Cyber security: What will consumers pay for?

More connected lives, more cyber risks

The extent to which people live their lives online today can be summed up in LocaliQ’s internet minute statistics. Nine million searches happen on Google every minute. Facebook is the world’s third most visited website with three billion monthly active users spending 38 minutes per day on the site and clicking on an average of 12 ads per month. 251 million apps are downloaded per day and more than six million people are shopping online every minute with $4,722 spent every second on Amazon.

STL Partners highlighted the growing dominance of Wi-Fi in the home in Consumer Wi-Fi: Faster, smarter and near-impossible to replace, and the operator strategies to improve Wi-Fi experience with smart Wi-Fi apps and partnerships with value add players such as Plume. Connectivity in the home has become even more important since the COVID-19 pandemic as customers took on entertainment subscriptions (TV and gaming) and added smart TVs, cameras, doorbells, lights, and speakers (with voice assistants) to their home. According to Plume, smartphones (including “guest” phones) are the most prevalent devices in the home with an average of six per household. This is followed by computers (2.6 per household), tablets (1.3), smart TVs (1.1) and set-top boxes (1).

The graphic below highlights the growth in smart home IoT devices between the first half of 2021 and 2022 with 55% more cameras, 43% more doorbells, and 25% more smart bulbs as customers invest in making their homes more comfortable and secure. The average number of connected devices across Plume’s customer base of 41 million homes has grown to 17.1 in the first half of 2022 up from 15.5 in the first half of 2021. This figure is likely higher than the average household, as those with more devices are more likely to want a premium smart home Wi-Fi management set-up but is still indicative of growth trends.

Growth in devices between H1 2021 and H1 2022

Source: Plume smarthome market report – August 2022

With 40% of EU workers switching to working from home during COVID-19, the take up of digital technology has had a permanent effect on every-day life. IoT devices and digital technologies are projected to increasingly embed themselves in various aspects of our daily lives in coming years. Estimates on the number of connected devices by 2025 have ranged from 25 billion (GSMA) to 42 billion (IDC). The increasing volume and wide range of connected devices of varying hardware and software standards increases the attack surface for malicious actors who can inflict significant emotional and financial damage on consumers, their families and their employers.complex cybersecurity threat landscape

Enter your details below to download an extract of the report

A complex cybersecurity threat landscape

Cybersecurity Ventures – a leading researcher on the global cyber economy and publisher of Cybercrime Magazine – estimates that organisations suffered a ransomware attack every 11 seconds in 2021. It has also forecast that attacks on a consumer or business will happen every two seconds by 2031. It is believed the majority of cybercrimes go underreported by victims due to embarrassment, potential reputational harm and a perception that legal authorities cannot help. Even in a gaming community, a micro payment of less than $1 for a prize or item that doesn’t appear could go unreported due to the low cost of the transaction, but can be very lucrative for cybercriminals should enough games fall victim to the trick.

Cybersecurity Ventures forecasts this rise global cybercrime to inflict damages of $10.5 trillion annually by 2025. The cybersecurity specialists highlight that, if measured as a country, cybercrime would have the third largest GDP after USA and China.

The European Union Agency for Cybersecurity, ENISA, reports on the current cyber threats facing European consumers and businesses. In its latest 2022 threat landscape report (covering July 2021 to June 2022) it identified eight prime threats shown in the graphic below. These include:

Ransomware where bad actors take control of an organisation’s or individual’s assets and demand ransom in exchange for return of the assets and confidentiality of the information. The attack could involve locking out the user, encrypting, deleting or stealing the data. The most common attack vectors are phishingemails and brute-forcing on Remote Desktop Protocol (RDP). Cybersecurity Ventures estimates ransomware will cost victims $265bn annually by 2031.

Malware is commonly defined as “software, firmware or code intended to perform a malicious unauthorised process that will have an adverse impact on the confidentiality, integrity, or availability of a system”. Malware comes in the form of virus, worm, trojan, or software code that can negatively impact a host computer or mobile device. Spyware and adwareare considered subsets in this category. This malware could allow actors to take remote control of a system, denial skimmers, or steal information or enable botnets to carry out nefarious attacks such as distributed denial of service (DDoS). According to ENISA, malware attacks are on the rise in 2022 after a decline in the previous reporting period (2020 and 2021). The decline had been linked to increased working from home during the pandemic. While the rise could be attributed to workers returning to the office, ENISA also point out that there has been simply more malware.

One of the most known malware threats is Pegasus malware a WhatsApp exploit which can affect both iPhone and Android phones and can be used to access messages, photos and emails, record calls and activate the microphone.

Most mobile malware comes from malicious applications downloaded and installed by users. In 2021 fake adblockers or adware were common for Android. These adblocking apps can look for extensive permissions when being installed from downloads on third-party app stores and online forums.

ENISA reported a rise in malware from crypto-jacking (the unauthorised use of devices to mine for cryptocurrency – further described below) and IoT malware. In the first six months of 2022, the malware attack volume on IoT was higher than had been recorded over the previous four years with Mirai botnets responsible for most (seven million) attacks. ENISA reported in 2021 and 2022 the most common IoT targets were networking devices such as Netgear (DGN), D-Link339 (HNAP), and Dasan (GPON).

In 2021 Flubot (a banking Trojan delivered via fake SMS messages claiming to be from banks or government organisations) was a prevalent form of phone malware, and) lured many Android phone customers into downloading nefarious applications.

ENISA Threat Landscape 2022 – prime threats

Source: ENISA Threat Landscape report 2022

Social engineering attacks target weaknesses in human behaviour, where false actors exploit an individual’s trust in communication and in their online habits. These attacks consistently rank high according to ENISA. The most common threat vectors for social engineering attacks include phishing, spear-phishing (targeting specific individuals/businesses), whaling(attacking individuals in high positions such as executives and politicians), smishing (a combination of SMS and phishing), vishing (a combination of phishing on a voice call where sensitive information is given over the phone), business e-mail compromise (BEC) and spam. ENISA reported phishing was the most common vector for initial access in 2022. This rise was attributed to more advanced and sophisticated phishing practices, fatigue among users as well as more targeted and context-based phishing practices.

- E-mail may be used by bad actors to carry out man-in-the-middle-attacks effectively using software to eavesdrop on users by using an innocent link to accessing e-mail and intercept messages between two people in order to steal data. A man-in-the-middle-attack could also take place over an unsecured Wi-Fi network where the attacker intercepts data transmitted from a user’s device over the network.

Threats against data refer to data breaches or leaks of sensitive, confidential, or protected information to bad actors / hackers and occur due to cyberattack, insider job, unintentional loss, or exposure of data. This includes data theft or identity theft where personal identifiable information (PII) is stolen and used to impersonate an individual. It also usually results in hack attempts on personal online accounts as well as spam e-mail, spam calls and SMS. Customers can check if their personal data has been exposed on the dark web due to a breach using the free online service Have I Been Pwned. Similar resources are also offered by consumer cyber safety players.

Threats against availability occur when users of a system or service cannot access the relevant datafrom that service or system. This is often commonly achieved through Distributed denial-of-service DdoS attacks which prevent users from accessing a website or system by overloading the website or network with requests resulting in decreased service performance, loss of data and outages. The attack has been in use for over 20 years now with many criminals using it to extort ransoms on organisations. It is also increasingly being used as part of a state-sponsored attack. ENISA highlighted that traditional DdoS attacks are increasingly moving towards mobile networks and IoT where such (IoT) devices have limited resources and poor security protection. Threats against the availability of the internet was cited in the context of the Russian invasion of Ukraine where access to the internet and websites have been curtailed in certain captured cities where internet infrastructure has been captured leading to re-routing internet traffic over Russian networks, censoring of (western) websites and shutting down of Ukrainian mobile networks.

Disinformation – includes creation and sharing of false information, usually by social media. In recent years there are number of websites and digital platforms that present false or erroneous information for their particular agenda and these sites are generally spurred through sharing of information through social media channels. ENISA pointed to the war between Russia and Ukraine as one example of current disinformation to target people’s perception of the status of the war. Wrong and purposely falsified information can often be mistakenly shared. This is where the definitions of misinformation and disinformation come in. Misinformation is the unintentional sharing or reporting of inaccurate information in good faith. Disinformation is an intentional attack where false or misleading information is intentionally created and shared.

Supply-chain attacks refers to the targeting of individuals, groups of individuals or organisations hardware and software resources including cloud storage, web applications, online stores and management software. The supply chain attack is usually a combination of at least two attacks; the first on the supplier to access their assets and from there access the suppliers’ own network of customers and suppliers. The most recent high-profile attack was Solar Winds in 2020.

- Cryptojacking or hidden crypto-mining occurs when a hacker secretly uses a victim’s computing power to generate cryptocurrency after the victim mistakenly and unwittingly downloads malicious software. Cryptocurrency is popular due to its ability to offer anonymity and its use as payment in ransomware attacks. Crypto-crime – i.e. crimes involving cryptocurrencies – is predicted to cost the global economy $30bn in 2025 according to Cybersecurity Ventures, while Chainalysis estimated crypto-scams (i.e. rug pulls on fake crypto projects) generated revenue of more than $7.7bn in 2021 and is one of the largest types of cryptocurrency-based scams.

Attacks affecting customers identity, privacy, financial and emotional wellbeing

Threats such as ransomware, malware, phishing, man-in-the-middle and social engineering have given rise to fears of identity theft and financial losses as a result of hacked bank accounts, e-mail, and social media accounts. In the US for example, the Identity Theft Resource Center (ITRC) reported a sharp rise (1,000% in a year) in social media account take overs with criminals using stolen information not only to take over existing bank accounts but to set up new bank and credit accounts using information stolen in data breaches and phishing attacks. In a snap survey of 97 people who contacted the IRTC over a social media account take over, 66% reported strong emotional reactions to losing access to their social media account.

Snap Survey of social media account takeover victims in 2021

Source: Identity Theft Resource Centre

Executive Summary
- The threat landscape in an increasingly connected life
- How to build successful cyber security services
- A digital life security opportunity
More connected lives, more cyber risks
- A complex cybersecurity threat landscape
- Are consumers willing to pay for cybersecurity?
Operator cybersecurity propositions
- Vodafone’s Secure Net
- Telia Security package
- Telefónica – Secure Connection
- NOS Portugal
- MEO Portugal
- Safe Net
- Deutsche Telekom
- AT&T USA
- Comcast
- MTS Russia
- SmarTone Hong Kong
- A1 Austria
Conclusions

Related research

The changing consumer landscape: Telco strategies for success

Enter your details below to download an extract of the report

MWC 2022: Sensing the winds of change

What did STL’s analysts find at MWC 2022?

This report is a collection of our analyst’s views of what they saw at the 2022 Mobile World Congress (MWC 2022). It comprises our analysts’ perspectives on its major themes:

How the industry is changing overall
The impact of the metaverse
New enterprise and consumer propositions
Progress towards telco cloud
Application of AI, automation and analytics (A3)

We would like to thank our partners at the GSMA for a good job done well. The GSMA say that there were 60,000 attendees this year, which is down from the 80-100k of 2019 but more than credible given the ongoing COVID-19 situation. It was nonetheless a vibrant and valuable event, and a great opportunity to see many wonderful people again face to face, and indeed, meet some great new ones.

Enter your details below to request an extract of the report

MWC 2022 in context of its time

It is impossible to write about MWC 2022 without putting it context of its time. It has taken place three days after the Russian invasion of Ukraine started on February 24^th, 2022.

Speakers made numerous direct and indirect mentions of the war, and it was clear that a sense of sadness was felt by everyone we spoke to. This slightly offset the enthusiasm and warmth that we and many others felt on being back together in person, with our clients and the industry.

Broad support for the Ukraine was visible among many delegates and there was no Russian delegation. While totally appropriate, the Fira was a little poorer for that as one of the joys of MWC is its truly global embodiment of a vibrant industry.

We all hope for a speedy and peaceful resolution to that situation, and to see our Russian and Ukrainian colleagues again in peace soon. Sadly, as we write from and just after Barcelona, bombs and shells are falling on civilians on the same continent and the route to peace is not yet evident.

As this new and shocking war has come in Europe while COVID is still in a pandemic phase it is a reminder that change and challenge never ends. The telecoms industry responded well to COVID, and now it must again for this and all the challenges it will face in the future, which include further geopolitical risks and shocks and many more opportunities too.

The biggest opportunity for telecoms, and telcos in particular, is to build on the momentum of change rather than rest on its laurels. The threat is that it will settle for a low risk but ultimately lower value path of sticking to the same old same. We look at the evidence for telcos successfully changing their mindset in New enterprise business: Opening, if not yet changed mindsets.

Connecting technologies

This is my 11^th MWC. I came looking for what’s changed and what it means. This is what I found. Andrew Collinson, Managing Director, STL Partners Research.

Cross-dressing and role play

Trying to leave the war at the door, what else did we find at the Fira? One of the mind-bending tasks of walking through the cacophony of sights and sounds of a huge industry ecosystem on display is trying to make sense of what is going on. Who is here, and what are they trying to tell me?

First impressions count. The simple things about how companies present themselves initially mean a great deal. They often show the identity they are trying to project – who or what they are trying to be seen as more than all the detail put together. The first impression I got at MWC 2022 was that almost everyone was trying to dress like someone else.

Microsoft showed photos of cell towers on its stand while all the telco CEOs talked about the “new tech order” and becoming techcos. McKinsey talked about its ‘old friends’ in the telecoms industry and talked about sustainability on its hard-edged stand, while AWS had an advert on the frontage of the Fira and a stand in the “Four Years from Now” zone.

We’re all telcos / techcos now

Source: STL Partners, AWS, Microsoft, McKinsey

It’s all about “connecting technologies”

Regular readers of STL’s material will have heard of the Coordination Age: our concept that there is a universal need for better use of resources which will be met in part by the application of connecting technologies (e.g. fibre, mobile, 5G, AI, automation, etc.).

Once upon a time, it was simply people that needed to be connected to each other. Now a huge variety of stuff needs connecting: e.g., devices, computer applications, business processes, business assets and people.

A big question in all this is whether operators have really understood how outdated their traditional operator centric view of the world has become as the industry has changed. Sure, new telecoms networks still need to be built and extended. But it isn’t just operators using licensed technologies that can do this anymore, and the value has increasingly moved to the players that can make all the stuff work: systems integrators and other technology and software players. We’ll cover operators’ mindsets more in the section titled New enterprise business: Opening, if not yet changed mindsets.

Private matters

Private networks was also a big area of focus at MWC 2022, and understandably so too as there is a lot of interest in the concept in various sectors, especially in ports and airports, mining, and manufacturing. Much of the interest for this comes from the hype around 5G which has attracted other industries to look at the technology. However, while there are some interesting developments in practice (for example Huawei and others at Shenzen port in China), many of the applications are at least as well served, and in some cases, better served by other connectivity technologies, e.g. Wi-Fi, wired connections, narrow-band IoT, and 3G / 4G, edge computing and combinations thereof. So 5G is far from the only horse in the race, and we will be looking closely at the boundary conditions and successful use cases for Private 5G in our future research.

Would you pay for “unexpected benefits”?

One great stumbling block for telcos and other business used to traditional business thinking has been “how do you make a business case for new technology?”

The classic telecoms route is to dig around for a cost-saving and revenue enhancement case and then try to bend the CFO’s ear until they give you some money to do your thing. This is fair enough, to a point.

The challenge is, what do you do when you don’t know what you are going to find and/or you can’t prove it? Or worse still, you can only prove it after everybody else in the market has proven it for you and you are then at a competitive disadvantage.

One story I saw and see elsewhere repeated endlessly is that of “unexpected benefits”. This was a phrase that Alison Kirkby, CEO Telia, used to describe what happened when the value of its population movement data was recognised by the Swedish Government during the COVID crisis. It had pulled together the data for one set of reasons, and suddenly this very compelling use came to light.

Another I heard from Qualcomm, which told of putting IoT driven shelf price signs in retail. Originally it was developed to help rapid repricing for consumers in store, then COVID struck a few weeks after installation. This meant people switched to online shopping and the stores were then mainly used by pickers assembling orders for delivery. The retailer found that by using the signs to help the pickers assemble their loads faster they could make the process about a third more productive. That’s a lot in retail.

This is the reality of transformational business models and technologies. It is incredibly hard to foresee what is really going to work, and how. Even after some time with a new way of working new uses continue to emerge. That’s not to say that you can’t narrow it down a bit – and this is something we spend a lot of our time working on. However, a new thing I will be asking our analysts to help figure out is “how can you tell when and where there are likely to be unexpected benefits?”

Executive Summary
Introduction
- MWC 2022 in context of its time
MWC 2022: Connecting technologies
- Cross-dressing and role play
- Would you pay for “unexpected benefits”?
- Getting physical, getting heavy
- Glasses are sexy (again)
- Europe enviously eyes eastwards
New enterprise business: Opening, if not yet changed mindsets
- Customer centricity: Starting to emerge
- Becoming better partners: Talking the talk
- New business models: Not quite there
The Metaverse: Does it really matter?
- Can the Metaverse be trusted?
- Exploding supply, uncertain quality
- The non-fungible flexibility paradox
- A coordinating role for telcos?
- Don’t write it off, give it a go
Consumers: XR, sustainability and smarthome
- Operators: Aiming for smart and sustainable
- Vendors and techcos: Would you like AI with that?
- More Metaverse, VR and AR
- Other interesting finds: Commerce, identity, video
Telco Cloud: The painful gap between theory and practice
- Brownfield operators are still on their virtualisation journey
- Greenfield operators: Cloud native and automated from day one
- Telcos on public could: Shall I, shant I?
AI and automation: Becoming adaptive
- Looking out for good A3 use cases / case studies
- Evidence of a maturing market?
- Welcome signs of progress towards the Coordination Age

Enter your details below to request an extract of the report

36 blockchain applications: What’s next?

Why is blockchain important?

Blockchain applications are valuable because they decentralise control. This offers a new way to reduce friction and speed up adoption of solutions that require collaboration between various players, but where no one wants to cede control to a single entity.

Collaborative ecosystems are only going to become more important in the Coordination Age, so mastery of blockchain technology can enable telcos to successfully address their customers’ changing needs.

But telcos are still figuring out what to use blockchain for

Based on an interview programme with telcos and technology partners, our research shows that one of the key barriers to adoption is finding valid use cases that are worth taking beyond the PoC stage.

Part of the challenge of knowing which applications are most worthwhile is that there are few large scale, real-world implementations of blockchain. This means that its key value proposition – that it can ease collaboration by removing the need for a centrally controlling authority, instead distributing power across all participants within an ecosystem – still needs to be proven.

Without many successful examples of blockchain-supported applications, it is difficult to know which ones are likely to succeed in telecoms. Telcos are therefore unsure of where to focus their time and investments.In practice, applications that leverage blockchain’s ability to broker trust through transparency and decentralisation are still at an early stage of development.

In the first report in this series, Moving beyond the lab: How to make blockchain pay we looked at eight of the most promising applications in telecoms in detail.

In this report, we look at a broader range of applications where blockchain is being tested to see if it can deliver better results than other technologies.

We explore 36 use cases across six categories, based on key blockchain capabilities:

Tracking / registry: Recording information and data in an immutable and transparent way, whereby no party has asymmetric power over the data
Data access / transfer: Enabling ease of transferring data between multiple parties
Identity /authentication: Managing identities and permissions for authentication or verification
Transactions: Enabling (real-time) payments and transactions
Settlements: Revenue settlement by recording movement of goods/revenues or use of services/assets
Token exchange: Virtual currency/tokens with intrinsic value traded between multiple parties

Key takeaways

Tracking / registry and data access / authentication are the two biggest categories in terms of use cases, reflecting the relative maturity of blockchain technology in addressing these pain points.
While enterprises are prepared to rely on the distributed ledger and shared consensus mechanisms of blockchain technology to support business processes, the regulatory and reputational risks of using cryptocurrency or tokens to exchange real-world value are still too high.
Therefore, there are fewer emerging use cases around transactions, token exchange, and to some degree settlements, and they will likely take longer to develop into viable commercial solutions.
Identity / authentication is one of the most technologically advanced application areas where blockchain is enabling enterprises to develop truly novel solutions for consumers, IoT, and to ease commercial partnerships. However, the business model is still untested at scale and/or not directly related to telcos’ core operations, so these applications can be difficult to justify as priority investment areas.

Overview of 36 telecoms blockchain applications

For each of these use cases, this report covers:

The current problem or pain point
How blockchain can help solve the problem
Which of the following blockchain characteristics are most relevant to the use case
- Security: Decentralisation makes tampering with records or DDOS attacks extremely difficult
- Cost efficiency: Shared ledgers can disintermediate middlemen
- Traceability: Immutable, transparent record
- Business process speed: Automation through smart contracts
- Token value: Holding real-world value in digital assets, such as loyalty points
- Neutral and equal: Shared ownership through consensus mechanisms
- Confidentiality: Blockchain can enable collaboration without having to publicise sensitive information (particularly in a consortium/private application)
Type of blockchain most suited to the use case (public, permissioned public, or permissioned private)
The business drivers for telcos, such as:
- Increase existing revenues
- Decrease costs
- New revenues: market disruption
- New revenues: new market
- Compliance / regulation
- Customer experience
Real world examples in development or production
Potential challenges or barriers to adoption

Blockchain for telcos: Where is the money?

If you don’t subscribe to our research yet, you can download the free report as part of our sample report series.

Introduction

Looking at existing players in the industry, there are two business approaches to blockchain.

Blockchain to make money

Blockchain to save money or do something new

In this report, we look at how these business models apply for telcos seeking to participate in blockchain ecosystems for digital identity and IoT.

We will also present this report in a webinar on Tuesday, June 19th – register here

Contents:

Overview of existing blockchain business models
Telco monetisation models in:
Digital identity
IoT
Conclusion & recommendations

Blockchain: What’s in it for telcos?

To view the webinar click here, or download the slides under Additional files.

Introduction: What is blockchain?

Bitcoin beginnings

Blockchain was first created as the technology that powers the Bitcoin cryptocurrency. The aim of Bitcoin is to transfer value between remote parties securely and anonymously, without a traditional ‘trusted’ intermediator like a bank. The creator of Bitcoin’s aim was to circumvent the traditional financial services sector – central banks, commercial banks and governments – in order to protect privacy and prevent currency manipulation (e.g. through interest rates or printing money).

However, without a bank to broker trust between two parties, users needed new means of guaranteeing that party A will deliver ‘x’ amount of money to party B in exchange for ‘y’ services. Blockchains overcome this lack of trust by distributing a ledger containing the entire history of all transactions across thousands of end-points globally.

Figure 1: How the Bitcoin blockchain works

Source: Financial Times, via Reuters

By relying on a transparent record of all historical transactions to authenticate each user’s actions, where transactions are executed by a large, distributed and disinterested network of computers (nodes), users cannot renege on agreements, conceal past transactions for fraudulent purposes, and can depend on constant uptime. Thus, blockchain’s decentralised system offers two important advantages over centralised databases:

Establishing trust through immutability: The shared ledger prevents anyone from tampering with historical records. Any change to a historical record will affect how all following transactions are logged in the blockchain (i.e. the corresponding hashes), and is thus highly conspicuous. Also, because the system is decentralised, it is impossible to change all stored copies of the blockchain.
Resilience: The blockchain can ensure constant up-time because it doesn’t rely on any individual computer, but a network of thousands of computers.

On its own, a distributed ledger is a good way to prevent anyone from tampering with a historical record, but part of the revolution of blockchain is its combination of distributed ledgers with other technologies that help increase security and privacy, and which have protected Bitcoin from any significant manipulation since its inception. (Notorious attacks in the Bitcoin ecosystem have compromised the exchanges that trade Bitcoin for real-world currency, rather than the actual cryptocurrency.) Below we outline three of the main technologies underpinning blockchain:

Asymmetric cryptography: Each user has a public and private key, which is unique to them and impossible to alter or forge. The public key is visible and searchable to anyone and is linked to the private key. The private key is confidential to the user, and allows them to decrypt information sent to the public key. This means that the specific contents of a transaction can remain private, while the fact that it occurred is public. This is a widely-used technology, for example in end-to-end encryption of WhatsApp messages.

Hash functions: This is a technology that compresses larger pieces of data into a much, smaller unique numerical code called a hash value or a hash code. If any part of the data contained within a hash code is changed, then so will the hash code. Hash codes can also be programmed with asymmetric cryptography, so that they can only be decrypted by specific private keys. So, hash codes are useful for spotting any attempts to tamper with data and for keeping information, such as the details of a transaction between two parties over a blockchain, private. In a blockchain, each new block has a hash value, which is linked to all the previous blocks in the chain.

Proof of Work: In the Bitcoin blockchain, before a new block of transactions can be added to the chain, a computer must work out a hash value to identify it by. Proof of Work is the mathematical process used to determine possible hash values for new blocks of transactions. Essentially, it is a system that sets very strict conditions that every new hash value must meet. This means that the probability of finding a suitable hash value is very low, making it a time and energy intensive process, i.e. requiring a lot of computing power. It is also a random process, so the likelihood of discovering a suitable hash code to process a new block of transactions is evenly distributed across all participating nodes. When a node discovers an acceptable hash code, it can then create a new block and add it to the chain. In exchange for this ‘work’, the node receives newly created Bitcoin. This system makes it impossible to manipulate the Bitcoin cryptocurrency, and acts as an incentive for organisations to provide the computing power to add new transactions to the blockchain.

Throughout this report, we will discuss how these technologies have evolved as blockchain technology has matured, and their practical application within specific use-cases.

Contents:

Executive Summary
What is blockchain?
Why is blockchain important for telcos?
What are the pros and cons of blockchain?
What should telcos do about blockchain?
Introduction: What is blockchain?
Bitcoin beginnings
Moving beyond Bitcoin and cryptocurrencies
Blockchain is experiencing some growing pains…
…But the benefits outweigh the risks
Telco investments in blockchain
The why and how of blockchain
Understanding when blockchain is the appropriate technology
How will blockchain ecosystems develop?
How can blockchain help telcos?
Financial transactions between opcos
Identity management
Roaming and settlement
IoT
Conclusion
Recommendations for telcos
STL Partners and Telco 2.0: Change the Game

Figures:

Figure 1: How the Bitcoin blockchain works
Figure 2: How smart contracts work
Figure 3: Public vs permissioned blockchains
Figure 4: Blockchain’s strengths and weaknesses
Figure 5: Comparing blockchain with TCP/IP evolution
Figure 6: Blockchain applications for telcos
Figure 7: Blockchain technology for settling commercial transactions between opcos
Figure 8: How blockchain enabled cross-border mobile money transaction settlement works
Figure 9: Blockchain for identity management
Figure 10: Using blockchain to validate ID attributes
Figure 11: Blockchain for managing roaming agreements and settlement
Figure 12: How blockchain-enabled subscriber authentication works
Figure 13: Managing WiFi roaming with blockchain
Figure 14: Blockchain applications in the IoT
Figure 15: Tracking IoT devices from inception to ensure data integrity
Figure 16: IBM predicts a shift to distributed IoT networks

Digital Health: How Can Telcos Compete with Google, Apple and Microsoft?

Introduction

With the ever-increasing amount of data collected by smartphones, fitness monitors and smart watches, telcos and other digital players are exploring opportunities to create value from consumers’ ability to capture data on many aspects of their own health and physical activity. Connected devices leverage inbuilt sensors and associated apps to collect data about users’ activities, location and habits.

New health-focused platforms are emerging that use the data collected by sensors to advise individual users on how to improve their health (e.g. a reminder to stand up every 60 minutes), while enhancing their ability to share data meaningfully with healthcare providers, whether in-person or remotely. This market has thus far been led by the major Internet and device players, but telecoms operators may be able to act as distributors, enablers/integrators, and, in some cases, even providers of consumer health and wellness apps (e.g., Telefonica’s Saluspot).

High level drivers for the market

At a macro level, there are a number of factors driving digital healthcare. These include:

Population ageing – The number of people globally who are aged over 65 is expected to triple over the next 30 years , and this will create unprecedented demand for healthcare.
Rising costs of healthcare provision globally – Serving an aging population, the increase globally in lifestyle and chronic diseases, and rising underlying costs, is pushing up healthcare spending – while at the same time, due to economic pressures there are more limited funds available to pay for this.
Limited supply of trained clinicians – Policy issues and changes in job and lifestyle preferences are limiting both educational capacity and ability to recruit and retain appropriately trained healthcare staff in most markets.
Shift in funding policy – In many countries, funding for healthcare is shifting away from being based on reimbursement-for-events (e.g., a practice or hospital is paid for every patient visit, for each patient they register, for each vaccination administered), to a greater emphasis on ‘value-based care’ – reimbursement based on successful patient health outcomes.
Increased focus on prevention in healthcare provision – in some cases funding is starting to be provided for preventative population health measures, such as weight-loss or quit-smoking programmes.
Development of personalised medicine – Personalised medicine is beginning to gain significant attention. It involves the delivery of more effective personalised treatments (and potentially drugs) based on an individual’s specific genomic characteristics, supported by advances in genotyping and analytics, and by ongoing analysis of individual and population health data.
Consumerisation of healthcare – There is a general trend for patients – or rather, consumers – to take more responsibility for their own health and their own healthcare, and to demand always-on access both to healthcare and to their own health information, at a level of engagement they choose.

The macro trends above are unlikely to disappear or diminish in the short-to-medium term; and providers, policymakers and payers are struggling to cope as healthcare systems increasingly fall short of both targets and patients’ expectations.

Digital healthcare will play a key role in addressing the challenges these trends present. It promises better use and sharing of data, of analytics offering deep insight on health trends for individuals and across the wider population, and of the potential for greater convenience, efficacy and reach of healthcare provisioning.

While many (if not most) of the opportunities around digital health will centre on advances in healthcare providers’ ICT systems, there is significant interest in how consumer wellness and fitness apps and devices will contribute to the digital health ecosystem. Consumer digital health and wellness is particularly relevant to two of the trends above: consumerisation of healthcare, and the shift to prevention as a focus of both healthcare providers and payers.

Fitness trackers and smartwatches, and the associated apps for these devices, as well as wellness and fitness apps for smartphone users, could open up new revenue streams for some service providers, as well as a vast amount of personal data that could feed into both medical records and analytics initiatives. The increasing use of online resources by consumers for both health information and consultation, as well as cloud-based storage of and access to their own health data, also creates opportunities to make more timely and effective healthcare interventions. For telcos, the question is where and how they can play effectively in this market.

Market Trends and Overview

The digital healthcare market is both very large and very diverse. Digital technologies can be applied in many different segments of the healthcare market (see figure below), both to improve efficiency and enable the development of new services, such as automated monitoring of chronic conditions.

The different segments of the digital healthcare market

Source: STL Partners based on categories identified by Venture Scanner

The various segments in Figure 1 are defined as below:

Wellness

Mobile fitness and health apps enable consumers to monitor how much exercise they are doing, how much sleep they are getting, their diet and other aspects of their lifestyle.
Wearable devices, such as smart watches and fitness bands, are equipped with sensors that collect the data used by fitness and health apps.
Electronic health records are a digital record of data and information about an individual’s health, typically collating clinical data from multiple sources and healthcare providers.

Information

Services search are digital portals and directories that help individuals find out healthcare information and identify potential service providers.
Online health sites and communities provide consumers with information and discussion forums.
Healthcare marketing refers to digital activities by healthcare providers to attract people to use their services.

Interactions

Payments and insurance – digital apps and services that enable consumers to pay for healthcare or insurance.
Patient engagement refers to digital mechanisms, such as apps, through which healthcare providers can interact with the individuals using their services.
Doctor networks are online services that enable clinicians to interact with each other and exchange information and advice.

Research

Population health management refers to the use of digital tools by clinicians to capture data about groups of patients or individuals that can then be used to inform treatment.
Genomics: An individual’s genetic code can be collated in a digital form so it can be used to understand their likely susceptibility specific conditions and treatments.
Medical big data involves capturing and analysing large volumes of data from multiple sources to help identify patterns in the progression of specific illnesses and the effectiveness of particular treatment combinations.

In-hospital care

Electronic medical records: A digital version of a hospital or clinic’s records of a specific patient. Unlike electronic health records, electronic medical records aren’t designed to be portable across different healthcare providers.
Clinical admin: The use of digital technologies to improve the efficiency of healthcare facilities.
Robotics: The use of digital machines to perform specific healthcare tasks, such as transporting medicines or spoon-feeding a patient.

In-home care

Digital medical devices: All kinds of medical devices, from thermometers to stethoscopes to glucosometers to sophisticated MRI and medical imaging equipment, are increasingly able to capture and transfer data in a digital form.
Remote monitoring involves the use of connected sensors to regularly capture and transmit information on a patient’s health. Such tools can be used to help monitor the condition of people with chronic diseases, such as diabetes.
Telehealth refers to patient-clinician consultations via a telephone, chat or video call.

The wellness opportunity

This report focuses primarily primarily on the ‘wellness’ segment (highlighted in the figure below), which is experiencing major disruption as a result of devices, apps and services being launched by Apple, Google and Microsoft, but it also touches on some of these players’ activities in other segments.

This report focuses on wellness, which is undergoing major disruption

Source: STL Partners based on categories identified by Venture Scanner

Executive summary
Introduction
High level drivers for the market
Market Trends and Overview
Market size and trends: smartwatches will overtake fitness brands
Health app usage has doubled in two years in the U.S.
Are consumers really interested in the ‘quantified self’?
Barriers and constraining factors for consumer digital health
Disruption in Consumer Digital Wellness
Case studies: Google, Apple and Microsoft
Google: leveraging Android and analytics capabilities
Apple: more than the Watch…
Microsoft: an innovative but schizophrenic approach
Telco Opportunities in Consumer Health
Recommendations for telcos

Figure 1: The different segments of the digital healthcare market
Figure 2: This report focuses on wellness, which is undergoing major disruption
Figure 3: Consumer digital health and wellness: leading products and services, 2016
Figure 4: Wearable Shipments by Type of Device, 2015-2020
Figure 5: Wearable OS Worldwide Market Share, 2015 and 2019
Figure 6: Take-up of different types of health apps in the U.S. market (2016)
Figure 7: % of health wearable and app users willing to share data US market (2016)
Figure 8: Elements of the ‘quantified self’, as envisioned by Orange
Figure 9: Less than two-third of US wearable buyers wear their acquisition long-term
Figure 10: Google Consumer Health and Fitness Initiatives
Figure 11: Snapshot of Google Fit User Interface, 2016
Figure 12: Google/Alphabet’s areas of focus in the digital healthcare market
Figure 13: Apple’s Key Digital Health and Wellness Initiatives
Figure 14: Apple Health app interface and dashboard
Figure 15: Apple’s ResearchKit-based EpiWatch App
Figure 16: Apple’s current areas of focus in the digital healthcare market
Figure 17: Microsoft Consumer Fitness/Wellness Device Initiatives
Figure 18: Microsoft Health can integrate data from a range of fitness trackers
Figure 19: Microsoft Consumer Fitness/Wellness Applications and Services
Figure 20: The MDLive Telehealth Proposition, August 2016
Figure 21: Microsoft’s areas of focus in the digital healthcare market
Figure 22: Telefónica’s Saluspot: Interactive online doctor consultations on-demand

Mobile Authentication: Telcos’ Key to the Digital World?

Introduction: The Authentication Arms Race

Authentication: Ubiquitous, but increasingly complex

Authentication is the process of verifying a claim by (or for) an entity to an attribute, identity or unique identifier: it confirms that ‘you are what you claim to be’. The entity might be a human or machine, for example, and a peer in a transaction or the source of some data. This verification is achieved by presenting credential(s) (or ‘authentication information’) that corroborate the claim(s) of the entity.

Clearly, authentication is not a new issue: for thousands of years, societies have learned to cooperate and establish trust in non-digital environments. When an individual presents a credit card (the ‘credential’) for payment in a shop and, in some cases, enters a secret PIN code or signs a receipt (another credential), they are attempting to authenticate their claim that the bank account associated with the card is theirs to use (the ‘attribute’). When a letter is received with a difficult-to-replicate wax seal, this is an attempt to authenticate the origin of the letter. When two members of a secretive group meet for the first time, knowledge of a secret handshake can mutually authenticate their membership of the group.

Nor is it a new issue for STL Partners, either: we began our coverage of authentication, and the broader identity and personal data markets, in 2008 and have regularly provided market-leading research (e.g. Customer Data 2.0: Telcos Must Vie for a slice of the $Multi-Billion ‘PIE’; Personal Data: how to make it a viable, customer-centred industry) and advisory services since then.

What is new, however, is the growing digitisation of our everyday lives. This has driven new contexts for authentication (e.g. logging in to email accounts), new and sometimes more sophisticated methods of authentication (e.g. SMS one-time passwords, public key encryption), and created entire industries (e.g. Digital Certification). An example which covers all three of these areas is SSL (Secure Sockets Layer), the technology which establishes secure ‘HTTPS’ connections between servers and browsers using a sophisticated mechanism called ‘public key cryptography’, which we return to later.

Figure 1: Mutual SSL Authentication Handshake Message Flow

Source: CodeProject

As we discussed in the recent Executive Briefing ‘Authentication Mechanisms: The Digital Arms Race’, another consequence has been the entrance to the ecosystem of companies not traditionally associated with this space, especially Facebook and Google. Among their many activities in this space is the provision of ‘federated’ authentication and identity services to third-party websites, which essentially allows their users to login and register using their existing social network credentials. Although usage metrics for these services are not publicly available, anecdotal evidence suggests they are both widely and frequently used. There are clear benefits to each party from using one of these services, such as users needing to remember fewer passwords; online service providers being able to outsource their credential management systems; and Facebook/Google/Twitter collecting more behavioural data for advertising; but, as we will see, there are also clear drawbacks, notably around reach and privacy.

Such user (consumer, citizen or employee) authentication services to remote, digital environments for third-parties (enterprises or governments) are the focus of this report.

Figure 2: The Internet players are providing authentication services to third-parties

Source: Adweek

Some MNOs are already active in authentication services

Authentication is not a new activity area for mobile operators, either. Most fundamentally, one of the two core purposes of the SIM cards that MNOs issue and manage is precisely that (as well as storage):

Identity: The SIM contains, among others, a unique reference number (the international mobile subscriber identity, or ‘IMSI’) that identifies the SIM and the relevant subscription. The MNO recognises the reference number and ensures costs and usage are allocated against it correctly.
Authentication: To provide assurance that the identity claim is valid, the MNO uses a security mechanism to grant access to the network. This is done by issuing a ‘challenge’ which only a particular SIM card can answer correctly using a unique 128-bit ‘Ki’ key associated with its identity. The specific mechanism is known as ‘symmetric key cryptography’.

Beyond authentication for their own use, MNOs have also been developing commercial propositions around user authentication services. In some cases, their role has been strictly limited to enabling the authentication process, such as the UK MNOs’ support of ValidSoft’s fraud prevention service for financial services. In other cases, MNOs have been providing complete mobile authentication services themselves. Some of these have achieved impressive traction and results (e.g. Swisscom’s Mobile ID, KDDI’s au ID), whilst others have struggled, and there are important lessons here.

Figure 3: Map of MNO mobile authentication services, 2014 (incl. examples)

Source: GSMA, STL Partners

Back in May 2014, the GSMA recognised the shaded countries in Figure 3 as having active mobile authentication services, although some of these offer more than ‘pure’ authentication (e.g. extending towards identity) whilst others have the MNO acting as more of an enabler. Example operators (or service logos where available) are overlaid on the map.

Perhaps the most significant recent development in this space was the GSMA’s announcement of the collaborative ‘Mobile Connect’ initiative in February 2014. Mobile Connect aims to facilitate industry-wide collaboration between MNOs so that they can offer privacy-centric authentication, identity and attribute services to relying parties with single technical and commercial interfaces, thereby maximising their reach (3.9 billion unique mobile subscribers) and therefore the attractiveness of these services to relying parties.

Following successful trials and development of the authentication proposition with a lead group of operators during 2014, Mobile Connect is now beginning to go live: March 2015 saw the official launch of Mobile Connect by 17 operators in 13 countries, with others committed to launch during the remainder of 2015 and 2016. The launch proposition is pure authentication, and leverages operator assets (e.g. the SIM card) to allow the use of mobile phones as authentication devices independently of the service provided and independently of the device used to consume the service.

So, what are the opportunities for MNOs in authentication?

Whilst MNOs also have other strengths around privacy, customer support capabilities, and more, they have several weaknesses, and the business case for mobile authentication services is not yet clear to most. To clarify the situation, this report covers the following:

Key Concepts: The basics of authentication, identity and attributes
The Need: The practical advantages of mobile authentication mechanisms
The Vision: Short-term, ‘tactical’ opportunities in premium authentication; long-term, ‘strategic’ opportunities for the industry
SWOT: MNO’s strengths, weaknesses, opportunities, and threats in authentication
Case Studies: (Swisscom) Mobile ID, GSMA Mobile Connect
Conclusions and Next Steps

The report concludes that now is indeed the time for MNOs to strongly and collectively embrace authentication services. MNOs can be successful in authentication and have an opportunity to directly and indirectly monetise it across three key areas, but this opportunity will not last and there will be few more like it.

Executive Summary
Introduction: The Authentication Arms Race
Authentication: Ubiquitous, but increasingly complex
Some MNOs are already active in authentication services
So, what are the opportunities for MNOs in authentication?
Key Concepts in Authentication and Identity
Authentication, Credentials and Authorisation
Attributes, Identity and Identifiers
X-Party Authentication and the ‘Digital Identity Ecosystem’
The Need for Mobile Authentication Services
The need for more convenient & secure digital authentication
The advantages of SIM-based, mobile authentication
The Vision: Authentication is the First Step
Context: MNO Authentication Services SWOT
(Swisscom) Mobile ID: Success in ‘premium’ authentication
GSMA Mobile Connect: Free, ubiquitous authentication?
Looking Beyond Authentication: Monetising attributes
STL Partners and Telco 2.0: Change the Game

Figure 1: Mutual SSL Authentication Handshake Message Flow
Figure 2: The Internet players are providing authentication services to third-parties
Figure 3: Map of MNO mobile authentication services, 2014 (incl. examples)
Figure 4: Summarising key definitions in authentication and identity
Figure 5: Google’s SMS two-factor authentication system
Figure 6: The ‘Digital Identity Ecosystem’
Figure 7: The Most Common Passwords of 2014
Figure 8: Time Spent per adult user per day with internet media, USA, 2008-2015
Figure 9: Breaking the relationship between security and convenience
Figure 10: The Vision for MNOs in Authentication Services
Figure 11: MNO Authentication Services SWOT
Figure 12: Consumers are increasingly concerned about online privacy
Figure 13: Authentication Market Growth Dynamics
Figure 14: The (Swisscom) Mobile ID Proposition
Figure 15: Authentication using Public Key Encryption
Figure 16: Mobile ID’s User Experience
Figure 17: Logical Technical Architecture for Mobile Connect
Figure 18: Mobile Connect’s User Experience – ‘Click ok’, initiated on PC/tablet
Figure 19: Mobile Connect Roadmap – Authentication, Identity and Attributes

Cloud 2.0: Telco Strategies in the Cloud

Will Telcos be left behind?

Introduction

Cloud services are emerging as a key strategic imperative for Telcos as revenues from traditional services such as voice, messaging and data come under attack from Over The Top Players, regulators and other Telcos. A majority of these new products are delivered from the Cloud on a “pay for consumption” basis and many business customers are increasingly looking to migrate from traditional in house IT systems to Cloud-based or virtualized services to reduce costs, increase agility and decrease deployment times. Gartner recently estimated that the Cloud services market would be worth over $200 billion by 2016, roughly double the value of 2012 and with a CAGR of around 17% whereas traditional IT products and services will see just 3% growth.

It is clear that some Telcos have gained a greater understanding of the Cloud market, and are acting on that understanding, offering increasingly rich Cloud-based products and services, paving the way for Cloud 2.0. But for most Telcos, Cloud services remain secondary to their core business of voice and data delivery. Telcos are wrestling with issues of reduced margin on Cloud and how to stay relevant to their business customers.

This report looks at the development of the Cloud market providing clarity around the different types of cloud products and the impact that they have on business users. Cloud value propositions are examined along with criticisms of cloud products and services. We show that the current risks for Cloud customers represent an opportunity for Telcos and Cloud vendors because….

The report also looks at the development of Cloud 2.0 – a second generation or a more ‘intelligent’ evolution of Cloud products and services. Cloud 2.0 offers key additional benefits/capabilities to consumers, vendors, businesses and Telco/Service providers. These can be typified by cost reductions in the delivery and consumption of cloud services through working with scale players to provide basic compute services, ease of acquisition and most importantly the ability to deliver “mash-up” products and services by using API’s to provide integration between cloud services and products and Telco/service provider products such as Bandwidth, Voice, Management, Support and Billing. Cloud 2.0 is gaining rapid momentum and we show how there is still time for Telcos to play a key role in Cloud 2.0.

Who should read this report?

The report is a ‘must-have’ for all strategy decision makers, Cloud specialists and influencers across the TMT (Telecoms, Media and Technology) sector; in particular, CxOs, strategists, technologists, marketers, product managers, and legal and regulatory leaders in telecoms operators, vendors, consultants, and analyst companies. It will also be invaluable to those managing or considering medium to long-term investment specifically in Telco Cloud services, but also more broadly those involved within telecoms and adjacent industries, and to regulators and legislators.

Executive Summary

Introduction

What is Cloud?
What is the Cloud Value Proposition?
Types of Cloud
Key criticisms of the Cloud
What is ‘Cloud 2.0’ and why does it matter?
- Enterprise vs Consumer cloud, Fit with Telco 2.0 strategies

Market Structure & Opportunity

What is the shape and size of the market (revenues and profit)?
- Total size, definitions of SaaS, PaaS, IaaS, VPC + forecasts
- Advantages and limitations of XaaS definitions
What are the key customer segments and their needs?
- SMBs vs Enterprise
- Early adopters vs mass adopters
What is the opportunity for Telcos (market size and revenues)?
- Share forecasts / ranges for Telcos
What are the most relevant cloud services for Telcos?
What are the key barriers?
- Overall and by segment
Future Scenarios
What is the competitive landscape and who are the key players in Cloud Services?
- Detailed competitor analysis, groupings by type and strategy Strategy review: Analysis of 6-10 key players, covering
  - Objectives, strategy, areas addressed, target customers, proposition strategy, routes to market, operational approach, buy / build partner approach
- Key strategies of other players
- Role of the network / operators to Vendor/partner strategies

Telco Strategies

Which strategies are Telcos adopting and what else could they do
- Review of Telco attitudes and approaches based on following analysis
- Grouping of Telcos by approach (if valid)
Which are the leading Telcos and what are they doing?
- Case studies on 6-10 leading Telcos, covering:
  - Objectives, strategy, areas addressed, target customers, proposition strategy, routes to market, operational approach, buy / build partner approach
Outlines of 10 additional Telco strategies
What relationships should Telcos establish with other ecosystem players?

Conclusions and recommendations

Tag: identity

MWC 2022: Sensing the winds of change

What did STL’s analysts find at MWC 2022?

Enter your details below to request an extract of the report

MWC 2022 in context of its time

Connecting technologies

Cross-dressing and role play

We’re all telcos / techcos now

It’s all about “connecting technologies”

Private matters

Would you pay for “unexpected benefits”?

Table of Contents

Enter your details below to request an extract of the report

36 blockchain applications: What’s next?

Why is blockchain important?

But telcos are still figuring out what to use blockchain for

Key takeaways

Overview of 36 telecoms blockchain applications

Blockchain: What’s in it for telcos?

To view the webinar click here, or download the slides under Additional files.

Introduction: What is blockchain?

Bitcoin beginnings

Figure 1: How the Bitcoin blockchain works

Digital Health: How Can Telcos Compete with Google, Apple and Microsoft?

Introduction

High level drivers for the market

Market Trends and Overview

The wellness opportunity

Sample Reports