The opportunities that can be created by 5G continue to excite businesses and consumers alike. As 5G rollouts gather pace, new consumer experiences and business models emerge. For consumers, enhanced mobile broadband offers superior experience, driving the consumption of much more data-rich content and the more widespread application of emerging technologies such as augmented reality (AR). For businesses, the low latency, higher bandwidth, and the ability to handle massive machine type communications promised by 5G create opportunities for a dizzying array of uses cases, usually linked to IoT technology.
As enterprise use cases like autonomous driving, remote surgery and software-defined factories are enabled by 5G, the impact of cybersecurity breaches becomes much greater. Breaches can potentially have a catastrophic impact – they could lead to serious damage to or the destruction of sensitive critical infrastructures, such as power stations and transportation systems.
Security vulnerabilities associated with 5G are underpinned by a change in network architecture. The latency benefits of 5G require a more distributed architecture to enable use cases which require real-time data processing. This leads to the virtualisation of higher-level network functions formerly performed by physical appliances. So 5G networks will necessarily create a greatly expanded attack surface. If an attacker gains control of the software managing the networks, they can also control the network and potentially cause chaos.
One of the major benefits of 5G is massively increased bandwidth. This is also a huge benefit for attackers. An increase in available bandwidth makes it much easier to generate attack traffic from compromised connected devices and vulnerable networks. As volumetric DDoS attacks grow in terms of frequency, magnitude, and sophistication, traditional defences such as out-of-band scrubbing centres and manual interventions become inadequate and expensive.
In a 5G World, Security Postures must be Agile and not Act as a Bottleneck to Performance
5G use cases require a radical shift in cybersecurity posture and a new set of security considerations. Networks managed by enterprises and service providers need to scale up to handle larger capacity requirements and scale out to accommodate the increased demands of edge computing and the growing volumes of IoT endpoints. Security infrastructure must change accordingly with upgrades to both physical and virtual components. Importantly, security postures must also be sufficiently agile to change with new requirements while ensuring that security does not act as a bottleneck to network performance.
A common response to the increasing complexity of distributed cloud and IoT environments – where existing tools cannot always detect new and emerging threats – is to deploy brand new security tools. This seems like a great solution but can lead to significant problems and compromise security. Over time, the deployment of multiple security tools creates an estate of siloed security products, sometimes reporting to their own dashboards. Although this management challenge is typically being addressed by service providers and large enterprises, most commonly with SIEM, they must continually ensure that there is provision for the centralisation of security alerts, so that cybersecurity staff do not face the challenge of monitoring multiple consoles and cross-referencing between disparate screens and information formats. Applying security policy changes is a laborious and time-consuming task in a multi-dashboard environment – representing a security threat in its own right.
In the case of large volumetric attacks, redirecting suspicious traffic to scrubbing centres adds latency and imposes a significant financial burden, since mitigation costs are directly tied to the volume of the data traffic. Large enterprises and service providers should consider adopting new DDoS protection approaches that incorporate AI, real-time analysis, and telemetry to automate a more intelligent and cost-effective detection and mitigation process.
Different Policies Required to Reflect Specific Needs of Each Use Case
5G allows mobile service providers to partition their network resources, to address a diverse set of use cases with differing performance and functional requirements. These varying service performance profiles have a direct impact on security protocol choices and policy implementation. For instance, the service in one use case, such as a Smart City application, may require extremely long device battery life, which constrains the security protocol in some other way (e.g., how often re-authentication is performed). In another example, the use case may be very privacy-sensitive, requiring unusually intensive security procedures (e.g., very frequent reallocation of temporary identities).
The complexity associated with securing highly distributed and virtualised networks powered by 5G, will grow enormously and be hampered by an ever-increasing skills shortage. The only way to address these challenges is to create an intelligent security infrastructure that is sufficiently agile to scale with the network and use AI to detect, contain and eliminate threats. Security managers will need a unified view of all assets – physical and virtual – so that multiple security policies can be enforced and managed.
CEOs have an active role to play in an organisation’s transformation needs and journey – including in the technology decisions. Last month we spoke about why CEOs should get involved in their organisation’s IoT investments. Now, we look at Cloud – which has been a part of the CIO’s purview so far. Under the current circumstances, most organisations are actively pushing to go digital and the internal discussions will often revolve around empowering remote employees and digital customers. All the technologies that are being evaluated by organisations today have Cloud as their pillar. Increasingly, we see organisations adopt the hybrid and the multi-cloud. And organisations may not have the capabilities – technological and skills – to support the complexity of their Cloud environment. While a CEO does not have to understand the technology fully, it is important to understand the business impact of the technology.
Why should a CEO get involved in and have visibility into an organisation’s Cloud investments? There are a few important reasons.
#1 Cloud is not a cost-saving measure – it will enable you to transform
Organisations have matured in their Cloud adoption and no longer evaluate the benefits of Cloud only in terms of shifting CapEx to OpEx. If we look at the benefits of Cloud adoption, reduction of IT costs is not even in the top 3 benefits that organisations are seeking from Cloud anymore. Operational efficiency and collaboration emerge as key benefits (Figure 1) – while some companies still move to the Cloud for the savings, they stay there for other benefits.
This requires organisations to think of Cloud as a technology empowering their infrastructure and services. Cloud acts as an enabler for ease of doing business, real-time data access for productivity increase, and process automation. This impacts the entire organisation. It also involves prioritising the needs of certain functions over others – definitely not what a CIO should have to do.
If we look at just Cloud storage as an example, organisations can no longer have individual functions and their associated shadow IT teams having their own Cloud storage (and collaboration). This often turns out to be more expensive and there is a lack of consolidated view and management. While organisations forge ahead with the dream of having real-time information sharing across functions, a CIO has to consider the entire organisation’s technological and business needs – a CEO is the best person to guide the CIO in translating the organisation’s vision into IT priorities.
#2 In fact Cloud adoption may not cut costs at all!
Organisations are also re-evaluating the cost benefits of Cloud. Investing in a Cloud infrastructure with a short-term view on the investments involved has led to instances of Cloud solutions being brought back in-house because of rising costs. While security, data privacy and integration remain the key challenges of Cloud adoption (Figure 2), over a third of the organisations find Cloud more expensive than traditional licensing or owning the hardware.
Organisations find that the cost considerations do not stop after the adoption or migration. As businesses use Cloud to scale, there are several aspects that require constant re-evaluation and often further investments – cybersecurity measures, continuous data protection (CDP), disaster recovery management, rightsizing capacity, software and database licenses and day-to-day maintenance, to name a few. In addition to this, the cost of finding and recruiting a team of professionals to manage and maintain the Cloud environment also adds up to the OpEx.
If the CIO is talking about a Cloud migration for cost benefits only, the CEO and the CFO need to step in to evaluate that all factors have been taken into consideration. Moreover, the CIO may not have full visibility of how and where the organisation is looking to scale up or down. It is the CEO’s responsibility to share that vision with the CIO to guide Cloud investments.
#3 Cloud will increasingly be part of all tech adoption considerations
In this disruptive world, CEOs should explore possibilities and understand the technical capabilities which can give organisations an edge over their competitors. It is then up to the CIOs to implement that vision with this larger context in mind. As organisations look to leverage emerging technologies, organisations will adopt Cloud to optimise their resources and workloads.
AI is changing the way organisations need to store, process and analyse the data to derive useful insights and decision-making practices. This is pushing the adoption of Cloud, even in the most conservative organisations. Cloud is no longer only required for infrastructure and back-up – but actually improving business processes, by enabling real-time data and systems access. Similarly, IoT devices will grow exponentially. Today, data is already going into the Cloud and data centres on a real-time basis from sensors and automated devices. However, as these devices become bi-directional, decisions will need to be made in real-time as well. Edge Computing will be essential in this intelligent and automated world. Cloud platform vendors are building on their edge solutions and tech buyers are increasingly getting interested in the Edge allowing better decision-making through machine learning and AI.
In view of the recent global crisis, we will see a sharp uptake of Cloud solutions across tech areas. IaaS will remain the key area of focus in the near future, especially Desktop-as-as-Service. Organisations will also look to evaluate more SaaS solutions, in order to empower a mobile and remote workforce. This will allow the workforce of the future to stay connected, informed and make more decisions. More than ever, CEOs have to drive business growth with innovative products and services – not understanding the capabilities and challenges of Cloud adoption and the advancements in the technology can be a serious handicap for CEOs.
#4 Your IT Team may be more complacent about Cloud security than you think
Another domain that requires the CEO’s attention is cybersecurity. The Cloud is used for computing operations and to store data including, intellectual property rights, financial information, employee details and other sensitive data. Cybersecurity breaches have immense financial and reputational implications and IT Teams cannot solely be responsible for it. Cybersecurity has become a Board-level conversation and many organisations are employing a Chief Information Security Officer (CISO) who reports directly into the CEO. Cybersecurity is an aspect of an organisation’s risk management program.
Evaluating the security features of the Cloud offerings, therefore, becomes an important aspect of an IT decision-maker’s job. While security remains a key concern when it comes to Cloud adoption, Cloud is often regarded as a more secure option than on-premise. Cloud providers have dedicated security focus, constantly upgrade their security capabilities in response to newer threats and evolve their partner ecosystem. There is also better traceability with the Cloud as every virtual activity can be tracked, monitored, and logged. Ecosystm research finds that more than 40% of IT decision-makers think the Public Cloud has enough security measures and does not need complementing (Figure 3).
However, the Cloud is as secure as an organisation makes it. The perception that there is no need to supplement Public Cloud security features can have disastrous outcomes. It is important to supplement the Cloud provider’s security with event-driven security measures within an organisation’s applications and cloud interface.
It is the job of the CEO – through the CISO – to evaluate how cyber ready the IT Team really is. Do they know enough about shared responsibility? Do they have full cognizance of the SLAs of their Cloud providers? Do they have sufficient internal cybersecurity skills? Do they understand that data breaches can have cost and reputational impacts? As cybersecurity breaches begin to have more financial implications than ever and can derail an organisation, a CEO should have visibility of the risks of the organisation’s Cloud adoption.
Cloud is no longer just a technological decision – it is a business decision and takes into account the organisation’s vision. A full visibility of the Cloud roadmap – including the pitfalls, the risks and the immense potential – will empower a CEO immensely.
Identifying and selecting a vendor for your tech project can be a daunting task – especially when it comes to emerging technologies or when implementing a tech solution for the first time. Organisations look for a certain degree of alignment with their tech vendors – in terms of products and pricing, sure, but also in terms of demonstrable areas of expertise and culture. Several factors are involved in the selection process – vendors’ ability to deliver, to match expected quality standards, to offer the best pricing, to follow the terms of the contract and so on. They are also evaluated based on favourable reviews from the tech buyer community.
Often businesses in a particular industry tend to have their unique challenges; for example, the Financial Services industries have their specific set of compliance laws which might need to be built into their CRM systems. Over the years, vendors have built on their industry expertise and have industry teams that can advise organisations on how their business requirements can be met through technology adoption. These experts speak in the language of the industry and understand their business and technology pain points. They are able to customise their product and service offerings to the needs of the industry for a single client – which can then be repeated for other businesses in that industry. Vendors arm themselves with a portfolio of industry use cases, especially when they are entering a new market – and this often gives them an upper hand at the evaluation stage. In the end, organisations want less customisations to keep the complexity and costs down.
Do organisations evaluate vendors on industry experience?
Ecosystm research finds that industry experience can be a significant vendor selection criterion for some tech areas (Figure 1), especially in emerging technologies such as AI. AI and automation applications and algorithms are considered to be distinctive to each industry. While a vendor may have the right certifications and a team of skilled professionals, there is no substitute for experience. With that in mind, a vendor with experience in building machine learning models for the Telecommunications industry might not be perceived as the right fit for a Utilities industry implementation.
Whereas, we find that cybersecurity is at the other end of the spectrum, and organisations perceive that industry expertise is not required as network, applications and data protection requirements are not considered unique to any industry.
Is that necessarily the right approach?
Yes and no. If we look at the history of the ERP solution, as an example, we find that it was initially meant for and deeply entrenched in Manufacturing organisations. In fact, the precursor to modern-day ERP is the Manufacturing Resource Planning (MRP II) software of the 1980s. Now, we primarily look at ERP as a cross-industry solution. Every business has taken lessons on inventory and supply chain management from the Manufacturing industry and has an enterprise-wide system. However, there are industries such as Hospitality and Healthcare that have their niche vendors who bundle in ERP features with their industry-specific solutions. This will be the general pattern that all tech solutions will follow: a) an industry use case will become popular; b) other industries will try to incorporate that solution, and in the process; c) create their own industry-specific customisations. It is important, therefore, for those who are evaluating emerging technologies to cast their net wide to identify use cases from other industries.
AI and automation is one such tech area where organisations should look to leverage cross-industry expertise. They should ask their vendors about their implementations in other allied industries and, in some cases, in industries that are not allied.
For cybersecurity, their approach should be entirely different. As companies move on from network security to more specific areas such as data security and emerging areas such as GRC communication, it will be important to evaluate industry experience. Data protection and compliance laws are often specific to industries – for example, while customer-focused industries are mandated on how to handle customer data, the Banking, Insurance, Healthcare and Public Sector industries have the need to store more sensitive data than other industries. They should look at solutions that have in-built checks and balances in place, incorporating their GRC requirements.
So, the answer to whether organisations should look for industry expertise in their vendors is that they should for more mature tech areas. An eCommerce company should look for industry experience when choosing a web hosting partner, but should look for experience in other industries such as Banking, when they are looking to invest in virtual assistants.
Are some industries more focused on industry experience than others?
Ecosystm research also sought to find out which industries look for industry expertise more than others (Figure 2). Surprisingly, there are no clear differences across industries. The Services, Healthcare and Public Sector industries emphasise marginally more on industry expertise – but the differences are almost negligible.
There are some differences when we look at specific tech areas, however. For example, industries that may be considered early adopters of IoT – Transportation, Manufacturing and Healthcare – tend to give more credit to industry experience because there are previous use cases that they can leverage. There are industries that are still formulating standards when it comes to IoT and they will be more open to evaluating vendors that have a successful solution for their requirement – irrespective of the industry.
The Healthcare Industry Example
Ecosystm Principal Analyst, Sash Mukherjee says, “In today’s fast-evolving technology market, it is important to go beyond use cases in only your industries and look for vendors that have a demonstrated history of innovation and experience in delivering measurable results, irrespective of the industry.” Mukherjee takes the example of the Healthcare industry. “No one vendor can provide the entire gamut of functionalities required for patient lifecycle management. In spite of recent trends of multi-capability vendors, hospitals need multiple vendors for the hospital information systems (HIS), ERP, HR systems, document management systems, auxiliary department systems and so on. For some areas such as electronic health records (EHR) systems, obviously industry expertise is paramount. However, if healthcare organisations continue to look for industry expertise and partner with the same vendors, they miss out on important learnings from other industries.”
Talking about industries that have influenced and will influence the Healthcare industry in the very near future, Mukherjee says, “Healthcare providers have learnt a lot from the Manufacturing industry – and several organisations have evaluated and implemented Lean Healthcare and Six Sigma to improve clinical outcomes. The industry has also learnt from the Retail and Hospitality industries on how to be customer focused. In the Top 5 Healthtech trends for 2020, I had pointed out the similarities between the Financial and Healthcare industries (stringent regulations, process-based legacy systems and so on). As the Healthcare industry focuses on value-based outcomes, governments introduce more regulations around accountability and transparency, and people expect the experience that they get out of their retail interactions, Healthtech start-ups will become as mainstream as Fintech start-ups.”
It is time for tech buyers to re-evaluate whether they are restricting themselves by looking at industry use cases, especially for emerging technologies. While less industry customisations mean easier deployments, it may also hamper innovation.
Telecom operators are fervently working towards 5G network and services deployment in order to be an early mover in the market. Operators are investing in Digital Transformation (DX) as well as inking partnerships with other players in the ecosystem to monetise on exciting new use cases in the enterprise segment and make market inroads.
The consumer market has become a retention play and on the whole many operators are experiencing declining margins and it appears unlikely that the consumer will pay more for higher speeds. Device affordability for mass-market remains a challenge though Chinese smartphone vendors are expected to release sub US$ 300 5G smartphones later this year. 5G can be expected to arrest the lengthening consumer upgrade cycle due to the attractions of not only faster speeds but improved streaming and cloud gaming. Data services revenues will continue to generate growth but this will be offset by losses in mobile voice services.
5G – An enterprise value proposition
Telecom operators have thus far been largely unsuccessful in penetrating the enterprise ICT market due to a variety of reasons including the slow pace of innovation, lack of a one-stop-shop offering, insufficient channel to market to especially small and medium enterprises (SMEs), and lack of skills in offering non-network services. 5G technology presents operators with another opportunity to address this long-standing challenge with the flexible features of enhanced mobile broadband (eMBB), Ultra-Reliable Low Latency Communications (URLLC) and massive machine type communication (mMTC) enabling tailored network and services offerings. 5G promises to revolutionise various industry solutions based on required data rates, low latency, reliability, and machine-type communications.
Monetising 5G is a key topic among leading executives and new business models are being devised. Connectivity services will be offered with a mix and match of throughput, bandwidth volumes and latency requirements. Fixed Wireless in Southeast Asia will be very popular considering the low penetration of fibre to the home and will provide enterprises with a viable secondary connection to the internet. Popular applications including video streaming and gaming which are speed, latency and volume hungry will also be a target market for operators.
More speed, latency and number of connections
5G offers theoretical speeds of 20 times that of 4G, low latency of 1 millisecond (ms), a million connections per kilometre and is expected to power a new era of mobile Internet of Everything (IoE). Offering high speed is the initial offering to the market and operators are going to be offering minimum guaranteed speeds for the first time. A high definition movie could be downloaded in 10 seconds while low latency means better performance for live sports, gaming, mission-critical automation and driverless cars – among others.
Fixed Wireless Access is the new wireless fibre
5G will offer fixed wireless access (FWA) or “wireless fibre” to households as an alternative to fixed broadband. It can be ideal as a redundant second link offering when the primary link is down. FWA broadband services offer a serious alternative to fixed broadband services which is plagued by the high cost of civil works for fibre optic deployment and expansion of the network to reach the rural population. FWA is expected to make strong inroads into households in Southeast Asia with the exception of Singapore, as many nations lag in fixed broadband penetration. As a comparison, ITU reports that fixed broadband penetration in countries such as South Korea (41.6%) and Hong Kong (36.8%) lead their Southeast Asian counterparts – Singapore (28.0%), Vietnam (13.6%), Thailand (13.2%) and Malaysia (8.6%).
A boon for Video and Gaming industry
Gaming is huge in Southeast Asia, notably in Thailand and Indonesia, and operators can take advantage of this offering with partnerships and value-added services with cloud gaming, high bandwidth and low latency packages. With cloud gaming, gamers can access a library of popular high-quality games minus the need for expensive hardware which has been the case in the past. This platform allows content creators and publishers to access the huge Southeast Asian market and monetise.
B2B2x is not a new concept where operators partner with leading providers of video streaming services through direct billing and 5G will be able to offer low latency, for example for live events. This brings in not just a commission per subscriber but additional revenue for the additional network features such as low latency.
Video streaming providers such as Netflix, Viu, Hooq and Iflix are worthy partners for a subscription – so are ad-based video-on-demand services. Live sports streaming service also makes for a very lucrative opportunity with 5G features of high data throughput and low latency.
Readiness through digital transformation
Efforts for preparedness for this business shift means significant operational and technology platform improvements, operating on the cloud, ease of incorporating the partner ecosystem and supporting a multitude of pricing models. DX should run parallel to the build of 5G public and private networks for a telecom provider to be in a leadership position and for them to be able to fully monetise 5G. Operators will be making major changes to OSS and BSS to support 5G use cases with the ultimate goal of ensuring customer-centricity.
Ecosystm research finds that nearly two-thirds of telecom providers are looking to increase their cybersecurity spending in the year. It is also clear that the biggest driver of that spend are their DX projects (Figure 1).
Cybersecurity is of paramount importance more than ever now with the increase in devices, software-based network services and edge computing. It is essential that a robust cybersecurity framework is in place as 5G will drive DX in enterprises, power the Digital Economy and provide the critical core infrastructure for Industry 4.0. Operators need to ramp up investment in cybersecurity technology, processes and people. A telecom operator’s compromised security can have country-wide, and even global consequences. As networks become more complex with numerous partnerships, there is a need for strategic planning and implementation of cybersecurity, with clear accountability defined for each party.
While Vodafone remains one of the leading global telecommunications providers, they face the need to transform their services and reach out to a wider audience. The customer base of a typical telecom provider is shifting, and they can no longer afford to just focus on consumers and need to include enterprises in their go-to-market strategy. Beyond the usual offerings of connectivity and mobile plans, Vodafone Business has solutions for Unified Communications, IoT and Cloud, to help grow their enterprise customer base. Ecosystm Principal Advisor, Tim Sheedy says, “Vodafone is one of the most successful telecom providers in the business space. Vodafone Business already represents around 30% of the Vodafone Group revenue, and unlike most in the telecommunications sector, they are showing growth (albeit moderate!).”
The Role of Telecom Providers in the Cybersecurity Market
An area where enterprises continue to need guidance and support is cybersecurity. The results of the UK Government’s Cyber Security Breaches Survey 2019 found that 32% of UK businesses had experienced a cyber-attack in the previous 12 months. More than a third of UK organisations have made changes in their cyber policies because of the GDPR – a majority focusing on policies first. It is not surprising therefore that Vodafone should identify cybersecurity as the next area of focus for their enterprise offerings.
Sheedy says, ”Cybersecurity services are one of the fastest-growing areas in technology. But because of this, it is a also a crowded market with everyone – from the big telecom providers, IT services providers, big audit firms, mid-sized technology providers down to the smaller cybersecurity experts – playing for this growing spend. It can, however, be argued that telecom providers have some of the deepest experience in cybersecurity and managing the risks – their networks are probably the most targeted by hackers and malicious actors. Telecom providers have massive teams just to stop threats from one or two countries. With all the work they do to protect their own network, they should have the skills to help protect the networks and assets of their clients.”
Ecosystm Principal Advisor, Alex Woerndle concurs, “Telecom providers are perfectly positioned to transition into managed security service providers (MSSPs). They already have the experience in providing a range of managed services, the ability to scale to support clients and some ready-made expertise internally in their in-house cybersecurity capabilities.”
Vodafone’s Foray into Cybersecurity
Vodafone Cyber Enhanced focuses on selected cybersecurity areas – threat analysis and intelligence, managed firewall and managed security services. The global Ecosystm Cybersecurity study finds that the solutions that organisations will invest in most in 2020 are Security Operations (SecOps) & Incident Response (by a third of global organisations) and Threat Analysis & Intelligence (by 20% of global organisations).
Commenting on the areas Vodafone is focusing on, Woerndle says, “Threat analysis and intelligence is where a lot of established SecOps providers and MSSPs are really focusing now. Previously it was simply a matter of monitoring alerts and reporting. Businesses and in-house security teams are now seeking more proactive assistance in searching for threats, before they become attacks. The challenge they face is catching up – effectively jumping from just being another SecOps centre (SOC) monitoring and reporting alerts, to matching the more mature SOCs with proactive threat intelligence to help clients mitigate before an attack is launched. This takes time, as it needs maturity of the SOC and the team, and also data, which established providers have accrued plenty of, over an extended period. While a managed firewall is not really a new service, it makes some sense to couple it with other managed security services to deliver a broader program. Vodafone is absolutely targeting the areas that businesses are looking into presently.”
Woerndle adds, “MSSPs will be crucial to the security sector moving forward. There has been a rapid growth of vendor solutions creating a very confusing market for tech buyers. This is coupled with a tight labour market for skilled people who can manage the tools. It is not surprising , therefore, that 86% of organisations across the world will look to engage with an MSSP when deploying a cybersecurity solution, according to Ecosystm research.”
Sheedy sees an opportunity for Vodafone to go global with their cybersecurity capabilities. “If Vodafone can compete with the bigger players (and perhaps partner with or complement the offerings of the smaller ones), then they should find a significant opportunity, especially within their larger clients – particularly as they move into the software-defined networking space. However, given the confusion around cybersecurity, they should expand their focus beyond larger enterprises to businesses over about 100 employees. As one of the largest global telecom providers, with one of the largest networks, they can be an important player in the cybersecurity space – growing the spend in their business clients. And while this is a UK play for now, one assumes that they will look to expand across their operating countries as Vodafone Cyber Enhanced gains traction.”
In our blog, Artificial Intelligence – Hype vs Reality, published last month we explored why the buzz around AI and machine learning have got senior management excited about future possibilities of what technology can do for their business. AI – starting with automation – is being evaluated by organisations across industries. Several functions within an organisation can leverage AI and the technology is set to become part of enterprise solutions in the next few years. AI is fast becoming the tool which empowers business leaders to transform their organisations. However, it also requires a rethink on data integration and analysis, and the use of the intelligence generated. For a successful AI implementation, an organisation will have to leverage other enabling technologies.
Technologies Enabling AI
IoT
Organisations have been evaluating IoT – especially for Industry 4.0 – for the better part of the last decade. Many organisations, however, have found IoT implementations daunting for various reasons – concerns around security, technology integration challenges, customisation to meet organisational and system requirements and so on. As the hype around what AI can do for the organisation increases, they are being forced to re-look at their IoT investments. AI algorithms derive intelligence from real-time data collected from sensors, remote inputs, connected things, and other sources. No surprise then that IoT Sensor Analytics is the AI solution that is seeing most uptake (Figure 1).
This is especially true for asset and logistics-driven industries such as Resource & Primary, Energy & Utilities, Manufacturing and Retail. Of the AI solutions, the biggest growth in 2020 will also come from IoT Analytics – with Healthcare and Transportation ramping up their IoT spend. And industries will also look at different ways they can leverage the IoT data for operational efficiency and improved customer experience (CX). For instance, in Transportation, AI can use IoT sensor data from a fleet to help improve time, cost and fuel efficiency – suggesting less congested routes with minimal stops through GPS systems, maintaining speeds with automated speed limiters – and also in predictive fleet maintenance.
IoT sensors are already creating – and will continue to create large amounts of data. As organisations look to AI-enabled IoT devices, there will be a shift from one-way transactions (i.e. collecting and analysing data) to bi-directional transactions (i.e. sensing and responding). Eventually, IoT as a separate technology will cease to exist and will become subsumed by AI.
Cloud
AI is changing the way organisations need to store, process and analyse the data to derive useful insights and decision-making practices. This is pushing the adoption of cloud, even in the most conservative organisations. Cloud is no longer only required for infrastructure and back-up – but actually improving business processes, by enabling real-time data and systems access.
Over the next decades, IoT devices will grow exponentially. Today, data is already going into the cloud and data centres on a real-time basis from sensors and automated devices. However, as these devices become bi-directional, decisions will need to be made in real-time as well. This has required cloud environments to evolve as the current cloud environments are unable to support this. Edge Computing will be essential in this intelligent and automated world. Tech vendors are building on their edge solutions and tech buyers are increasingly getting interested in the Edge allowing better decision-making through machine learning and AI. Not only will AI drive cloud adoption, but it will also drive cloud providers to evolve their offerings.
The global Ecosystm AI study finds that four of the top five vendors that organisations are using for their AI solutions (across data mining, computer vision, speech recognition and synthesis, and automation solutions) today, are also leading cloud platform providers (Figure 2).
The fact that intelligent solutions are often composed of multiple AI algorithms gives the major cloud platforms an edge – if they reside on the same cloud environment, they are more likely to work seamlessly and without much integration or security issues. Cloud platform providers are also working hard on their AI capabilities.
Cybersecurity & AI
The technology area that is getting impacted by AI most is arguably Cybersecurity. Security Teams are both struggling with cybersecurity initiatives as a result of AI projects – and at the same time are being empowered by AI to provide more secure solutions for their organisations.
The global Ecosystm Cybersecurity study finds that one of the key drivers that is forcing Security Teams to keep an eye on their cybersecurity measures is the organisations’ needs to handle security requirements for their Digital Transformation (DX) projects involving AI and IoT deployments (Figure 3).
While AI deployments keep challenging Security Teams, AI is also helping cybersecurity professionals. Many businesses and industries are increasingly leveraging AI in their Security Operations (SecOps) solutions. AI analyses the inflow and outflow of data in a system and analyses threats based on the learnings. The trained AI systems and algorithms help businesses to curate and fight thousands of daily breaches, unsafe codes and enable proactive security and quick incident response. As organisations focus their attention on Data Security, SecOps & Incident Response and Threat Analysis & Intelligence, they will evaluate solutions with embedded AI.
AI and the Experience Economy
AI has an immense role to play in improving CX and employee experience (EX) by giving access to real-time data and bringing better decision-making capabilities.
Enterprise mobility was a key area of focus when smartphones were introduced to the modern workplace. Since then enterprise mobility has evolved as business-as-usual for IT Teams. However, with the introduction of AI, organisations are being forced to re-evaluate and revamp their enterprise mobility solutions. As an example, it has made mobile app testing easier for tech teams. Mobile automation will help automate testing of a mobile app – across operating systems (Figure 4). While more organisations tend to outsource their app development functions today, mobile automation reduces the testing time cycle, allowing faster app deployments – both for internal apps (increasing employee productivity and agility) and for consumer apps (improving CX).
CX Teams within organisations are especially evaluating AI technologies. Visual and voice engagement technologies such as NLP, virtual assistants and chatbots enable efficient services, real-time delivery and better customer engagement. AI also allows organisations to offer personalised services to customers providing spot offers, self-service solutions and custom recommendations. Customer centres are re-evaluating their solutions to incorporate more AI-based solutions (Figure 5).
The buzz around AI is forcing tech teams to evaluate how AI can be leveraged in their enterprise solutions and at enabling technologies that will make AI adoption seamless. Has your organisation started re-evaluating other tech areas because of your AI requirements? Let us know in the comments below.
With the advancements in the technology landscape, the CIO’s role has become increasingly complex. One of the key challenges they face is in emerging and newer technology implementations, which require them to identify and partner with newer tech vendors. The common challenges that tech buyers face today include:
- The emergence of newer technologies that are catching the fancy of the C-suite and they are expected to adopt and deliver
- Getting management buy-in for IT investments (increasingly including discussions on ROI)
- Need to involve business stakeholders in tech decision-making
- Lack of sufficiently skilled internal IT
- Engagement with multiple tech vendors (including newer vendors that they have to establish a relationship with)
- Digital transformation projects that might require an overhaul (or at least a re-think) of IT systems
- Backdrop of compliance and risk management mandates
Many of these challenges will require the sourcing of new technology or a new tech partner and rethinking their vendor selection criteria. And selecting a tech vendor can be hard. The mere fact that there is an industry whose sole purpose is to help businesses select tech vendors goes to show the massive gap between what these providers sell and what businesses want. If there was easy alignment, the Tech Sourcing professionals and businesses would not have existed.
But over my time working with Tech Sourcing professionals, CIOs and business leaders, I have picked up on a few key factors that you should incorporate in your vendor selection process best practices. First and foremost, you are looking for a partner – someone who will be with you through the good and bad. Someone whose skills, products, services – and most importantly – culture, match your business and its needs.
I believe that the technology ecosystem is not really as competitive as we think. Yes, in practice Google competes with Microsoft in the office productivity space. But I often hear about companies moving from one to the other not for features, function or even price – but for a cultural match. Some traditional businesses were hoping Google can help them become more innovative, but in reality, their business culture smothered Google and meant they could not benefit from the difference in the ways of working. And I am not suggesting Microsoft is not innovative – more that Office represents the traditional ways of working – and perhaps can help a business take a more stepwise approach to change its own culture.
And I regularly hear about IT services deals (managed services, systems integration, consulting etc) going to the company that made the most sense from a cultural fit – where they were willing to take on the culture of their customer and embrace that way of working. In fact, I have been brought into many deals where a company hired a strategic consultant to create a new digital strategy or AI strategy, only to receive a document that is unworkable in their business and their culture.
So, I believe every strategic technology relationship should start and end with a cultural match. This company is a partner – not just a provider. How do you determine if they are a partner and measure cultural match? Well, that is the topic of an upcoming report of mine, so watch this space!
Questions You Should Ask Before Stepping in the Ring
There are also a number of questions that you should ask along with the partnership discussion:
- How will this solution change the organisation?
- What are the risks either way (of implementing or not implementing the solution)?
- Does the solution solve a key business problem?
- Is it likely to have more impact than the solution it is replacing?
- Where will the funding for the implementation come from?
- Have you calculated the ROI and the time to deployment?
- Have you baselined the current scenario so that you can measure improvement?
These can inform you of the business impact of the solution – and what you need to do to prepare for successful implementation (if you plan for success, you are more likely to be able to get faster benefits than if you do not plan for the change!)
Engagement Criteria for Your Shortlisting Process
In order to determine vendor selection process best practices, Ecosystm research tries to unearth the top criteria that organisations employ when shortlisting the vendors that they want to engage, across multiple technologies.
There is still a skills gap in internal IT and organisations want technical guidance from their Cloud and IoT vendors. With the plethora of options available in these tech areas, CIOs and IT teams also tend to look at the brand reputation when engaging with the vendor. Very often, organisations looking to migrate their on-prem solutions on the cloud engage with existing infrastructure providers or systems integrators for guidance, and existing relationships are significant. IoT solutions tend to be very industry-specific and a portfolio of specific industry use cases (actual deployments – not proofs of concept) can be impactful when selecting a vendor for planned deployments.
Artificial intelligence (AI) deployments are often linked with digital transformation (DX). Organisations look for a vendor that can understand the organisational strategy and customise the AI solutions to help the organisation achieve its goal. Adoption of AI is still at a nascent stage globally across all industries. Many organisations do not have the right skills, such as data scientists, yet. They appreciate that integration with internal systems will be key to reap the full benefits of the solutions, especially if the entire organisation has to benefit from the deployments. They also anticipate that they would have to have a continuous period of engagement with their vendors, right from identifying the right data set, data cleaning to the right algorithms that keep learning. Organisations will look at vendor partners who are known for delivering better customer experience.
This is true for cybersecurity solutions as well, as organisations are driven to continue their investments to adhere to the internal risk management requirements. Given how fragmented the cybersecurity landscape has become, organisations will also wish to engage with vendors that have an end-to-end offering, especially a managed security service provider (MSSP). Cybersecurity vendors are increasingly strengthening their partner ecosystem so that they can provide their client with the single-point-of-contact that they want.
Of the technologies mentioned in the figure, mobility is arguably the most mature. As organisations revisit their enterprise mobility solution as they go increasingly ‘Mobile First’, their requirements from their mobility vendors are more specific. They have decided over the years which OSs they want to support their enterprise applications and are looking for vendors with robust cloud offerings.
The vendor selection criteria will likely be different for each technology area. And as your knowledge and understanding of the technology increases, you should be able to drill the requirements down to the solution level, while making sure you engage with a vendor with the right culture.
Tim Sheedy’s upcoming report, ‘Best Practices for Vendor Evaluation and Selection’ is due to be published in February 2020.
The telecommunications industry has long been an enabler of Digital Transformation (DX) in other industries. Now it is time for the industry to transform in order to survive a challenging market, newer devices and networking capabilities, and evolving customer requirements. While the telecom industry market dynamics can be very local, we will see a widespread technology disruption in the industry as the world becomes globally connected.
Drivers of Transformation in the Telecom Industry
Remaining Competitive
Nokia Bell Labs expects global telecom operators to fall from 10 to 5 and local operators to fall from 800 to 100, between 2020 and 2025. Simultaneously, there are new players entering the market, many leveraging newer technologies and unconventional business models to gain a share of the pie. While previous DX initiatives happened mostly at the periphery (acquiring new companies, establishing disruptive business units), operators are now focusing on transforming the core – cost reduction, improving CX, capturing new opportunities, and creating new partner ecosystems – in order to remain competitive. There is a steady disaggregation in the retail space, driving consolidation in traditional network business models.
“The telecom industry is looking at gradual decline from traditional services and there has been a concerted effort in reducing costs and introducing new digital services,” says Ecosystm Principal Advisor, Shamir Amanullah. “Much of the telecom industry is unfortunately still associated with the “dumb pipe” tag as the over-the-top (OTT) players continue to rake in revenues and generate higher margins, using the telecom infrastructure to provide innovative services.”
Bringing Newer Products to Market
Industries and governments have shifted focus to areas such as smart energy, Industry 4.0, autonomous driving, smart buildings, and remote healthcare, to name a few. In the coming days, most initial commercial deployments will centre around network speed and latency. Technologies like GPON, 5G, Wifi 6, WiGig, Edge computing, and software-defined networking are bringing new capabilities and altering costs.
Ecosystm’s telecommunications and mobility predictions for 2020, discusses how 5G will transform the industry in multiple ways. For example, it will give enterprises the opportunity to incorporate fixed network capabilities natively to their mobility solutions, meaning less customisation of enterprise networking. Talking about the opportunity 5G gives to telecom service providers, Amanullah says, “With theoretical speeds of 20 times of 4G, low latency of 1 millisecond and a million connections per square kilometre, the era of mobile Internet of Everything (IoE) is expected to transform industries including Manufacturing, Healthcare and Transportation. Telecom operators can accelerate and realise their DX, as focus shifts to solutions for not just consumers but for enterprises and governments.”
Changing Customer Profile
Amanullah adds, “Telecom operators can no longer offer “basic” services – they must become customer-obsessed and customer experience (CX) must be at the forefront of their DX goals.” But the real challenge is that their traditional customer base has steadily diverged. On the one hand, their existent retail customers expect better CX – at par with other service providers, such as the banking sector. Building a customer-centric capability is not simple and involves a substantial operational and technological shift.
On the other hand, as they bring newer products to market and change their business models, they are being forced to shift focus away from horizontal technologies and connecting people – to industry solutions and connecting machines. As their business becomes more solution-based, they are being forced to address their offerings at new buying centres, beyond IT infrastructure and Facilities. Their new customer base within organisations wants to talk about a variety of managed services such as VoIP, IoT, Edge computing, AI and automation.
The global Ecosystm AI study reveals the top priorities for telecom service providers, focused on adopting emerging technologies (Figure 1). It is very clear that the top priorities are driving customer loyalty (through better coverage, smart billing and competitive pricing) and process optimisation (including asset maintenance).
Technology as an Enabler of Telecom Transformation
Several emerging technologies are being used internally by telecom service providers as they look towards DX to remain competitive. They are transforming both asset and customer management in the telecom industry.
IoT & AI
Telecom infrastructure includes expensive equipment, towers and data centres, and providers are embedding IoT devices to monitor and maintain the equipment while ensuring minimal downtime. The generators, meters, towers are being fitted with IoT sensors for remote asset management and predictive maintenance, which has cost as well as customer service benefits. AI is also unlocking advanced network traffic optimisation capabilities to extend network coverage intelligently, and dynamically distribute frequencies across users to improve network experience.
Chatbots and virtual assistants are used by operators to improve customer service and assist customers with equipment set-up, troubleshooting and maintenance. These AI investments see tremendous improvement in customer satisfaction. This also has an impact on employee experience (EX) as these automation tools free workforce from repetitive tasks and they be deployed to more advanced tasks.
Telecom providers have access to large volumes of customer data that can help them predict customer usage patterns. This helps them in price optimisation and last-minute deals, giving them a competitive edge. More data is being collected and used as several operators provide location-based services and offerings.
In the end, the IoT data and the AI/Analytics solutions are enabling telecom service providers to improve products and solutions and offer their customers the innovation that they want. For instance, Vodafone partnered with BMW to incorporate an in-built SIM that enables vehicle tracking and provides theft protection. In case of emergencies, alerts can also be sent to emergency services and contacts. AT&T designed a fraud detection application to look for patterns and detect suspected fraud, spam and robocalls. The system looks for multiple short-duration calls from a single source to numbers on the ‘Do Not Call’ registry. This enables them to block calls and prevent scammers, telemarketers and identity theft issues.
Cybersecurity
Talking about the significance of increasing investments in cybersecurity solutions by telecom service providers, Amanullah says, “Telecom operators have large customer databases and provide a range of services which gives criminals a great incentive to steal identity and payment information, damage websites and cause loss of reputation. They have to ramp up their investment in cybersecurity technology, processes and people. A telecom operator’s compromised security can have country-wide, and even global consequences. As networks become more complex with numerous partnerships, there is a need for strategic planning and implementation of security, with clear accountability defined for each party.”
One major threat to the users is the attack on infrastructure or network equipment, such as routers or DDoS attacks through communication lines. Once the equipment has been compromised, hackers can use it to steal data, launch other anonymous attacks, store exfiltrated data or access expensive services such as international phone calls. To avoid security breaches, telecom companies are enhancing cybersecurity in such devices. However, what has become even more important for the telecom providers is to actually let their consumers know the security features they have in place and incorporate it into their go-to-market messaging. Comcast introduced an advanced router to monitor connected devices, inform security threats and block online threats to provide automatic seamless protection to connected devices.
Blockchain
Blockchain can bring tremendous benefits to the telecom industry, according to Amanullah. “It will undeniably increase security, transparency and reduce fraud in areas including billing and roaming services, and in simply knowing your customer better. With possibilities of 5G, IoT and Edge computing, more and more devices are on the network – and identity and security are critical. Newer business models are expected, including those provided for by 5G network slicing, which involves articulation in the OSS and BSS.”
Blockchain will be increasingly used for supply chain and SLA management. Tencent and China Unicom launched an eSIM card which implements new identity authentication standards. The blockchain-based authentication system will be used in consumer electronics, vehicles, connected devices and smart city applications.
Adoption of emerging technologies for DX may well be the key to survival for many telecom operators, over the next few years.
What used to be commonly known by names such as computer security or IT security is now most commonly referred to as cybersecurity. The techniques of securing computers, applications, networks, programs and data have evolved and so has the terminology. The change in the jargon reflects the progression from discrete to interconnected devices and networks. It is only when the computers and devices became connected with each other – and with the Internet – that the issues and attempts of unauthorised access became prominent.
Simply put, cybersecurity is the protection of computer systems from cyber-attacks. This is made possible with multiple layers of security across the system, individual devices, enterprises and even nations against unauthorised access and exploitation.
Cybersecurity is a constant battle
Preventing cyberattacks is a challenging task for security professionals and to accomplish that, cybersecurity experts should stay ahead of cyber attackers and cybercriminals. A range of effective methods and technologies have been devised to strengthen cybersecurity. One important aspect of cybersecurity is identity and access management (IDAM). IDAM allows various defined levels of access on the basis of individual roles, administrator levels and even at a system level. The common IDAM methods include single sign-on systems, multi-factor authentication, privileged access management (PAM), biometrics, voice or facial recognition, and other distinctive physical attributes to verify and identify individuals. IDAM procedures are being implemented at all levels of businesses, enterprises and even for national-level security with the growth of eGovernment systems.
Another common security measure is Security Information and Event Management (SIEM) software and services. The term combines security information management (SIM) and security event management (SEM) and is provided by vendors as software or appliance. SIEM works by collecting log data and delivering real-time insights and generates security alerts using a range of techniques. SIEM is used by enterprises where compliance to a set, or sets, of rules is a strong factor. In addition, it also prevents interferences from individual attackers, organised crime groups, or other actors.
SIEM systems comprise three major components:
- Data collection. SIEM system collects logs and data from system activity, access, firewalls, application monitors, operating system layers and network traffic and generates an event every time activity happens.
- Data analysis. The SIEM system is tasked with correlating and analysing data in a format. The analysis is performed in various ways: log management and retention, event correlation, user activity monitoring, and predictive and forensic analysis.
- Another major step is reporting in the form of real-time alerts, dashboards, email and SMS notifications of events, analytical reporting, auditing and governance, and compliance.
The global Ecosystm Cybersecurity Study covers various cybersecurity solutions such as Crisis Communication solutions; Security Operations & Incident Response, IDAM and more. The study shows that organisations are primarily focusing more on Application, Data and Network level security, whereas, the other cybersecurity fields such as Crisis communication, Fraud transaction, IDAM, Threat Analysis and Reporting are looked down.
National Cybersecurity and Safety
Countries across the globe are accelerating their cybersecurity efforts to address risks, enhance public safety, protect communications, safeguard mission-critical applications and prevent threats. Cybersecurity is important to governments, where it is increasingly seen as an area of international conflict. Most countries have now setup their dedicated national cybersecurity centres, drawing on the capabilities of private industry, government and academic specialists in the area.
As cybersecurity threats have proliferated and computer technology has advanced, government data security compliance has become increasingly complex. The governments of various nations have set up compliances with a wave of new privacy regulations.
Security is an ongoing and constant effort which should be adopted at an individual, business, organisation, enterprise and national level. To strengthen cybersecurity there are many excellent solutions, a range of comprehensive suites and products. However, malicious parties and criminals are constantly employing new techniques and technologies. It is a new arms race, and there is no one size fits all solution.