Verizon global lead, IoT security: ‘We live in an insecure world’
Verizon and AT&T execs talk IoT security
In a new interview with Mobile World Live, Verizon Global Lead of IoT Security and International Strategy Harm Jan Arendshorst highlighted the security challenges associated with the explosion of network endpoints as the internet of things (IoT) continues to take hold in consumer, enterprise and industrial uses. He also pointed out the collaborative opportunity presented by the need to address these security-related challenges.
In the video interview, Arendshorst said recent data hacks “have proven that we live in an insecure world, and it is becoming more and more important to, not just as an industry, but across industry, work together to fight those kind of risks. IoT is a good vehicle to get into that collaborative mode, not just for mobile operators, but for financial services organizations, government agencies and other industries as well.”
His comments come in response to a question about the implications of the European Union’s General Data Protection Regulation (GDPR), which goes into effect May 25, 2018. Writing in Lexology, attorneys Adam Finlay and Ruairi Madigan of firm McCann FitzGerald point out five areas of the GDPR of “particular relevance” to the IoT:
- Data controllers are required to notify users when a data breach occurs;
- More strict rules concerning acknowledgment of consent that data is being shared;
- GDPR “will impose obligations on data controllers to adopt significant new technical and organizational measures to demonstrate their compliance;”
- Consumers will get a new set of rights–“the right to object to automated decision making,” for instance;
- And children under age 13 won’t be able to consent to release personal data.
In an interview earlier this year with RCR Wireless News, Verizon VP of IoT Connected Solutions Mark Bartolomeo said privacy and security “are really top of mind…Ensuring that we’re protecting information and we’re providing the appropriate informed consent. I think the second piece of this is data analytics. Part of reducing complexity is how we deliver information to our customers. I need to be able to deliver information that our customers can actually execute against and that requires predictive and prescriptive analytics. People don’t want just data, they want information.”
During Mobile World Congress 2017, AT&T SVP of IoT Chris Penrose highlighted the fundamental importance of securing the IoT: “Security is paramount. It’s the No. 1 thing people are concerned about when they’re thinking about doing IoT,” Penrose said. “We take a multilayer approach to security. We really kind of look at it at the device layer – what do we need to be doing to the device itself to secure that device. Then we look at the network layer – what do we need to be doing when data is in transit, then we look at it at the application layer. What’s unique also for AT&T is we have these networks that go all over the world and we can actually see a lot of the bad actors and threats happening before it might even be realized on the other end. Our ability to bring threat detection and to potentially alert you to a threat that we’re seeing or to even take action based upon the threat we’re seeing and/or protect other similarly situated customers. On top of that we’ve even introduced an IoT security consultancy practice where we will bring out security experts to look at the solution you’re looking to deploy and make sure we’ve pressure tested it end to end. It’s always going to be a continuous challenge to stay in front of it.”