Ana Tavares Lattibeaudiere, Executive Director, GlobalPlatform
The birth of IoT
The Internet of Things (IoT) has grown from a concept to become a catalyst for enterprise and industrial transformation. From our homes to our cars and our cities, IoT connectivity is transforming the very fabric of the world around us and it’s interesting to reflect on just how far we have come.
IoT devices and applications have become ingrained in our daily lives – fitness trackers, smart speakers, wireless printers, connected cars, the list goes on. When did it all start? Some claim that it was in 1982 when David Nichols, a graduate student in Carnegie Mellon University’s computer science department, developed a way to track whether the soda bottles in the department’s vending machine were cold. Others suggest 1990 as the start date, with the development of the first connected ‘thing’ by John Romkey – a toaster that could be turned on and off over the Internet.
Either way, it wasn’t until the late 1990’s and early 2000’s that we began to hear the term ‘Internet of Things’. I recall seeing ‘IoT’ for the first time in publications like the Boston Globe, and the excitement that surrounded LG’s announcement of the first internet-enabled refrigerator. IoT really exploded onto the scene in 2005 with the publication of the UN’s International Telecommunications Union (ITU) first IoT report, demonstrating global acceptance of this new technology and paving the way for manufacturers and Mobile Network Operators (MNOs) to unlock the opportunities it presented to increase productivity, overcome inefficiencies, and innovate their offerings.
Overcoming early obstacles to IoT adoption
My own journey in IoT began at GSMA in 2007 examining barriers to growth and delivering initiatives to eliminate them. In the early days, fragmentation, high total cost of ownership of connected devices, and a lack of understanding about how to deploy IoT solutions to realize the promised benefits, were significant hurdles to progress. Competition between service providers started to move beyond national borders and permanent roaming became a hotly debated topic. Fragmentation in local regulations and tax systems was another large barrier to growth. Operators struggled to justify their investment, as IoT brought a very cost sensitive business model to life that was largely based on volume rather than revenue per device.
I worked on many exciting projects during my time at GSMA, demonstrating how the IoT could be applied in real life through use cases like connected homes, automotive, healthcare, education and smart grids, and helping bring solutions to market. We successfully brought down the cost of IoT modules by typifying use cases and streamlining the number of form factors, and collaborated with global Government bodies to eliminate SIM taxes blocking the deployment of Machine-to- Machine (M2M) services.
Our IoT ambitions went further than delivering business- benefits, though. We recognized that IoT had huge potential to address economic challenges in developing markets, such as promoting inclusion and breaking down barriers to education. As part of this effort, we helped MNOs deploy solutions that offered remote learning to children who were unable to attend school, and enabled women to work remotely in countries where they could not come into the workplace.
Stimulating innovation was another priority. I remember working with healthcare experts and device makers to accelerate the development of a connected stethoscope that allowed patients and doctors remote access to healthcare specialists. At the time this was really at the cutting-edge of IoT.
Understanding new challenges to address
IoT reached a tipping point in 2010 when the number of connected devices surpassed the world’s population and has continued to grow with increasing speed ever since. As we look ahead, 5G, edge and cloud computing, big data and Artificial Intelligence (AI) are key technologies powering the next- generation of IoT applications and sensor-driven analytics. They will enable faster and more intelligent data processing, improved latency and energy efficiency and be the catalyst for a whole new wave of innovation.
Digital identity is another major trend. Although still in its relative infancy, we are starting to hear the term ‘Identity of Things (IDoT)’ more frequently, which involves assigning unique identifiers and authorization to devices and objects to communicate, share data and transact.
However, analysts and major enterprises predicted there would be 50 billion Internet of Things (IoT) devices connected by 20201, yet today the true figure stands closer to 12.2 billion2. Clearly, there are significant challenges that still need addressing.
Security threats are evolving
The inconvenient truth is that security and privacy challenges are still one of the biggest barriers to IoT adoption. We are seeing that as manufacturers race to connect and innovate, security and privacy considerations are overlooked, under- prioritized or not well understood.
This has resulted in years of high-profile hacks and breaches. I’m sure we’ve all heard of botnets like Mirai that have caused major internet problems worldwide. And hackers are always becoming more sophisticated. A good example of this is from 2017 when criminals stole 10GB of high-roller data from a Las Vegas casino by attacking a fish tank’s connected temperature sensor.
A myriad of IoT regulations and requirements
Furthermore, many of us are still not practising basic internet security rules, like setting strong passwords and performing software updates, that we need to protect our data. The smart light bulb in your living room might look innocuous, but any connected device can become a target for hackers to steal data or launch a wide-scale network attack.
As a result of growing risks and attack surfaces, international and regional regulations are tightening. For example, manufacturers are now requested to give information about the implementation of security provisions. This is also being mandated by cybersecurity regulations which are under review on a global scale. In Europe, ETSI EN 303 645 is one regulation widely referenced in IoT consumer product development. Elsewhere in the US, the Software Bill of Materials (S-BOM) is high on the agenda for industry bodies, as well as US-focused MNOs and system integrators.
What’s more, reliable connectivity is fundamental for any IoT environment but, again, challenges remain. Requirements vary wildly for different use-cases and there are multiple connectivity standards to accommodate them, some of which are proprietary and need cost-intensive gateways to allow for customization. This is creating significant hurdles to adoption, particularly in the M2M market where manufacturers need cost-effective solutions that deliver reliable connectivity without compromising security.
In fact, we are seeing that cellular connectivity and the use of M2M eSIM has yet to grow to the level of expectations that were created many years ago. From the 300 million M2M eSIM enabled devices in the market, fewer than 20% are using the eSIM to connect to data services. A key issue is that technology architectures are still very complex and involve high deployment and integration costs. Technology has evolved so quickly that many device manufacturers and service providers are still unclear about the path to deployment.
Who should be responsible for IoT security?
If the latest predictions are right, there could be 75.4 billion IoT connections by 20253. If the challenges of the past have taught us anything, though, it’s that to unlock the potential of connectivity, the user experience and underlying security and compliance must be simple and seamless.
Responsibility falls largely to device manufacturers, MNOs and cloud platform providers, yet each has their own specific needs and challenges to contend with.
- Manufacturers have to ensure a device meets a set baseline level of security when it is first deployed, it must also be possible to securely manage a solution throughout its lifecycle, updating and fixing bugs to ensure protection against evolving threats.
- MNOs want to maximize their investments in existing infrastructure and generate new sources of revenue by innovating beyond their current offerings. At the same time, they must maintain control over the security of their networks and services to protect brand, intellectual property (IP) and subscribers from attacks.
- IoT cloud platform providers need to build customized applications and services to support as many markets and devices as possible, while reducing costs. They must also ensure secure and consistent user experiences such as device onboarding, and the integrity of the data they receive and transact.
The device onboarding process can be particularly complex. To connect the dots of IoT and streamline device connectivity, the industry needs to review the entire flow – from primary keys loaded in the device to network protocols. Public key infrastructure (PKI) holds some of the answers, yet the current device enrolment process is not fully automated and doesn’t support the billions of connected devices which have no user interface, like Bluetooth earphones for example.
Supporting the mobile ecosystem to realize IoT benefits
Throughout my career I have enjoyed working collaboratively with industry stakeholders to achieve impactful results for the mobile ecosystem.
A key reason for joining GlobalPlatform as Executive Director in 2021 was the opportunity to continue this work, by addressing existing IoT barriers and being at the forefront of IoT security. For over 20 years, GlobalPlatform has supported connected industries with standardized technologies and certifications that enable innovative, secure-by-design digital services and devices to be developed. More than 62 billion GlobalPlatform- certified components are used in devices across market sectors, including government and enterprise ID, payments, smart cities, smart home, telecoms, transportation and utilities.
In recent years, GlobalPlatform has moved to support the IoT ecosystem with various initiatives including a Device Trust Architecture for accessing secure services within a device, and the IoTopia Framework4 for secure launch and management of connected devices (including the launch of a free MUD File Service5 to simplify and secure IoT device network onboarding and management).
GlobalPlatform is also supporting the Security Evaluation Standard for IoT Platforms (SESIP) methodology6. SESIP delivers a flexible and efficient security evaluation methodology that addresses the complexities of IoT security, supports a broad range of regulatory and security frameworks and is accessible to developers who are not security experts. Certification is essential to facilitate trust, confidence and collaboration between stakeholders as well as foster market stability and growth, and we are constantly evolving and expanding our schemes to keep pace with evolving requirements and technologies.
Another important area is ensuring trusted digital identities can be effectively managed across a broad range of use cases, which has become a critical priority as the number and type of connected devices expands. The European Commission recently proposed a framework for the introduction of a European Digital Identity Wallet. GSMA’s Secure Application for Mobile (SAM) is a good candidate for the technical architecture, and once again I am looking forward to working with the industry to define how these requirements can be implemented to bring together key verticals, address different use cases and overcome potential business blockers.
Some barriers will only be resolved with collective action
Competition is key to innovation. But only through collaboration can true scale and affordability be achieved. Developing standards that can accelerate the adoption of new technologies requires innovative thinking, grounded in knowledge and experience, and realized through energetic and effective industry collaboration. As Henry Ford once said “Coming together is a beginning, staying together is progress and working together is success”.
With over 20 years of experience, Ana is a well recognized leader in the Telecoms and IOT space. She has recently been appointed as Executive Director for Global Platform and is responsible for the organization’s overall strategy, marketing and business development across key vertical sectors. Prior to joining GlobalPlatform she was appointed Chief Strategy Officer for 10T Tech and started work to support many innovative companies on defining their strategy and path to success. Before that she held a few key positions at GSMA where she was responsible for global strategy, global IOT strategy and vertical engagements and most recently as EVP and Head of North America, responsible for driving global initiatives such as Networks (4G, 5G), IOT, RCS, eSIM, Identity, Spectrum and Gender Diversity. Strategy and Innovation has been at the core of all of Ana’s career having held strategy consulting positions at BCG, Deloitte Consulting and Accenture and in private banking at Merril Lynch in the area of investments in new technologies. Ana is also a proud Board member of the Global Telecom Women’s Network where she drives initiatives that promote gender diversity in Tech sectors.