Telecom operators are fervently working towards 5G network and services deployment in order to be an early mover in the market. Operators are investing in Digital Transformation (DX) as well as inking partnerships with other players in the ecosystem to monetise on exciting new use cases in the enterprise segment and make market inroads.
The consumer market has become a retention play and on the whole many operators are experiencing declining margins and it appears unlikely that the consumer will pay more for higher speeds. Device affordability for mass-market remains a challenge though Chinese smartphone vendors are expected to release sub US$ 300 5G smartphones later this year. 5G can be expected to arrest the lengthening consumer upgrade cycle due to the attractions of not only faster speeds but improved streaming and cloud gaming. Data services revenues will continue to generate growth but this will be offset by losses in mobile voice services.
5G – An enterprise value proposition
Telecom operators have thus far been largely unsuccessful in penetrating the enterprise ICT market due to a variety of reasons including the slow pace of innovation, lack of a one-stop-shop offering, insufficient channel to market to especially small and medium enterprises (SMEs), and lack of skills in offering non-network services. 5G technology presents operators with another opportunity to address this long-standing challenge with the flexible features of enhanced mobile broadband (eMBB), Ultra-Reliable Low Latency Communications (URLLC) and massive machine type communication (mMTC) enabling tailored network and services offerings. 5G promises to revolutionise various industry solutions based on required data rates, low latency, reliability, and machine-type communications.
Monetising 5G is a key topic among leading executives and new business models are being devised. Connectivity services will be offered with a mix and match of throughput, bandwidth volumes and latency requirements. Fixed Wireless in Southeast Asia will be very popular considering the low penetration of fibre to the home and will provide enterprises with a viable secondary connection to the internet. Popular applications including video streaming and gaming which are speed, latency and volume hungry will also be a target market for operators.
More speed, latency and number of connections
5G offers theoretical speeds of 20 times that of 4G, low latency of 1 millisecond (ms), a million connections per kilometre and is expected to power a new era of mobile Internet of Everything (IoE). Offering high speed is the initial offering to the market and operators are going to be offering minimum guaranteed speeds for the first time. A high definition movie could be downloaded in 10 seconds while low latency means better performance for live sports, gaming, mission-critical automation and driverless cars – among others.
Fixed Wireless Access is the new wireless fibre
5G will offer fixed wireless access (FWA) or “wireless fibre” to households as an alternative to fixed broadband. It can be ideal as a redundant second link offering when the primary link is down. FWA broadband services offer a serious alternative to fixed broadband services which is plagued by the high cost of civil works for fibre optic deployment and expansion of the network to reach the rural population. FWA is expected to make strong inroads into households in Southeast Asia with the exception of Singapore, as many nations lag in fixed broadband penetration. As a comparison, ITU reports that fixed broadband penetration in countries such as South Korea (41.6%) and Hong Kong (36.8%) lead their Southeast Asian counterparts – Singapore (28.0%), Vietnam (13.6%), Thailand (13.2%) and Malaysia (8.6%).
A boon for Video and Gaming industry
Gaming is huge in Southeast Asia, notably in Thailand and Indonesia, and operators can take advantage of this offering with partnerships and value-added services with cloud gaming, high bandwidth and low latency packages. With cloud gaming, gamers can access a library of popular high-quality games minus the need for expensive hardware which has been the case in the past. This platform allows content creators and publishers to access the huge Southeast Asian market and monetise.
B2B2x is not a new concept where operators partner with leading providers of video streaming services through direct billing and 5G will be able to offer low latency, for example for live events. This brings in not just a commission per subscriber but additional revenue for the additional network features such as low latency.
Video streaming providers such as Netflix, Viu, Hooq and Iflix are worthy partners for a subscription – so are ad-based video-on-demand services. Live sports streaming service also makes for a very lucrative opportunity with 5G features of high data throughput and low latency.
Readiness through digital transformation
Efforts for preparedness for this business shift means significant operational and technology platform improvements, operating on the cloud, ease of incorporating the partner ecosystem and supporting a multitude of pricing models. DX should run parallel to the build of 5G public and private networks for a telecom provider to be in a leadership position and for them to be able to fully monetise 5G. Operators will be making major changes to OSS and BSS to support 5G use cases with the ultimate goal of ensuring customer-centricity.
Ecosystm research finds that nearly two-thirds of telecom providers are looking to increase their cybersecurity spending in the year. It is also clear that the biggest driver of that spend are their DX projects (Figure 1).
Cybersecurity is of paramount importance more than ever now with the increase in devices, software-based network services and edge computing. It is essential that a robust cybersecurity framework is in place as 5G will drive DX in enterprises, power the Digital Economy and provide the critical core infrastructure for Industry 4.0. Operators need to ramp up investment in cybersecurity technology, processes and people. A telecom operator’s compromised security can have country-wide, and even global consequences. As networks become more complex with numerous partnerships, there is a need for strategic planning and implementation of cybersecurity, with clear accountability defined for each party.
While Vodafone remains one of the leading global telecommunications providers, they face the need to transform their services and reach out to a wider audience. The customer base of a typical telecom provider is shifting, and they can no longer afford to just focus on consumers and need to include enterprises in their go-to-market strategy. Beyond the usual offerings of connectivity and mobile plans, Vodafone Business has solutions for Unified Communications, IoT and Cloud, to help grow their enterprise customer base. Ecosystm Principal Advisor, Tim Sheedy says, “Vodafone is one of the most successful telecom providers in the business space. Vodafone Business already represents around 30% of the Vodafone Group revenue, and unlike most in the telecommunications sector, they are showing growth (albeit moderate!).”
The Role of Telecom Providers in the Cybersecurity Market
An area where enterprises continue to need guidance and support is cybersecurity. The results of the UK Government’s Cyber Security Breaches Survey 2019 found that 32% of UK businesses had experienced a cyber-attack in the previous 12 months. More than a third of UK organisations have made changes in their cyber policies because of the GDPR – a majority focusing on policies first. It is not surprising therefore that Vodafone should identify cybersecurity as the next area of focus for their enterprise offerings.
Sheedy says, ”Cybersecurity services are one of the fastest-growing areas in technology. But because of this, it is a also a crowded market with everyone – from the big telecom providers, IT services providers, big audit firms, mid-sized technology providers down to the smaller cybersecurity experts – playing for this growing spend. It can, however, be argued that telecom providers have some of the deepest experience in cybersecurity and managing the risks – their networks are probably the most targeted by hackers and malicious actors. Telecom providers have massive teams just to stop threats from one or two countries. With all the work they do to protect their own network, they should have the skills to help protect the networks and assets of their clients.”
Ecosystm Principal Advisor, Alex Woerndle concurs, “Telecom providers are perfectly positioned to transition into managed security service providers (MSSPs). They already have the experience in providing a range of managed services, the ability to scale to support clients and some ready-made expertise internally in their in-house cybersecurity capabilities.”
Vodafone’s Foray into Cybersecurity
Vodafone Cyber Enhanced focuses on selected cybersecurity areas – threat analysis and intelligence, managed firewall and managed security services. The global Ecosystm Cybersecurity study finds that the solutions that organisations will invest in most in 2020 are Security Operations (SecOps) & Incident Response (by a third of global organisations) and Threat Analysis & Intelligence (by 20% of global organisations).
Commenting on the areas Vodafone is focusing on, Woerndle says, “Threat analysis and intelligence is where a lot of established SecOps providers and MSSPs are really focusing now. Previously it was simply a matter of monitoring alerts and reporting. Businesses and in-house security teams are now seeking more proactive assistance in searching for threats, before they become attacks. The challenge they face is catching up – effectively jumping from just being another SecOps centre (SOC) monitoring and reporting alerts, to matching the more mature SOCs with proactive threat intelligence to help clients mitigate before an attack is launched. This takes time, as it needs maturity of the SOC and the team, and also data, which established providers have accrued plenty of, over an extended period. While a managed firewall is not really a new service, it makes some sense to couple it with other managed security services to deliver a broader program. Vodafone is absolutely targeting the areas that businesses are looking into presently.”
Woerndle adds, “MSSPs will be crucial to the security sector moving forward. There has been a rapid growth of vendor solutions creating a very confusing market for tech buyers. This is coupled with a tight labour market for skilled people who can manage the tools. It is not surprising , therefore, that 86% of organisations across the world will look to engage with an MSSP when deploying a cybersecurity solution, according to Ecosystm research.”
Sheedy sees an opportunity for Vodafone to go global with their cybersecurity capabilities. “If Vodafone can compete with the bigger players (and perhaps partner with or complement the offerings of the smaller ones), then they should find a significant opportunity, especially within their larger clients – particularly as they move into the software-defined networking space. However, given the confusion around cybersecurity, they should expand their focus beyond larger enterprises to businesses over about 100 employees. As one of the largest global telecom providers, with one of the largest networks, they can be an important player in the cybersecurity space – growing the spend in their business clients. And while this is a UK play for now, one assumes that they will look to expand across their operating countries as Vodafone Cyber Enhanced gains traction.”
In our blog, Artificial Intelligence – Hype vs Reality, published last month we explored why the buzz around AI and machine learning have got senior management excited about future possibilities of what technology can do for their business. AI – starting with automation – is being evaluated by organisations across industries. Several functions within an organisation can leverage AI and the technology is set to become part of enterprise solutions in the next few years. AI is fast becoming the tool which empowers business leaders to transform their organisations. However, it also requires a rethink on data integration and analysis, and the use of the intelligence generated. For a successful AI implementation, an organisation will have to leverage other enabling technologies.
Technologies Enabling AI
IoT
Organisations have been evaluating IoT – especially for Industry 4.0 – for the better part of the last decade. Many organisations, however, have found IoT implementations daunting for various reasons – concerns around security, technology integration challenges, customisation to meet organisational and system requirements and so on. As the hype around what AI can do for the organisation increases, they are being forced to re-look at their IoT investments. AI algorithms derive intelligence from real-time data collected from sensors, remote inputs, connected things, and other sources. No surprise then that IoT Sensor Analytics is the AI solution that is seeing most uptake (Figure 1).
This is especially true for asset and logistics-driven industries such as Resource & Primary, Energy & Utilities, Manufacturing and Retail. Of the AI solutions, the biggest growth in 2020 will also come from IoT Analytics – with Healthcare and Transportation ramping up their IoT spend. And industries will also look at different ways they can leverage the IoT data for operational efficiency and improved customer experience (CX). For instance, in Transportation, AI can use IoT sensor data from a fleet to help improve time, cost and fuel efficiency – suggesting less congested routes with minimal stops through GPS systems, maintaining speeds with automated speed limiters – and also in predictive fleet maintenance.
IoT sensors are already creating – and will continue to create large amounts of data. As organisations look to AI-enabled IoT devices, there will be a shift from one-way transactions (i.e. collecting and analysing data) to bi-directional transactions (i.e. sensing and responding). Eventually, IoT as a separate technology will cease to exist and will become subsumed by AI.
Cloud
AI is changing the way organisations need to store, process and analyse the data to derive useful insights and decision-making practices. This is pushing the adoption of cloud, even in the most conservative organisations. Cloud is no longer only required for infrastructure and back-up – but actually improving business processes, by enabling real-time data and systems access.
Over the next decades, IoT devices will grow exponentially. Today, data is already going into the cloud and data centres on a real-time basis from sensors and automated devices. However, as these devices become bi-directional, decisions will need to be made in real-time as well. This has required cloud environments to evolve as the current cloud environments are unable to support this. Edge Computing will be essential in this intelligent and automated world. Tech vendors are building on their edge solutions and tech buyers are increasingly getting interested in the Edge allowing better decision-making through machine learning and AI. Not only will AI drive cloud adoption, but it will also drive cloud providers to evolve their offerings.
The global Ecosystm AI study finds that four of the top five vendors that organisations are using for their AI solutions (across data mining, computer vision, speech recognition and synthesis, and automation solutions) today, are also leading cloud platform providers (Figure 2).
The fact that intelligent solutions are often composed of multiple AI algorithms gives the major cloud platforms an edge – if they reside on the same cloud environment, they are more likely to work seamlessly and without much integration or security issues. Cloud platform providers are also working hard on their AI capabilities.
Cybersecurity & AI
The technology area that is getting impacted by AI most is arguably Cybersecurity. Security Teams are both struggling with cybersecurity initiatives as a result of AI projects – and at the same time are being empowered by AI to provide more secure solutions for their organisations.
The global Ecosystm Cybersecurity study finds that one of the key drivers that is forcing Security Teams to keep an eye on their cybersecurity measures is the organisations’ needs to handle security requirements for their Digital Transformation (DX) projects involving AI and IoT deployments (Figure 3).
While AI deployments keep challenging Security Teams, AI is also helping cybersecurity professionals. Many businesses and industries are increasingly leveraging AI in their Security Operations (SecOps) solutions. AI analyses the inflow and outflow of data in a system and analyses threats based on the learnings. The trained AI systems and algorithms help businesses to curate and fight thousands of daily breaches, unsafe codes and enable proactive security and quick incident response. As organisations focus their attention on Data Security, SecOps & Incident Response and Threat Analysis & Intelligence, they will evaluate solutions with embedded AI.
AI and the Experience Economy
AI has an immense role to play in improving CX and employee experience (EX) by giving access to real-time data and bringing better decision-making capabilities.
Enterprise mobility was a key area of focus when smartphones were introduced to the modern workplace. Since then enterprise mobility has evolved as business-as-usual for IT Teams. However, with the introduction of AI, organisations are being forced to re-evaluate and revamp their enterprise mobility solutions. As an example, it has made mobile app testing easier for tech teams. Mobile automation will help automate testing of a mobile app – across operating systems (Figure 4). While more organisations tend to outsource their app development functions today, mobile automation reduces the testing time cycle, allowing faster app deployments – both for internal apps (increasing employee productivity and agility) and for consumer apps (improving CX).
CX Teams within organisations are especially evaluating AI technologies. Visual and voice engagement technologies such as NLP, virtual assistants and chatbots enable efficient services, real-time delivery and better customer engagement. AI also allows organisations to offer personalised services to customers providing spot offers, self-service solutions and custom recommendations. Customer centres are re-evaluating their solutions to incorporate more AI-based solutions (Figure 5).
The buzz around AI is forcing tech teams to evaluate how AI can be leveraged in their enterprise solutions and at enabling technologies that will make AI adoption seamless. Has your organisation started re-evaluating other tech areas because of your AI requirements? Let us know in the comments below.
With the advancements in the technology landscape, the CIO’s role has become increasingly complex. One of the key challenges they face is in emerging and newer technology implementations, which require them to identify and partner with newer tech vendors. The common challenges that tech buyers face today include:
- The emergence of newer technologies that are catching the fancy of the C-suite and they are expected to adopt and deliver
- Getting management buy-in for IT investments (increasingly including discussions on ROI)
- Need to involve business stakeholders in tech decision-making
- Lack of sufficiently skilled internal IT
- Engagement with multiple tech vendors (including newer vendors that they have to establish a relationship with)
- Digital transformation projects that might require an overhaul (or at least a re-think) of IT systems
- Backdrop of compliance and risk management mandates
Many of these challenges will require the sourcing of new technology or a new tech partner and rethinking their vendor selection criteria. And selecting a tech vendor can be hard. The mere fact that there is an industry whose sole purpose is to help businesses select tech vendors goes to show the massive gap between what these providers sell and what businesses want. If there was easy alignment, the Tech Sourcing professionals and businesses would not have existed.
But over my time working with Tech Sourcing professionals, CIOs and business leaders, I have picked up on a few key factors that you should incorporate in your vendor selection process best practices. First and foremost, you are looking for a partner – someone who will be with you through the good and bad. Someone whose skills, products, services – and most importantly – culture, match your business and its needs.
I believe that the technology ecosystem is not really as competitive as we think. Yes, in practice Google competes with Microsoft in the office productivity space. But I often hear about companies moving from one to the other not for features, function or even price – but for a cultural match. Some traditional businesses were hoping Google can help them become more innovative, but in reality, their business culture smothered Google and meant they could not benefit from the difference in the ways of working. And I am not suggesting Microsoft is not innovative – more that Office represents the traditional ways of working – and perhaps can help a business take a more stepwise approach to change its own culture.
And I regularly hear about IT services deals (managed services, systems integration, consulting etc) going to the company that made the most sense from a cultural fit – where they were willing to take on the culture of their customer and embrace that way of working. In fact, I have been brought into many deals where a company hired a strategic consultant to create a new digital strategy or AI strategy, only to receive a document that is unworkable in their business and their culture.
So, I believe every strategic technology relationship should start and end with a cultural match. This company is a partner – not just a provider. How do you determine if they are a partner and measure cultural match? Well, that is the topic of an upcoming report of mine, so watch this space!
Questions You Should Ask Before Stepping in the Ring
There are also a number of questions that you should ask along with the partnership discussion:
- How will this solution change the organisation?
- What are the risks either way (of implementing or not implementing the solution)?
- Does the solution solve a key business problem?
- Is it likely to have more impact than the solution it is replacing?
- Where will the funding for the implementation come from?
- Have you calculated the ROI and the time to deployment?
- Have you baselined the current scenario so that you can measure improvement?
These can inform you of the business impact of the solution – and what you need to do to prepare for successful implementation (if you plan for success, you are more likely to be able to get faster benefits than if you do not plan for the change!)
Engagement Criteria for Your Shortlisting Process
In order to determine vendor selection process best practices, Ecosystm research tries to unearth the top criteria that organisations employ when shortlisting the vendors that they want to engage, across multiple technologies.
There is still a skills gap in internal IT and organisations want technical guidance from their Cloud and IoT vendors. With the plethora of options available in these tech areas, CIOs and IT teams also tend to look at the brand reputation when engaging with the vendor. Very often, organisations looking to migrate their on-prem solutions on the cloud engage with existing infrastructure providers or systems integrators for guidance, and existing relationships are significant. IoT solutions tend to be very industry-specific and a portfolio of specific industry use cases (actual deployments – not proofs of concept) can be impactful when selecting a vendor for planned deployments.
Artificial intelligence (AI) deployments are often linked with digital transformation (DX). Organisations look for a vendor that can understand the organisational strategy and customise the AI solutions to help the organisation achieve its goal. Adoption of AI is still at a nascent stage globally across all industries. Many organisations do not have the right skills, such as data scientists, yet. They appreciate that integration with internal systems will be key to reap the full benefits of the solutions, especially if the entire organisation has to benefit from the deployments. They also anticipate that they would have to have a continuous period of engagement with their vendors, right from identifying the right data set, data cleaning to the right algorithms that keep learning. Organisations will look at vendor partners who are known for delivering better customer experience.
This is true for cybersecurity solutions as well, as organisations are driven to continue their investments to adhere to the internal risk management requirements. Given how fragmented the cybersecurity landscape has become, organisations will also wish to engage with vendors that have an end-to-end offering, especially a managed security service provider (MSSP). Cybersecurity vendors are increasingly strengthening their partner ecosystem so that they can provide their client with the single-point-of-contact that they want.
Of the technologies mentioned in the figure, mobility is arguably the most mature. As organisations revisit their enterprise mobility solution as they go increasingly ‘Mobile First’, their requirements from their mobility vendors are more specific. They have decided over the years which OSs they want to support their enterprise applications and are looking for vendors with robust cloud offerings.
The vendor selection criteria will likely be different for each technology area. And as your knowledge and understanding of the technology increases, you should be able to drill the requirements down to the solution level, while making sure you engage with a vendor with the right culture.
Tim Sheedy’s upcoming report, ‘Best Practices for Vendor Evaluation and Selection’ is due to be published in February 2020.
The telecommunications industry has long been an enabler of Digital Transformation (DX) in other industries. Now it is time for the industry to transform in order to survive a challenging market, newer devices and networking capabilities, and evolving customer requirements. While the telecom industry market dynamics can be very local, we will see a widespread technology disruption in the industry as the world becomes globally connected.
Drivers of Transformation in the Telecom Industry
Remaining Competitive
Nokia Bell Labs expects global telecom operators to fall from 10 to 5 and local operators to fall from 800 to 100, between 2020 and 2025. Simultaneously, there are new players entering the market, many leveraging newer technologies and unconventional business models to gain a share of the pie. While previous DX initiatives happened mostly at the periphery (acquiring new companies, establishing disruptive business units), operators are now focusing on transforming the core – cost reduction, improving CX, capturing new opportunities, and creating new partner ecosystems – in order to remain competitive. There is a steady disaggregation in the retail space, driving consolidation in traditional network business models.
“The telecom industry is looking at gradual decline from traditional services and there has been a concerted effort in reducing costs and introducing new digital services,” says Ecosystm Principal Advisor, Shamir Amanullah. “Much of the telecom industry is unfortunately still associated with the “dumb pipe” tag as the over-the-top (OTT) players continue to rake in revenues and generate higher margins, using the telecom infrastructure to provide innovative services.”
Bringing Newer Products to Market
Industries and governments have shifted focus to areas such as smart energy, Industry 4.0, autonomous driving, smart buildings, and remote healthcare, to name a few. In the coming days, most initial commercial deployments will centre around network speed and latency. Technologies like GPON, 5G, Wifi 6, WiGig, Edge computing, and software-defined networking are bringing new capabilities and altering costs.
Ecosystm’s telecommunications and mobility predictions for 2020, discusses how 5G will transform the industry in multiple ways. For example, it will give enterprises the opportunity to incorporate fixed network capabilities natively to their mobility solutions, meaning less customisation of enterprise networking. Talking about the opportunity 5G gives to telecom service providers, Amanullah says, “With theoretical speeds of 20 times of 4G, low latency of 1 millisecond and a million connections per square kilometre, the era of mobile Internet of Everything (IoE) is expected to transform industries including Manufacturing, Healthcare and Transportation. Telecom operators can accelerate and realise their DX, as focus shifts to solutions for not just consumers but for enterprises and governments.”
Changing Customer Profile
Amanullah adds, “Telecom operators can no longer offer “basic” services – they must become customer-obsessed and customer experience (CX) must be at the forefront of their DX goals.” But the real challenge is that their traditional customer base has steadily diverged. On the one hand, their existent retail customers expect better CX – at par with other service providers, such as the banking sector. Building a customer-centric capability is not simple and involves a substantial operational and technological shift.
On the other hand, as they bring newer products to market and change their business models, they are being forced to shift focus away from horizontal technologies and connecting people – to industry solutions and connecting machines. As their business becomes more solution-based, they are being forced to address their offerings at new buying centres, beyond IT infrastructure and Facilities. Their new customer base within organisations wants to talk about a variety of managed services such as VoIP, IoT, Edge computing, AI and automation.
The global Ecosystm AI study reveals the top priorities for telecom service providers, focused on adopting emerging technologies (Figure 1). It is very clear that the top priorities are driving customer loyalty (through better coverage, smart billing and competitive pricing) and process optimisation (including asset maintenance).
Technology as an Enabler of Telecom Transformation
Several emerging technologies are being used internally by telecom service providers as they look towards DX to remain competitive. They are transforming both asset and customer management in the telecom industry.
IoT & AI
Telecom infrastructure includes expensive equipment, towers and data centres, and providers are embedding IoT devices to monitor and maintain the equipment while ensuring minimal downtime. The generators, meters, towers are being fitted with IoT sensors for remote asset management and predictive maintenance, which has cost as well as customer service benefits. AI is also unlocking advanced network traffic optimisation capabilities to extend network coverage intelligently, and dynamically distribute frequencies across users to improve network experience.
Chatbots and virtual assistants are used by operators to improve customer service and assist customers with equipment set-up, troubleshooting and maintenance. These AI investments see tremendous improvement in customer satisfaction. This also has an impact on employee experience (EX) as these automation tools free workforce from repetitive tasks and they be deployed to more advanced tasks.
Telecom providers have access to large volumes of customer data that can help them predict customer usage patterns. This helps them in price optimisation and last-minute deals, giving them a competitive edge. More data is being collected and used as several operators provide location-based services and offerings.
In the end, the IoT data and the AI/Analytics solutions are enabling telecom service providers to improve products and solutions and offer their customers the innovation that they want. For instance, Vodafone partnered with BMW to incorporate an in-built SIM that enables vehicle tracking and provides theft protection. In case of emergencies, alerts can also be sent to emergency services and contacts. AT&T designed a fraud detection application to look for patterns and detect suspected fraud, spam and robocalls. The system looks for multiple short-duration calls from a single source to numbers on the ‘Do Not Call’ registry. This enables them to block calls and prevent scammers, telemarketers and identity theft issues.
Cybersecurity
Talking about the significance of increasing investments in cybersecurity solutions by telecom service providers, Amanullah says, “Telecom operators have large customer databases and provide a range of services which gives criminals a great incentive to steal identity and payment information, damage websites and cause loss of reputation. They have to ramp up their investment in cybersecurity technology, processes and people. A telecom operator’s compromised security can have country-wide, and even global consequences. As networks become more complex with numerous partnerships, there is a need for strategic planning and implementation of security, with clear accountability defined for each party.”
One major threat to the users is the attack on infrastructure or network equipment, such as routers or DDoS attacks through communication lines. Once the equipment has been compromised, hackers can use it to steal data, launch other anonymous attacks, store exfiltrated data or access expensive services such as international phone calls. To avoid security breaches, telecom companies are enhancing cybersecurity in such devices. However, what has become even more important for the telecom providers is to actually let their consumers know the security features they have in place and incorporate it into their go-to-market messaging. Comcast introduced an advanced router to monitor connected devices, inform security threats and block online threats to provide automatic seamless protection to connected devices.
Blockchain
Blockchain can bring tremendous benefits to the telecom industry, according to Amanullah. “It will undeniably increase security, transparency and reduce fraud in areas including billing and roaming services, and in simply knowing your customer better. With possibilities of 5G, IoT and Edge computing, more and more devices are on the network – and identity and security are critical. Newer business models are expected, including those provided for by 5G network slicing, which involves articulation in the OSS and BSS.”
Blockchain will be increasingly used for supply chain and SLA management. Tencent and China Unicom launched an eSIM card which implements new identity authentication standards. The blockchain-based authentication system will be used in consumer electronics, vehicles, connected devices and smart city applications.
Adoption of emerging technologies for DX may well be the key to survival for many telecom operators, over the next few years.
What used to be commonly known by names such as computer security or IT security is now most commonly referred to as cybersecurity. The techniques of securing computers, applications, networks, programs and data have evolved and so has the terminology. The change in the jargon reflects the progression from discrete to interconnected devices and networks. It is only when the computers and devices became connected with each other – and with the Internet – that the issues and attempts of unauthorised access became prominent.
Simply put, cybersecurity is the protection of computer systems from cyber-attacks. This is made possible with multiple layers of security across the system, individual devices, enterprises and even nations against unauthorised access and exploitation.
Cybersecurity is a constant battle
Preventing cyberattacks is a challenging task for security professionals and to accomplish that, cybersecurity experts should stay ahead of cyber attackers and cybercriminals. A range of effective methods and technologies have been devised to strengthen cybersecurity. One important aspect of cybersecurity is identity and access management (IDAM). IDAM allows various defined levels of access on the basis of individual roles, administrator levels and even at a system level. The common IDAM methods include single sign-on systems, multi-factor authentication, privileged access management (PAM), biometrics, voice or facial recognition, and other distinctive physical attributes to verify and identify individuals. IDAM procedures are being implemented at all levels of businesses, enterprises and even for national-level security with the growth of eGovernment systems.
Another common security measure is Security Information and Event Management (SIEM) software and services. The term combines security information management (SIM) and security event management (SEM) and is provided by vendors as software or appliance. SIEM works by collecting log data and delivering real-time insights and generates security alerts using a range of techniques. SIEM is used by enterprises where compliance to a set, or sets, of rules is a strong factor. In addition, it also prevents interferences from individual attackers, organised crime groups, or other actors.
SIEM systems comprise three major components:
- Data collection. SIEM system collects logs and data from system activity, access, firewalls, application monitors, operating system layers and network traffic and generates an event every time activity happens.
- Data analysis. The SIEM system is tasked with correlating and analysing data in a format. The analysis is performed in various ways: log management and retention, event correlation, user activity monitoring, and predictive and forensic analysis.
- Another major step is reporting in the form of real-time alerts, dashboards, email and SMS notifications of events, analytical reporting, auditing and governance, and compliance.
The global Ecosystm Cybersecurity Study covers various cybersecurity solutions such as Crisis Communication solutions; Security Operations & Incident Response, IDAM and more. The study shows that organisations are primarily focusing more on Application, Data and Network level security, whereas, the other cybersecurity fields such as Crisis communication, Fraud transaction, IDAM, Threat Analysis and Reporting are looked down.
National Cybersecurity and Safety
Countries across the globe are accelerating their cybersecurity efforts to address risks, enhance public safety, protect communications, safeguard mission-critical applications and prevent threats. Cybersecurity is important to governments, where it is increasingly seen as an area of international conflict. Most countries have now setup their dedicated national cybersecurity centres, drawing on the capabilities of private industry, government and academic specialists in the area.
As cybersecurity threats have proliferated and computer technology has advanced, government data security compliance has become increasingly complex. The governments of various nations have set up compliances with a wave of new privacy regulations.
Security is an ongoing and constant effort which should be adopted at an individual, business, organisation, enterprise and national level. To strengthen cybersecurity there are many excellent solutions, a range of comprehensive suites and products. However, malicious parties and criminals are constantly employing new techniques and technologies. It is a new arms race, and there is no one size fits all solution.
Cybersecurity will remain an important topic of discussion on the world forum. 2020 is predicted to see an increasing number of state-sponsored cyber-attacks especially on utilities and public infrastructure. In addition, the number of AI based devices will increase which will receive specific attention from regulators for data and cybersecurity. Finally, there will be opportunities for mergers and acquisitions and investments in established cybersecurity providers to remain innovative and growing.
Here are the Top 5 Cybersecurity Trends for 2020, that we believe, will impact both businesses and consumers in 2020.
The Top 5 Cybersecurity Trends for 2020
The Top 5 Cybersecurity Trends for 2020 are drawn from the findings of the global Ecosystm Cybersecurity Study and is also based on qualitative research by Ecosystm Principal Advisors Alex Woerndle, Carl Woerndle and Claus Mortensen.
-
API Vulnerabilities will Become a Main Hacker Target
APIs grant access and provide transparency for developers – providing access and insights from both internal and external data. But they are inherently insecure. We have already seen several high-profile API breaches and announced API bugs. For example, in October 2018, Google had to shut down Google+ after an API bug exposed details for over 500,000 users.
We believe the problem will get significantly worse in 2020, with API attacks quickly becoming one of – if not the most – frequent target for hackers.
-
Operational Technology Security will Continue to Lag in 2020
Operational Technology (OT) refers to the hardware and software used to monitor and manage how devices that run on an organisation’s infrastructure perform. These devices have become smarter, remotely accessible and increasingly connected to networks. However, they were never designed with this in mind.
With organisations continuing to focus on data breaches – the investment in OT security will continue to lag. This will create a ‘security debt’ over coming years for those that do not invest in preventative controls now.
-
AI Training will Receive Attention from Regulators and the Public as a Possible Infringement of Privacy
News that Amazon’s Alexa was eavesdropping on its users, and that Apple’s Siri and Google’s Assistant, also kept recordings to help train their AI raised many concerns about how data to train AI is collected and stored. Apart from the initial consternation in the press and on social media, nothing much seems to have happened from a regulatory perspective.
2020 will be the year when AI training relying on consumer data will start to become regulated.
-
Major GDPR Fines in 2020 will Force MNCs to Invest in Security Compliance
GDPR came into effect in May 2018, but we still have not seen huge amounts of fines being issued in the EU. Only two fines were issued in 2018, while at least 17 were known to be issued in the first half of 2019, totalling about EUR 52 million. In the third quarter of 2019, at least 12 fines were issued totalling about EUR 328 million.
The trend is clear: Expect to see a magnitude of companies across EU be penalised in 2020. We also expect several fines above EUR 100 million and GDPR impacting countries outside the EU.
-
Mergers & Acquisitions will Ratchet up Significantly in 2020
The fragmented global security market consists of thousands of vendors and consultancies. Every day a swathe of new start-ups announces their ground-breaking new technology. Coupled with significant investments in tertiary education and industry certifications for a growing workforce, the next generation of cybersecurity entrepreneurs are entering with force.
We believe that this creates both threats and opportunities for established cybersecurity providers that need to remain innovative and growing. Similarly, this presents smaller or more niche cybersecurity start-ups with an avenue for funding or acquisition.
Ecosystm in partnership with SGInnovate, the government-backed organisation that promotes Deep Tech in Singapore, released a series of four reports covering areas of mutual interest: Cybersecurity, Artificial Intelligence, Cities of the Future and Healthtech. ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ report is a part of this collaboration and is available for download from Ecosystm and SGInnovate websites.
Download Report: The top 5 Cybersecurity trends for 2020
The full findings and implications of the report ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ are available for download from the Ecosystm platform. Signup for Free to download the report and gain insight into ‘the top 5 Cybersecurity trends for 2020’, implications for tech buyers, implications for tech vendors, insights, and more resources. Download Link Below ?
In June 2019, Ecosystm conducted Roundtables in Sydney and Melbourne supported by our partner Delphix. IT and business executives from data-intensive industries in Australia came together to discuss how to overcome data-driven constraints and enable innovation by effectively managing and distributing data in a secure environment within organisations. These are the salient points that emerged from the sessions.
In the course of my facilitation, I realised that the key focus of the discussions was on how organisations today handle their biggest asset – data – and manage all the moving parts in large and diverse settings and in very traditional enterprises that are transitioning into data-driven “New Age” businesses.
The Impossible Tech Triangle
Data has never been so prolific or strategic as it is today. Multiple sources of data generation and technologically savvy customers have seen a data explosion. Simultaneously, personalised services and data insights have seen a drive toward using the data for increased intelligence in most industries. The biggest risk organisations face and what CSOs and business leaders spend sleepless nights on, is significant disruption due to compromise. Moreover, the complexity of the technology platforms means that no organisation is 100% certain that they have it right and that they are managing the risk effectively.
Does this give rise to a similar situation as in Marketing and Advertising where the triangle of price, quality and speed appear to be unattainable by many organisations?
Key takeaways from the sessions
#1 Drivers & Challenges of Cloud adoption
The fact that discussions around agility and innovation can happen with the intensity it does today, is because organisations have embraced Cloud infrastructure and application development platforms and SaaS solutions.Every organisation’s Cloud journey is unique, driven by its discrete set of requirements. Organisations choosing cloud may not have the resources to build in-house systems – or may choose to migrate to the cloud for various reasons such as cost, productivity, cross-border collaboration or for compliance.
When embarking on a Cloud journey it is important to have a clear roadmap that involves instilling a Cloud-First culture and training the IT organisation in the right skills for the environment. Concerns around costs, security, and data ownership are still synonymous with Cloud, therefore, organisations can distill the workload from a cost angle before jumping on Cloud. It is important for organisations to appreciate when a Cloud option will not work out from a cost angle and to have the right cost considerations in place, because organisations that do a straight resource swapover on Cloud are likely to end up paying more.
Data ownership and data residency can also be challenging, especially from a compliance standpoint. For some, the biggest challenge is to know the status of their data residency. The challenges are not just around legacy systems but also in terms of defining a data strategy that can deliver the desired outcomes and managing risk effectively without ruining the opportunities and rewards that data utilisation can bring. Cloud transformation projects bring in data from multiple and disparate sources. A clear data strategy should manage the data through its entire lifecycle and consider aspects such as how the data is captured, stored, shared, and governed.
#2 Perception on Public Cloud Security
While security remains a key concern when it comes to Cloud adoption, Cloud is often regarded as a more secure option than on-premise. Cloud providers have dedicated security focus, constantly upgrade their security capabilities in response to newer threats and evolve their partner ecosystem. There is also better traceability with Cloud as every virtual activity can be tracked, monitored, and is loggable.
However, the Cloud is as secure as an organisation makes it. The Cloud infrastructure may be secure, but the responsibility of securing applications lies with the organisation. The perception that there is no need to supplement public Cloud security features can have disastrous outcomes. It is important to supplement the Cloud provider’s security with event-driven security measures within an organisation’s applications and cloud infrastructure. As developers increasingly leverage APIs, this need to focus on security, along with functionality and agility should be emphasised on. Organisations should be aware that security is a shared responsibility between the Cloud provider and the organisation.
#3 Viewing Security as a Business Risk – not IT Risk
The Executive Management and the Board may be involved in the Security strategy and GRC policies of an organisation. But a consistent challenge Security teams face is convincing the Board and Senior Management on the need for ongoing focus and investments on cybersecurity measures. Often, these investments are isolated from the organisation’s KPIs and are harder to quantify. But Security breaches do have financial and reputational impact on organisations. Mature organisations are beginning to view Security as a business risk requirement and not a matter of IT risk alone. One of the reasons why Senior Management and Boards do not understand the full potential of data breaches is because CISOs do not translate the implications in business terms. It is their responsibility to find ways to procure senior management buy-in, so that Security becomes part of the Strategy and the costs associated gets written into the cost of doing business.
Training sessions that educate the stakeholders on the basics of the risks associated with using knowledge systems can help. Simulation of actual cybersecurity events and scenario testing can bring home the operational issues around recovery, assessment and containment and it is important to involve senior stakeholders in these exercises. However, eventually the role of the CSO will evolve. It will become a business role and traverse Security across the entire organisation – physical as well as cybersecurity. This is when organisations will truly recognise investment in Security as a business requirement.
#4 Moving away from Compliance-driven Security Practices
Several organisations look at Security as part of their compliance exercise, and compliance is built into their organisational risk management programmes. Often, security practices are portrayed as a product differentiator and used as a marketing tool. An organisation’s Security strategy should be more robust than that and should not only be focused on ticking the right compliance boxes.
A focus on compliance often means that Security teams continually create policies and call out non-compliance rather than proactively contribute to a secure environment. Applications teams do not always have the right skills to manage Security. The focus of the Security team should not be on telling Applications teams what they are doing wrong and writing copious policies, procedures and standards, expecting others to execute on the recommendations. There should be a focus on automated policy-driven remediation that does not restrict the Applications team per se but focuses on unsafe practices, when they are detected. Their role is to work on the implementation and set up Security practices to help the Applications team do what they do best.
#5 Formulating the Right Incident Response Policy
In the Ecosystm Cybersecurity study, 73% of global organisations think that a data breach is inevitable – so organisations largely believe that “it is not about if, but when”. About 50% of global organisations have a cyber insurance policy or are evaluating one. This trend will only rise. Policy-driven incident response measures are an absolute requirement in all enterprises today. However, to a large extent even their incident response policies are compliance driven. 65% of the organisations appear to be satisfied with their current breach handling processes. It is important to keep evolving the process in the face of new threats.
Organisations should also be aware of the need for people management during an incident. Policies might be clear and adhered to, but it is substantially harder to train the stakeholders involved on how they will handle the breach emotionally. It extends to how an organisation manages their welfare both during an incident and long after the incident response has been closed off.
Over the two sessions, we explored how to achieve the ‘unattainable triangle’ of Cloud, Agility and Security. What I found interesting – yet unsurprising – is that discussions were heavily focussed on the role of Security. On the one hand, there is the challenge of the current threat landscape. On the other hand, Security teams are required to deliver a Cloud and an agile development strategy in tandem. This disconnect ultimately highlights the need for Security and data management to be embedded and managed from the very start, and not as an afterthought.
Here are some of the moments from the session –
At the 7th Personal Data Protection Seminar, Minister for Communications and Information S. Iswaran announced a framework to bolster Singapore’s digital economy and to drive Singapore’s vision of turning the country into a regional data protection hub.
The Personal Data Protection Commission (PDPC), which oversees the country’s Personal Data Protection Act (PDPA), has developed a new framework to better support organisations in the hiring and training requirements of Data Protection Officers.
Why the Need?
PDPA has been around for a while and the new framework is brought into practice to enable a greater focus of government and organisations on data privacy. According to Ecosystm’s expert on GDPR and Data Privacy, Claus Mortensen, “the initiative reflects the difference between ‘theory’ and ‘practice’ when it comes to data security. PDPA is not making changes to the present regulatory framework, but they are putting together a program and guidelines for how companies can apply and abide by the present regulatory framework.”
Ensuring PDPA framework compliance
The PDPC plans to collaborate with the National Trades Union Congress (NTUC), Employment and Employability Institute (e2i) and NTUC LearningHub to create a year-long pilot training program to train at least 500 data protection officers in its first intake. The Data Protection Officers would help to manage the complex and highly sensitive task of data flows.
To ensure the data flow mechanisms and to ensure security, Infocomm Media Development Authority (IMDA) has been appointed as Singapore’s Accountability Agent (AA) for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems certifications. IMDA will allow Singaporean organisations to be certified in APEC CBPR and PRP Systems for accountable data transfers.
“The PDPA requires a data protection officer to be appointed in every organisation. This framework is focused on educating and certifying these officers. However, it mostly makes it easier for slightly larger companies who can afford to send employees on longer training programs or who are able to hire people, who have taken the certificates. Smaller organisations – such as start-ups – would benefit more from detailed guidelines and from on-premises guidance. Establishing a framework for such services could be the next area of focus for the PDPC.” said Mortensen.
Legislature for the data handling and exchange practices
The private data has become an increased target of hackers as well as an international commodity. Attackers always mine the cyberspace for any leaks or financial information that they can exploit to their advantage.
“Managing sensitive data is notoriously complicated – especially for ‘legacy’ companies that still have or rely on non-digitised data. Even when all data is digital, employees may have copies on their PCs, they may have partial backups on removable media, some data may need to be shared with sub-contractors, moved around between cloud providers, etc. This can make it very difficult to map out PDPA relevant data in the organisation. Even when the data has been mapped, it can be difficult to ensure that all business and data processes are compliant. This is where on-premises guidance can make a difference,” said Mortensen. “While the government clearly aim the new framework initiatives at helping SMEs, it will help further protect consumer’s sensitive data.”
Importance of Cyber Security
A business harnessing digital technology can’t afford to gamble with sensitive data and rising cyber-attacks. The government is taking initiatives by forming guidelines and regulations to prevent cyber-attacks, but it is the responsibility of businesses to have a cybersecurity strategy in place to prevent a breach. If a business becomes a victim of hacking, it is perceived as a failure to the company.
The government passed the PDPA law and compliance to ensure that businesses understand the importance of cybersecurity. Therefore, every business, organisation or academic institution must ensure compliance with the data protection act and must have security best practices to safeguard the data of its customers.