What Can Telcos Do To Protect The Privacy Of Their Subscribers?

As enterprises and individuals both embrace digital transformation, telcos are also being pushed to innovate to meet market and subscriber demands. Value-added offerings that leverage the capabilities of technology solutions like 5G connectivity and A2P SMS for enterprises promise telcos the ability to generate revenue and thrive in a competitive market. For example, Ericsson predicts that telcos will generate additional revenue of $3.7 trillion by 2030 through various 5G-driven options.

However, as telcos get more innovative with their offerings, they have to be careful about opening the doors to new problems. One major concern in that context is the need to prioritize subscribers’ privacy.

Over the last few years, subscribers have become increasingly aware of their right to privacy. Studies have shown that 60% of subscribers are concerned about how their data is used. 47% of them believe that the apps they use gather their data through GPS, microphones, etc. There is a general uneasiness about privacy because of a lack of trust about the intent of businesses that have access to their data. It’s not just about the privacy of course. People are also worried about safety and security as cyber crimes have increased by 600% in 2020 alone.

As technologies get more sophisticated and operations more high-touch, telcos need to find ways to protect the privacy of their subscribers. They need to do this to regain the subscribers’ trust.

Here are some ways to safeguard their privacy.

How Can Telcos Protect The Privacy Of Their Subscribers?

In 2018, the General Data Protection Regulation (GDPR) was initiated across the EU to protect people’s privacy. Telcos were also covered under this regulation. This means that telcos were equally responsible for safeguarding the subscribers’ privacy and data.

To safeguard subscribers from data breaches or privacy threats, telcos are implementing solutions such as:

  1. Content filtering

A2P SMS has become a popular communication channel for enterprises to reach out to subscribers. However, subscribers have been receiving an overload of SMS. Many of these messages are spam. To ensure that subscribers receive only genuine messages, telcos have started using content filtering options to identify and block spam messages. These filters look for messages with specific keywords or certain types of content, which could be considered spam, and block them before sending them to subscribers. Many countries in large telecom markets have already initiated a process where the messages are scrubbed, standardized, and sent in a specific template to safeguard subscribers from spam messages.

  1. SMS firewall

Considering that SMSes are vulnerable to suspicious malware attacks and spams, telcos use SMS firewalls to block illegal SMS traffic. When a message comes to the telecom operator’s network, the firewall immediately scans them for its originator, source, and route. It analyzes the messages and classifies them. The messages are immediately blocked, and the sender is informed if found to be suspicious. Telcos can also set intelligent firewall rules to determine which messages are authorized and unauthorized and also allow or reject SMS traffic accordingly. An SMS firewall protects the subscribers’ privacy and protects the telcos from losing their reputation and revenue over spurious messages.

  1. Direct routing

Grey routes have always been a concern for telcos as the messages are sent through unauthorized networks. As there is little control over these unethical routes, telcos stand to lose an estimated $62 billion of their revenue. Also, considering that these SMSes are sent through unethical networks that are inherently subject to less management and oversight, they could pose a privacy threat for subscribers and expose them to vulnerabilities. The solution to this problem is direct routing. Telcos can directly connect with operators in different countries, so the messages are sent directly to the subscribers in that country. Telcos can also set up re-routing or test the routes to ensure that the messages are sent through reliable networks. Telcos can also identify and fix routes that are suspicious to safeguard the data and privacy of subscribers.

Conclusion

Although telcos use sophisticated tools to bring transparency in their solutions, they cannot combat privacy breaches alone. Safeguarding the subscribers’ privacy requires combined efforts from Governments and enterprises too. Governments have started implementing regulations such as GDPR. As for enterprises, they are also developing products that have privacy firmly integrated into all phases of development. Ericsson says that even telcos must implement privacy by design to ensure that security and privacy policies are followed.

Innovative solutions will become a mainstay in the future. Subscribers will widely use technologies like 5G and connected devices. By making privacy a default element, telcos, enterprises, and governments will be able to safeguard the subscribers from vulnerabilities and ensure that they receive the best service and experience. Telcos and enterprises must also work with a trustworthy telecom solutions provider to ensure that their solutions are safe.

 

Why enterprise digital transformation conversations must include a focus on the mobile

2020 made the enterprise universe fundamentally reassess ways of working. The push towards digital transformation, something that had been growing over the years, accelerated as the pandemic forced everyone to work from home. Organizations had to realign their IT budgets, modernize infrastructure, and identify digital channels. They turned to digital means to drive customer experience, accelerate revenues, improve operational excellence, and enable collaboration and innovation while ensuring business continuity.

Digital transformation has now become crucial to sustaining growth. However, while digital transformation depends on technology that can improve the capacity to chase new revenue streams or business models, technology alone does not guarantee digital transformation. Organizations have to reshape how they strategize and learn to utilize technology in newer ways. This isn’t always about adopting cutting-edge technologies. It’s equally about how to leverage the omnipresent technologies of the day, like the mobile phone.

Let’s look at the starring role for the mobile in enterprise digital transformation and the opportunity this creates for telcos and communication service providers.

Mobility and its role in Digital Transformation

Enterprises looking to leverage digital technologies to transform their organization have to employ mobile to drive company-wide transformation.

Research suggests that 82% of executives agree mobile technologies are the face of digital transformation. This can’t come as a surprise given the growing smartphone proliferation and deep adoption in the enterprise space. Today, 80% of executives believe that workers cannot do their jobs without their smartphones. 70% of access to enterprise systems is via mobile devices.

Digital transformation conversations are thus incomplete without adequate focus on mobile. When people regularly use enterprise software from a mobile device it indicates that the system has become the lifeblood of the business. The enterprise mobile app allows employees to connect to core processes from anywhere, at any time, and be productive, free of locational constraints.

The objective of digital transformation is to infuse a wave of efficiency across the length and breadth of the organization. By incorporating mobility as an integral component of digital transformation, organizations can unleash significant latent potential by empowering a new level of employee performance. They can gain the capacity to redistribute access and intelligence all through the ecosystem, drive productivity and collaboration, and improve customer experience.

Mobility is central to the enterprise digital transformation narrative because it assists enterprises to develop the capability to:

  • Improve customer experience and customer satisfaction, build rapport with overseas clients and connect with clients more efficiently across boundaries and time constraints
  • Increase productive time by providing “always-on” access to systems and processes
  • Improve the amount and quality of information captured because of multiple data touchpoints on the mobile application
  • Drive employee enablement at work irrespective of where work happens
  • Reach out and engage with customers on a channel of their choosing
  • Improve data and process portability and enable smooth content sharing to enhance collaboration and communication experiences
  • Increase time efficiencies and improve timely decision-making by providing access to vital data. This also increases cost efficiencies as storage and retrieval of data become synchronized along with complete access control of all the systems.
  • Reduce costs by eliminating paper-based workflows, enabling remote work, and helping employees do more work in less time.
  • Drive business process optimization and increase operational flexibility

Since the smartphone has cemented itself firmly into our lives, it’s no wonder that we are seeing similar trends in the enterprise. Given the power of mobility to enhance digital transformation initiatives, it makes abundant sense to adopt a mobile-first approach when embarking on the digital transformation journey.

The role of mobile operators and CSPs

The mobile is driving the ‘anytime, anywhere, and always available’ culture that these dynamic times demand. That’s why, we cannot discount the role of telcos, mobile operators, and CSPs in making this digitally-powered work environment a success.

Mobile operators and CSPs become important enablers of time and cost efficiencies especially as drivers of unified communication. Enabling retail quality routes, high clarity Voice using low-latency routes, and ensuring connections over IPX, multiple SIP protocol/codecs, or Managed IP become important enablers of connectivity to drive direct interconnections globally.

CSP’s and mobility carriers also must ensure that they have the right firewall solutions in place to protect themselves and block illegal traffic. They have to ensure that no A2P traffic reaches subscribers via the grey route to avoid monetary losses and unwelcome network congestions from spamming.

Enabling the right security protocols, system-level filtering, Intelligent SMS firewall rules, and guarantees of uptime with heartbeat redundancy become important consideration points to optimize the mobility experience.

In Conclusion

The role of mobile in the digital transformation narrative is only going to get stronger. Even companies like Microsoft have experienced ‘two years’ worth of digital transformation in two months”. McKinsey further notes that while the pace of the pre-COVID world was fast, the luxury of time has completely disappeared now. All along digital transformation emerges as the antidote to the crisis and an imperative for the new normal. Given the proliferation of smartphones and the app economy, enabling digital transformation without a focus on mobile is almost like wanting to bake a cake without an oven. As is apparent, telecom companies, mobile operators, and CSPs have a crucial supporting role there too.

 

The Value Of A Virtual Roaming Number – And How To Make It Work

As the world turns into a global village, connectivity has become important among businesses and people.

To help businesses and people stay connected irrespective of geographic locations, telecom companies have been offering attractive options to their users. One of them is virtual roaming numbers.

A virtual roaming number is a telephone number that is not limited to a specific phone device, area code, or line. Unlike traditional landlines that are physically connected to a location and designed to work over a single phone line or a mobile number that is typically tethered to a specific mobile service for coverage; a virtual roaming number is more flexible and devoid of physical constraint. So, even a company that is based in Asia can show its local presence in the US or UK by using a virtual number.

A virtual roaming number is flexible and saves costs on hardware and maintenance.

Considering that the virtual roaming number offers so many benefits to businesses and end-users; it makes a strong case for telecom companies to extend it as one of their services.

Here’s how telecom companies could benefit from the virtual roaming number.

Value Of Virtual Roaming Number For Telecom Companies
Opportunity to expand to new markets and expand penetration onto existing markets

The telecom industry is a fragmented industry that struggles to find ways to create revenue opportunities and new business models. Virtual numbers can help provide an attractive option to address that.

A virtual number is an online number. So, there are more opportunities for operators to expand and penetrate new and existing markets. In many ways, it may also be easier to get a license for operating a virtual number. Virtual number operators (VNO) can offer unique services and unique value propositions to a specific group of users in new markets to gain a competitive advantage. It can help them to acquire new subscribers for their service. For example, they can offer low-cost connectivity to people living in developing countries. A virtual network operator can also help in solving the teledensity issues in remote areas by investing in them. This can help them to gain more subscribers and penetrate deeper into existing markets where reach is less.

Attract more inbound roamers

According to a study, mobile operators earned$21 billion from roaming. Inbound roamers have captured the fancy of telecom operators for a long time. This solution enables them to offer competitive pricing and unique services to these users. It also enables them to capture loyalty if the user visits the place frequently for business or to meet their family or relatives. Virtual numbers are useful for frequent travelers as they can enjoy the benefits of a local number and make and receive calls effortlessly. As soon as an inbound roamer enters a place, they can obtain a prepaid local number roaming (PLNR) without changing their SIM. Once they activate the prepaid number, they can avail of all the local services until their stay. They can top up the virtual number easily and also use it for their future visits. Considering the value and convenience it offers to inbound roamers, operators must consider offering these services to gain more subscribers.

Minimal to zero investment in infrastructure

Virtual network operators do not have to duplicate infrastructure. Network Service Operators (NSO) who invest heavily in spectrum licenses can enter into a sharing model with virtual network operators. It creates a win-win situation for both. The VNO can minimize additional expenditure on infrastructure. If they are a new entrant, they can expand their services easily. The NSO, on the other hand, can earn a recurring income from the VNO and optimally monetize its resources. This helps them to minimize the losses incurred due to high operational costs.

Better service to users

In continuation with the point above, by sharing the infrastructure costs, the telecom operators can reduce the cost of service delivery. This benefit eventually gets passed on to their customers in the form of attractive pricing. Typically, a virtual roaming number works on an all-in-one model, i.e. it offers all types of services such as calling, messaging, VoIP, video conferencing, and data services. Considering that it blurs the lines between network and services, it will soon be able to offer better-bundled services to the users. It will give the power of choice to users.

The virtual roaming number plays well into the themes that are relevant to the future of the telecom industry by being more customer-centric. We have attractive and easy-to-deploy solutions for innovative and future-focused telecom operators who wish to offer . These solutions will help them acquire more users and stay a step ahead of the competition.

 

Some good news about security in all the hype around 5G

5G promises a future of technology-enabling innovation and a host of benefits. The technology underlying 5G marks a break with 4G in many ways, especially when demanding a fundamental reconceptualization of the communication networks. The previous mobile technology generations were built on a physical architecture while 5G, a completely virtual network, enables the convergence of networks and makes wireless communication a fundamental truth.

5G promises to support transformative applications, becoming a driver of a new world of intelligent factories, autonomous cars, and smart cities. We expect lightning-fast speed, increased capacity, and reduced latency. 5G is expected to be 100 times faster. Downloading a two-hour movie, for example, may take merely four seconds with 5G. Given its potential, some studies show that 5G can be expected to pump 12 trillion dollars into the global economy.

Just as 5G becomes the enabler of a totally connected world, it also raises concerns about enabling a larger surface area for cyberattacks. This is primarily because 5G networks connect more devices than previous technologies at a “fatter” bandwidth and with lower network latency. This means more endpoints to attack and an enabling network capacity that may make “brute force” attacks practically possible.

However, as with any new technology, an introduction of 5G requires revisiting cyber-security strategies. Building greater resilience by identifying and countering the risks specific to 5G can enable this technology to become a powerful force to generate revenues and drive profits.

The security challenge

Security is one of the major stumbling blocks to the adoption of 5G. Until now, navigating the security chasm was difficult because many standards that could govern its implementation and management hadn’t been fleshed out. Reliable estimates of the kind of new threats that could emerge were missing. While this could influence multiple aspects, its impact on security could be disastrous as it risks providing more elbow room for malicious elements to break down the defenses.

Clearly, keeping 5G networks secure and keeping them safe from malicious intent and activity for businesses and society alike will be essential for ensuring the safety of the end-users. With these concerns in mind, recent announcements of 5G specifications being updated and aligned with zero-trust tenets is good news.

Why zero-trust works in favour of 5G

A vital point to secure any network is to understand where vulnerabilities could arise. Usually, risks transition from one network to another at the point of interconnection. As such, it becomes essential that all the companies involved on each side of these transitions need to adopt a coordinated approach to ensure effective end-to-end security.

By aligning 5G specifications with zero-trust tenets, the telecom industry assumes a strong position to create a zero-trust architecture that everyone can “subscribe” to. The zero-trust security model becomes effective in the 5G scenario as it never makes any assumptions towards trustworthiness.

A zero-trust architecture facilitates secure network access to resources (data, devices, and services) and ensures that it is restricted to only the authorized and approved subjects ((users, devices, and services). This approach assumes an identity-centric approach based on the execution of policy-based authorization decisions in runtime in conjunction with traditional in-depth security principles. The right zero-trust architecture mitigates the risk of external attackers elbowing their way into the network or moving laterally in case of a security breach. The key areas where this zero-trust architecture needs implementing could be to:

  • Secure digital identities are the key factor that determine whether an access request should be accepted or not. A zero-trust architecture establishes protocols after assessing the environment, which includes virtualized deployments, multi-tenant environments, and the hardware ecosystem, to deliver secure identity lifecycle management.
  • Secure communication transport of user and signaling data across 3GPP interfaces. A zero-trust architecture ensures that all data is secured with cryptographic algorithms thereby delivering integrity protection and confidentiality
  • Manage the relationship between the host of logical and physical entities across the telecom network and create a capable policy framework that captures the access rules and requirements to determine eligibility requests. These policies enable the enforcement of micro-perimeters with fine-grained access control based on roles, credentials, and environmental attributes
  • Establish the right security posture of network assets and ensure compliance with security policies. Monitor and evaluate subjects, resources compliance, trustworthiness, and state to design access controls.

The journey towards zero-trust must be carefully calibrated and augmented with methodical decisions on when and how to implement the new security processes and deploy the new security technologies. Adopting the zero-trust principle improves the management of security risks to deliver a secure network and services.

However, the capability to implement a zero-trust architecture also depends heavily on the technologies, prioritizations, and policies considered. Successfully implementing zero trust can be a cornerstone of a holistic defense strategy to manage the risk of the infrastructure that has migrated to zero-trust and the infrastructure that hasn’t, both.

While this transition towards zero-trust is a major change in the telecom industry, 5G’s built-in compatibility with the zero-trust architecture will make it easier to define security practices and strategies applicable in different scenarios. As of now, the new functionalities and requirement specifications align with many zero-trust elements. This should help drive up the confidence of successful 5G implementations without worries over security concerns clouding the benefits. That is great news for the telecom sector and the world at large.

Why network and revenue protection is the highest need of the hour for telecom operators

The telecommunications industry is responsible for keeping the world connected. Telecom operators build, operate, and manage the complex network infrastructures required for all communications. Obviously, these networks deal with enormous amounts of sensitive data. This makes them attractive targets for attacks from malicious entities. The World Economic Forum in its Global Risks Report 2019, reported that the risk of cyber-attacks was among the top 5 fastest growing threats in public perception.

Telecom operators need to arm themselves against this growing risk. This post is an attempt to drive that point home by looking at where the threats could emerge from and their possible impact!

Telecommunications providers are under fire from two sides:

  1. They face direct attacks from cybercriminals intent on breaching their organization and network operations
  2. Indirect attacks from those in pursuit of their subscribers.
Main Network Security Threats Include:
Supply Chain Threats

As theGSMA has also said, telecom operators rely on numerous external suppliers to deliver infrastructure, products, and services. It represents a complex supply chain where downstream links inherent risks and vulnerabilities. Attackers need not address their planned target directly. In several cases, they can achieve their aim by compromising the supply chain where it is least secure.

Instances of supply chain threats are common including tampering with chipsets,vendors releasing devices in an insecure state<, and government decisions impacting supply chain resilience. This highlights the significance of understanding how products are developed and introduced into the ecosystem and managed throughout their lifecycle. The software supply chain is arguably more complicated. According to the 2018 evSecOps Community Survey, there was a 55% increase in breaches caused by vulnerable open-source software.

A failure to secure the supply chain can result in erosion of brand and trust, regulatory action, and high costs to the operator. The onus is on telecom operators to examine the products, toolsets, and technologies that form a part of their infrastructure from the security perspective.

Data Privacy

Mobile Network Operators specifically and telecom operators, in general, must gather, process, and store customer data to operate efficiently. Privacy concerns have triggered onerous regulations like GDPR in several locations. An inability to understand these laws or poor implementation can curb the flow of data and curtail the operator’s overall view of their network. Obviously, this can trigger inefficiencies for the network and create openings for attackers to go undetected, and pose a threat to the privacy and security of citizen’s data.

Such a failure to consider consumer privacy, regardless of legislative requirements, can also result in stiff fines, penal action, and even a brand-killing backlash, as seen with the LocationSmart service in the US.

Signaling Threats

As those in the telecom sector know, a signaling exchange establishes/maintains a communication channel or session on mobile telecommunications networks and assigns resources, and manages networks universally. 2/3G leverages SS7 and SIGTRAN, while 4G depends on Diameter. All generations employ SIP and GTP. Several essential services, such as short messaging service (SMS), are managed by these protocols.

While tried, tested, and trusted, many of these protocols are dated. They were often applied without an authority model but depended on implicit trust within a closed industry. Now look at the inherent insecurity of this approach in the context of the role in operating several network functions, and it will be clear that any security threats identified against these services will have a high impact. Many will remember that in 2017 an incident in Washington DC, close to the White House, saw attackers use a fake base station and SS7 access to obtain subscriber information.

Predominantly these attacks target consumers and cause a breach of privacy with all the ramifications of potential regulatory action and reputational damage.

Cloud Threats

The network perimeter is blurring, and the cloud is being regularly leveraged to facilitate operators’ operations. The cloud is where network, storage, and compute resources often reside these days. And yes, an external supplier manages all these applications.

The loss of direct control of such critical operations may diminish the operator’s level of control over the network performance, optimization, data, and quality of services. The operator also loses the capability to assess and alleviate security threats directly. They are forced to depend solely on contractual or service level agreements with the cloud provider. Seen in that light, cloud services pose a potential combination of risks concerning network availability, supply chain, and privacy.

The IoT Threats

This year has seen a major IoT thrust. And obviously, security threats are emerging. The industry has identified that several customer device manufacturers have little consideration for, or competency in, security. It’s not uncommon for them to hand over the accountability to secure the device to the uneducated customer without security instructions. These devices, when deployed, are also attached to the operator’s network. Attacking the network by leveraging these devices could potentially harm operators.

Most IoT threats come from attackers exploiting factory default settings or poorly configured devices. IoT devices are a desirable target. The significant volume of devices means many potential access points. The attacker can employ the same technique to attack different devices regardless of their primary function, leading to a large surface subject to attack with minimal effort. For eg., in 2016 the Mirai botnet, the mother of many modern IoT botnets, hijacked over 600,000 devices. The initial attack took down OVH hosting and DynDNS services.

Of course, in these cases, attackers don’t want to disrupt the network. They desire continued access to the network for information disclosure and that’s just as disruptive in the long run.

Human Threats

Having said all that, it’s unfortunately true that network attacks usually succeed due to human nature. Humans make mistakes; these are often taken advantage of by attackers to gain a foothold into the operator’s network. Employees may become disgruntled, leading to a desire to attack the operators. Internal human threats come in many forms, some malicious, others not.

Device Threats

Not all customers comprehend the threats their devices bring to the operator and network ecosystem. However, suppliers of the device, software (app) developers, and over the top service (OTT) providers are aware of the threat to the device. Because of the long-term nature of such customer relationships, several operators take over and address several device threats.

In April 2018, the WikiLeaks hacktivist group leaked a suite of hacking tools believed to belong to the Central Intelligence Agency (CIA). The leak exemplified to what extent nation-state level technologies are thought to be used in the fifth generation of cyber-attacks.Nokia reports that Android devices were responsible for 47.15% of the observed malware infections in 2019 and are the most targeted OS.

Why Revenue Protection Becomes a Mandate?

In this competitive world, revenue leakage is one of the most significant worries affecting telcos around the world. For operators, who are also distressed by deteriorating margins from the conventional voice business, protecting the existing revenue sources becomes crucial. Over the years, several research reports have highlighted the massive loss to the industry due to inadequate fraud protection and poor revenue assurance processes.

The critical challenge with revenue protection is the long gap between revenue leakage detection and fixing it. Considering the enormous volume of transactions produced in the present-day customer-centric world, telcos cannot afford such gaps. With the new problems brought by IP networks and the sophisticated interconnection frauds, detecting, and redressing the glitches becomes even more important.

Obviously, lessening the leakage exposure time can result in significant savings. Also, revenue protection is linked to multiple processes, including data collection, billing, settlement, and operations. Thus, coherent strategies for revenue protection can give telcos increased visibility into all aspects of subscriber data and help them to improve the Quality of Service (QoS). This could help improve the subscriber experience and drive up loyalty.

Subscriber management is a crucial element of revenue protection as it facilitates operators to handle customer attrition. The operators require to have visibility into subscriber’s usage and billing patterns. Such insights will enable them to introduce the right mix of services that enhance customer value and ARPU. Subscriber management proves crucial to remove billing errors and disputes.
Vulnerabilities exist on several levels in the telecom landscape: hardware, software, and human, and attacks can come from many directions. Telecom operators need to start considering security as a process that encompasses threat prediction, prevention, detection, response, and investigation. Intuitive revenue protection systems can further help in stemming the tide of lost revenue by making it possible for operators to view all potential revenue leakages in real-time for every process.

A comprehensive, multi-layered security solution based on the latest technology is a vital element to achieve this, but it is not sufficient on its own. The technology becomes a vital first step that must be followed by collaboration, employee education, and shared intelligence.

 

Top