • 10x to 100x more connected devices

Security and subscriber privacy protections have improved (e.g., pseudo-IMSI management) and the role of trust and identity are top of mind in the industry. That is reflected in initiatives such as 5G-Ensure, which will provide input to the 3GPP and ETSI standardization processes. ITU has also finalized their vision for a mobile broadband connected society. Industry groups such as TM Forum and Mobile Ecosystem Forum (MEF) are also active in equipping the industry ecosystem for the arrival of 5G.

The 5G ecosystem participants will, amongst others, be:

  • Communication Service Providers (CSPs)
  • Consumers
  • Enterprises
  • Device manufacturers
  • Governments
  • OTT providers
  • Application providers
  • System integrators (SIs)
  • Network equipment providers (NEPs)
  • Standards bodies and regulators

Identity at the ecosystem core

Powering the 5G ecosystem will be an array of platforms. Indeed, 5G will further manifest and push the platform-based business and economy forward. However, without secure and trusted APIs that also perform to meet real-time or near real-time performance requirements, the platform-based philosophy will abruptly stall.

As CSPs are seeking to unlock new revenue opportunities by leveraging their core assets such as subscribers, networks, systems, authenticated billing relationships and trusted branding, we can expect to see an emergence of platforms for a variety of new applications. Mission-critical consumer, community and industrial applications and immersive leisure applications will be built on secure, trusted and identity-aware networks and platforms.

The CSPs are ideally positioned in the ecosystem and value chain to capitalize on their investments and at the same time power an open and global ecosystem. With the explosion in the number of connected devices and, at times, associated subscriptions, a CSP is ideally positioned to act as a secure and trusted identity provider spanning subscribers and devices. CSPs are also ideally suited to provide and leverage IRM services, as they will be able to provide insights into how users, devices and services are linked and used. Applications that we can expect will thrive when powered by 5G are:

  • Smart cities (smart societies)
  • Connected and autonomous vehicles
  • Immersive media applications
  • Health care applications
  • Public safety applications
  • Industrial applications
  • Agricultural applications

Fundamental and critical to the success of 5G applications is to ensure that trusted, secure and identity-aware interactions are at the core of each stakeholder’s platforms and systems. Consumers and businesses alike will expect that security, privacy and consent are intrinsic to the applications, devices, things, networks and services they interact with.

In the same way that security cannot be an afterthought, privacy and consent capabilities must be seen as core business-enabling functions and considered from day one. Providers should enable identity providers, service providers and application developers to base the privacy and consent features on a standards-based, open and scalable platform. The emergence of 5G and related technologies and standards will put a strong emphasis on:

  • Identity for devices, subscribers, software, network elements and ecosystem participants
  • Trust to make mobile subscriber tracking harder outside of the network by leveraging pseudonymous customer reference (PCR) between a telco IDP and relying parties; for example, using GSMA Mobile Connect or pseudo-IMSIs
  • Security; for example, asserting identity of a device, its owner, its user and the data it emits


  • As relevant, it is possible to prove the identity (or pseudonym) of the parties in an interaction
  • As relevant, identity information will form a core context of each and every interaction.
  • Double- and triple-blind interactions should be supported.


  • Data is used for exactly its intended purpose
  • Data can be managed by users and authorized representatives such as enterprise use cases.
  • Data origins can be proven


  • Each ecosystem can assume that data hasn’t been compromised.
  • Interactions can be guaranteed to be between authenticated and authorized parties.

Learn more in this white paper from ForgeRock.


    About The Author

    VP, Communications & Media Indutry

    Leave A Reply

    Back to top