IoT security: The foundation for growth beyond connectivity

Introduction

The European Union Agency for Cybersecurity (ENISA) defines the IoT as “a cyber-physical ecosystem of interconnected sensors and actuators, which enable intelligent decision making.” In this ecosystem, the information or data flows among the various components of the IoT enable informed decision making for machines, objects, and the spaces in which they operate. Through this web of tightly interconnected cyber-physical systems, the IoT underpins a variety of applications such as smart cities, smart factories, smart agriculture and so forth.

While these applications touch all the areas of our living and working activities, bringing enormous benefits and possibilities, they also exacerbate system complexities and, in turn, significantly enlarge the domain of threats and risks. As a result, securing the IoT is a very complex task, involving the implementation of highly specialised security measures. In market terms, this complexity translates into rich ecosystems of skills and expertise, where there is not one player in charge of securing the IoT, but it is both a responsibility and an opportunity for all players in the value chain.

Thinking about IoT security, the fundamental objective is ensuring the trust between the provider of an IoT solution and the IoT solution adopter. Microsoft IoT Signals, a well-known survey of 3,000 organisations adopting the IoT, emphasizes this in its 2021 edition, where 91% of the organisations surveyed have security concerns about adopting the IoT. 29% of those organisations do not scale their IoT solution due to security concerns. These concerns hamper the benefits enterprises can gain from IoT solutions. For instance, in the same survey, more than 55% of organisations said they were becoming more efficient adopting the IoT, and 23% claimed that their IoT solution has a direct impact on revenue growth. These benefits come from the variety and volume of data gathered through the IoT to drive better informed operational decisions. The result is that IoT data becomes a fundamental and necessary asset that must be protected.

While managing security risks in IoT is often perceived as a necessary burden, this report will instead highlight securing the IoT as an opportunity. For telecoms operators, this opportunity may not always be directly evident in new revenues, but it is fundamental to the creation of trust between provider and the adopter of IoT services. That trust, built through IoT security services, provides a stronger foundation from which to develop new revenue-generating services beyond connectivity.

This report also argues that by building more comprehensive data insights services into their existing IoT platforms mobile network operators are in a strong position to bring that trust to enterprises. As operators expand their security offers from well-known security functions provided at connectivity level – almost embedded in an operator – to more sophisticated security services across the IoT architecture, they can position themselves as a partner and guide to enterprises as they likewise become more sophisticated in their security needs.

The report is structured in three main parts:

  1. Discussion of the key vulnerabilities in the IoT and responses to those defined by regulators and security bodies such as ENISA, NIST, IoT Security Foundation and others.
  2. Analysis of the roles mobile network operators are playing in the IoTsecurity services market.
  3. Analysis of the opportunities for mobile network operators in security services for the IoT.

The research is based on the author’s extensive experience in IoT security, and enriched by interviews with IoT security experts close to the world of mobile network operators. Finally, an understanding of the most authoritative guidelines and analysis (ENISA, NIST, IoTSF, GSMA, OWASP) on IoT security supports the research.

Enter your details below to download an extract of the report


 

Why IoT security is rising up the agenda

In the fervent debates on the development of the IoT, the security aspect is often hidden or avoided. This stems from a common view among IoT solution companies and end-users that security is a heavy point of discussion that hampers business enthusiasm. This perspective is both unhelpful and dangerous, actively hindering greater scale and trust in the IoT. We strongly believe the argument should be flipped around. Although IoT security is a fundamental risk for the development of the IoT, it is also the means through which to develop robust, reliable, and lucrative IoT solutions. Therefore, IoT security should become a priority in IoT strategy and project development.

There are three considerations that are driving a fundamental shift in perceptions of security from a barrier to an enabler of IoT solutions, both among providers and adopters:

  1. Rising frequency and prevalence of avoidable large scale IoT security breaches.  There are plenty of examples of hacking of connected devices and large IoT systems that have dramatically compromised IoT solutions’ functioning, the business case linked to them, and relationships with customers. Recent examples include:
    • In May 2021, Colonial Pipe suffered a ransomware attack that impacted the computerised equipment monitoring the entire pipeline system from Texas to New Jersey, carrying 2.5 million barrel of oil a day. The entire system, based on a vast IoT solution of several sensors along the pipeline, was blocked. To re-boot the system, Colonial Pipeline paid 75 Bitcoin (the equivalent of $4.4 million at the time). (The solution to this type of breach is implementation of a remediation strategy.)
    • Consumer IoT devices are no less attractive than big corporations to hackers. In June 2021, the McAfee Advanced Threat Research identified a potential security vulnerability in the Peleton Bike+: “The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet.” The Peleton Bike+ vulnerability almost become a matter of national security in the US, considering that President Jo Biden is, apparently, a Peleton Bike+ user. (The security solution to this type of breach is software and system updates.)

2. Regulatory bodies are responding to the increasing incidence of IoT attacks with guidelines and regulations. Realising the danger of connected devices and systems developed with inappropriate security features, regulators worldwide are issuing specific procedures and policies in IoT security. In some cases these are mandatory and in other cases function as guidance and support.

    • Australia has created a voluntary code of practice, Securing the Internet of Things for Consumers, focussing on issues of authorisation, authentication, and access of IoTdata in consumer devices.
    • Singapore has issued the IoT Cyber Security Guide to support enterprises to develop secure IoT systems. Enterprises should also comply to IoT-related standards in sensors, sensor networks, and devices.
    • The United Kingdom has focussed on security around IoT devices with the first Code of Practice for Consumer IoT Security published in 2018.
    • The European Union is focussing on the development of an “IoT Trust” label for IoT consumer devices.
    • The United States launched legislation in 2020 – IoT Cybersecurity Improvements Act – which, through a combination of subsidies and project grants, incentivises companies that build and sell IoT solutions to develop them with a security-by-design

These initiatives are all specifically designed around IoT devices and systems. However, it is important to highlight that the relevant legal framework is wider. For example, in the European Union, the three key regulations applying to the sale and use of IoT devices and ecosystems are CE Marking (health and safety of products sold in the EU), GDPR, and the Network and Information Security Directive (NIS Directive). It is well known, but important to stress it, that violation of GDPR – data breaches and misuses of data – can cost up to EUR20 million. A similar legal framework exists in the United States, in which there are three Acts relevant for IoT devices: Federal Trade Commission Act (FTC Act), the Cyber Security Information Sharing Act (CISA), and the Children’s Online Privacy Protection Act (COPPA). Those who violate America’s Federal Trade Commission Act could face fines of $41,484 per violation, per day.

It is also worth noting that many of these regulations focus on the consumer IoT because it has been the weakest in terms of attention to security features, there is a direct link to data privacy (i.e. by hacking into IoT devices malicious actors can gain access to other digital profile data), and most consumers do not have the skill or resources to protect themselves.

3. The increasing business and economic impact of IoT data. Organisations of all kinds are increasingly relying on data for their strategy development, optimisation of processes, increasing engagement with customers and innovating their business models. The data needed for all these activities is increasingly machine generated by an IoT solution. To illustrate this value, there have been several studies on understanding the economic impact of IoT data. For example, in April 2019, GSMA Intelligence estimated that the economic impact of IoT on business productivity was in the order of $175bn, 0.2% of the global GDP. GSMA Intelligence also forecasted that by 2025 the economic impact would increase to $371bn, 0.34% of the global GDP, with IoT companies generating almost a trillion dollar in revenues. Ultimately, if a competitor or malicious actors gets hold of an organisation’s data, then they have accessed one of its most important assets. Therefore, as organisations become ever more data-driven in their strategic decision making, the importance of securing the systems gathering and storing that data will rise.

Defining IoT Security

The US NIST (National Institute for Standards and Technology) defines cyber-risk as “a function of the probability of a given threat source’s exercising any potential vulnerability and the resulting impact of that adverse event on the organisation.” The IoT security risk is one of many cyber-risks to any organisation and refers to the unforeseen exploitation of IoT system vulnerabilities to gain access to assets with the intent to cause harm.

A major challenge in assessing the IoT system vulnerabilities and threats comes from the technological complexity of an IoT solution and the diversity of applications and environments the IoT solution serves. Therefore, IoT security can be assessed in two levels. The first level regards the IoT architectural stack, which is common to different domains and applications. The second level is solution-specific and requires specialised services depending on the domain of applications.

The starting point of the analysis is a model of IoT architecture, illustrated in a simplified format in the diagram below.

Simplified IoT  architecture

Simplified-IoT-architecture-STL-Partners

Source: STL Partners

 

Table of contents

  • Executive Summary
    • Security can enable MNOs to build beyond connectivity in IoT
    • Next steps: Building on security in the Coordination Age
  • Introduction
    • Why IoT security is rising up the agenda
  • Defining IoT security
    • Key IoT vulnerabilities
    • Enterprises’ view on securing IoT
    • How to meet enterprise needs: Delivering security across three dimensions
  • Mobile operators’ roles in IoT security
    • Telco strategy comparison: IoT security offers vs dedicated business units
    • Assessing operators’ security services by function
    • Takeaways
  • Future growth trends for operators to capitalise on
    • eSIM and integrated eSIM (iSIM) capabilities
    • 5G private network security services
    • Managing encryption requirements
    • Blockchain in telecommunications
    • Secure communication through quantum information and communication technology

Related research

Enter your details below to download an extract of the report


 

The changing consumer landscape: Telco strategies for success

Winning in the evolving “in home” consumer market

COVID-19 is accelerating significant and lasting changes in consumer behaviours as the majority of the population is being implored to stay at home. As a result, most people now work remotely and stay connected with colleagues, friends, and family via video conferencing. Consumer broadband and telco core services are therefore in extremely high demand and, coupled with the higher burden on the network, consumers have high expectations and dependencies on quality connectivity.

Furthermore, we found that people of all ages (including non-digital natives) are becoming more technically aware. This means they may be willing to purchase more services beyond core connectivity from their broadband provider. At the same time, their expectations on performance are rising. Consumers have a better understanding of the products on offer and, for example, expect Wi-Fi to deliver quoted broadband speeds throughout the house and not just in proximity to the router.

As a result of this changing landscape, there are opportunities, but also challenges that operators must overcome to better address consumers, stay relevant in the market, and win “in the home”.

This report looks at the different strategies telcos can pursue to win “in the home” and address the changing demands of consumers. It draws on an interview programme with eight operators, as well as a survey of more than 1100+ consumers globally . As well as canvassing consumers’ high level views of telcos and their services, the survey explores consumer willingness to buy cybersecurity services from telcos in some depth.

Request a report extract

With increasing technical maturity comes an increasingly demanding market

Consumers are increasing in technical maturity

The consumer market as a whole is becoming much more digital. Over the past decade there has been a big shift towards online and self-service models for B2C services (e.g. ecommerce, online banking, automated chatbots, video streaming). This reflects the advent of the Coordination Age – connecting people to machines, information, and things – and the growing technical maturity of the consumer market.

COVID-19 has been a recent, but significant, driver in pushing consumers towards a more digital age, forcing the use of video conferencing and contactless interactions. Even people who are not considered digitally native are becoming increasingly tech savvy and tech capable customers.

Cisco forecasts that, between 2018 and 2023, the number of Internet users globally will increase from 51% to 66% . It has also forecast an increase in data volumes per capita per month from 1.5GB in 2017 to 9.7GB in 2022 . Depending on the roll out of 5G in different markets, this number may increase significantly as demand for mobile data increases to meet the potential increases in supply.

Furthermore, in our survey of 1,100+ consumers globally, 33% of respondents considered themselves avid users and 51% considered themselves moderate users of technology. Only 16% of the population felt they were light users, using technology only when essential for a limited number of use cases and needing significant support when purchasing and implementing new technology-based solutions.

Though this did not vary significantly by region or existing spend, it did vary (as would be expected) by age – 51% of respondents aged between 25 and 30 considered themselves avid users of technology, while only 18% of respondents over 50 said the same. Nevertheless, even within the 50+ segment, 55% considered themselves moderate users of technology.

Self-proclaimed technical maturity varies significantly by age

Source: STL Partners consumer survey analysis (n=1,131)

The growing technical maturity of consumers suggests a larger slice of the market will be ready and willing to adopt digital solutions from a telco, providing an opportunity for potential growth in the consumer market.

Consumers have higher expectations on telco services

Coupled with the increasing technical maturity comes an increase in consumer expectations. This makes the increasing technical maturity a double edged sword – more consumers will be ready to adopt more digital solutions but, with a better understanding of what’s on offer, they can also be more picky about what they receive and more demanding about performance levels that can be achieved.

An example of this is in home broadband. It is no longer sufficient to deliver quoted throughput speeds only within proximity to the router. A good Wi-Fi connection must now permeate throughout the house, so that high-quality video content and video calls can be streamed from any room without any drop in quality or connection. It must also be able to handle an increasing number of connected devices – Cisco forecasts an increase from a global average of 1.2 to 1.6 connections per person between 2018 and 2023 .

Consumers are also becoming increasingly impatient. In all walks of life, whether it be dating, technology or experiences, consumers want instant gratification. Additionally, with the faster network speeds of 4G+, fibre, and eventually 5G, consumers want (and are used to) continuous video feeds, seamless streaming, and near instant downloads – buffering should be a thing of the past.

One of our interviewees, a Northern European operator, commented: “Consumers are not willing to wait, they want everything here, now, immediately. Whether it is web browsing or video conferencing or video streaming, consumers are increasingly impatient”.

However, these demands extend beyond telco core services and connectivity. In the context of digital maturity, a Mediterranean operator noted “There is increasing demand for more specialized services…there is more of a demand on value-added, rather than core, services”.

This presents new challenges and opportunities for operators seeking growth “in the home”. Telcos need to find a way to address these changing demands to stay relevant and be successful in the consumer market.

Table of Contents

  • Executive summary
  • Introduction
  • Growing demand for core broadband and value-added services
    • COVID-19 is driving significant, and likely lasting, change
    • With increasing technical maturity comes an increasingly demanding market
  • Telcos need new ways to stay relevant in B2C
    • The consumer market is both diverse and difficult to segment
    • Should telcos be looking beyond the triple play?
  • How can telcos differentiate in the consumer market?
    • Differentiate through price
    • Differentiate through new products beyond connectivity
    • Differentiate through reliability of service
  • Conclusions and key recommendations
  • Appendices
    • Appendix 1: Consumer segments used in the survey
    • Appendix 2: Cybersecurity product bundles used in the conjoint analysis

Request STL research insights overview pack

Fighting the fakes: How telcos can help

Internet platforms need a frictionless solution to fight the fakes

On the Internet, the old adage, nobody knows you are a dog, can still ring true. All of the major Internet platforms, with the partial exception of Apple, are fighting frauds and fakes. That’s generally because these platforms either allow users to remain anonymous or because they use lax authentication systems that prioritise ease-of-use over rigour. Some people then use the cloak of anonymity in many different ways, such as writing glowing reviews of products they have never used on Amazon (in return for a payment) or enthusiastic reviews of restaurants owned by friends on Tripadvisor. Even the platforms that require users to register financial details are open to abuse. There have been reports of multiple scams on eBay, while regulators have alleged there has been widespread sharing of Uber accounts among drivers in London and other cities.

At the same time, Facebook/WhatsApp, Google/YouTube, Twitter and other social media services are experiencing a deluge of fake news, some of which can be very damaging for society. There has been a mountain of misinformation relating to COVID-19 circulating on social media, such as the notion that if you can hold your breath for 10 seconds, you don’t have the virus. Fake news is alleged to have distorted the outcome of the U.S. presidential election and the Brexit referendum in the U.K.

In essence, the popularity of the major Internet platforms has made them a target for unscrupulous people who want to propagate their world views, promote their products and services, discredit rivals and have ulterior (and potentially criminal) motives for participating in the gig economy.

Although all the leading Internet platforms use tools and reporting mechanisms to combat misuse, they are still beset with problems. In reality, these platforms are walking a tightrope – if they make authentication procedures too cumbersome, they risk losing users to rival platforms, while also incurring additional costs. But if they allow a free-for-all in which anonymity reigns, they risk a major loss of trust in their services.

In STL Partners’ view, the best way to walk this tightrope is to use invisible authentication – the background monitoring of behavioural data to detect suspicious activities. In other words, you keep the Internet platform very open and easy-to-use, but algorithms process the incoming data and learn to detect the patterns that signal potential frauds or fakes. If this idea were taken to an extreme, online interactions and transactions could become completely frictionless. Rather than asking a person to enter a username and password to access a service, they can be identified through the device they are using, their location, the pattern of keystrokes and which features they access once they are logged in. However, the effectiveness of such systems depends heavily on the quality and quantity of data they are feeding on.

In come telcos

This report explores how telcos could use their existing systems and data to help the major Internet companies to build better systems to protect the integrity of their platforms.

It also considers the extent to which telcos will need to work together to effectively fight fraud, just as they do to combat telecoms-related fraud and prevent stolen phones from being used across networks. For most use cases, the telcos in each national market will generally need to provide a common gateway through which a third party could check attributes of the user of a specific mobile phone number. As they plot their way out of the current pandemic, governments are increasingly likely to call for such gateways to help them track the spread of COVID-19 and identify people who may have become infected.

Request a report extract

Using big data to combat fraud

In the financial services sector, artificial intelligence (AI) is now widely used to help detect potentially fraudulent financial transactions. Learning from real-world examples, neural networks can detect the behavioural patterns associated with fraud and how they are changing over time. They can then create a dynamic set of thresholds that can be used to trigger alarms, which could prompt a bank to decline a transaction.

In a white paper published in 2019, IBM claimed its AI and cognitive solutions are having a major impact on transaction monitoring and payment fraud modelling. In one of several case studies, the paper describes how the National Payment Switch in France (STET) is using behavioural information to reduce fraud losses by US$100 million annually. Owned by a consortium of financial institutions, STET processes more than 30 billion credit and debit card, cross-border, domestic and on-us payments annually.

STET now assesses the fraud risk for every authorisation request in real time. The white paper says IBM’s Safer Payments system generates a risk score, which is then passed to banks, issuers and acquirers, which combine it with customer information to make a decision on whether to clear or decline the transaction. IBM claims the system can process up to 1,200 transactions per second, and can compute a risk score in less than 10 milliseconds. While STET itself doesn’t have any customer data or data from other payment channels, the IBM system looks across all transactions, countrywide, as well as creating “deep behavioural profiles for millions of cards and merchants.”

Telcos, or at least the connectivity they provide, are also helping banks combat fraud. If they think a transaction is suspicious, banks will increasingly send a text message or call a customer’s phone to check whether they have actually initiated the transaction. Now, some telcos, such as O2 in the UK, are making this process more robust by enabling banks to check whether the user’s SIM card has been swapped between devices recently or if any call diverts are active – criminals sometimes pose as a specific customer to request a new SIM. All calls and texts to the number are then routed to the SIM in the fraudster’s control, enabling them to activate codes or authorisations needed for online bank transfers, such as a one-time PINs or passwords.

As described below, this is one of the use cases supported by Mobile Connect, a specification developed by the GSMA, to enable mobile operators to take a consistent approach to providing third parties with identification, authentication and attribute-sharing services. The idea behind Mobile Connect is that a third party, such as a bank, can access these services regardless of which operator their customer subscribes to.

Adapting telco authentication for Amazon, Uber and Airbnb

Telcos could also provide Internet platforms, such as Amazon, Uber and Airbnb, with identification, authentication and attribute-sharing services that will help to shore up trust in their services. Building on their nascent anti-fraud offerings for the financial services industry, telcos could act as intermediaries, authenticating specific attributes of an individual without actually sharing personal data with the platform.

STL Partners has identified four broad data sets telcos could use to help combat fraud:

  1. Account activity – checking which individual owns which SIM card and that the SIM hasn’t been swapped recently;
  2. Movement patterns – tracking where people are and where they travel frequently to help identify if they are who they say they are;
  3. Contact patterns – establishing which individuals come into contact with each other regularly;
  4. Spending patterns – monitoring how much money an individual spends on telecoms services.

Table of contents

  • Executive Summary
  • Introduction
  • Using big data to combat fraud
    • Account activity
    • Movement patterns
    • Contact patterns
    • Spending patterns
    • Caveats and considerations
  • Limited progress so far
    • Patchy adoption of Mobile Connect
    • Mobile identification in the UK
    • Turkcell employs machine learning
  • Big Internet use cases
    • Amazon – grappling with fake product reviews
    • Facebook and eBay – also need to clampdown
    • Google Maps and Tripadvisor – targets for fake reviews
    • Uber – serious safety concerns
    • Airbnb – balancing the interests of hosts and guests
  • Conclusions
  • Index

Request STL research insights overview pack

Consumer IoT: How telcos can create new value

Introduction: Trust is a must for consumer IoT – but is consumer IoT a must for telcos?

Lack of trust is a major barrier to mass-market consumer IoT adoption

There was an expectation two to three years ago that take-up of consumer Internet of Things (IoT) services was set to accelerate, and that we would soon witness the success of mass market consumer IoT offers in areas such as energy management (linked to roll-outs of smart metering), home automation and security, and health and wellness applications (linked to wearables such as smart watches, fitness trackers and medical condition sensors). It was also widely expected that telcos would play a leading role in this market.

Although growth has occurred in these product areas, it has generally been below expectations. Everett M. Rogers’ diffusion of innovations theory shows how the different stages of public acceptance a new product goes through, with successive groups of consumers adopting the new technology (shown in blue), so its market share (yellow) eventually reaches saturation level. Looking at this theory, STL believes that consumer IoT is still in the “early adopter” stage.

Figure 1: Rogers’ diffusion of innovations theory

Source: Rogers, E. (1962) Diffusion of innovations, image from Wikipedia

In addition to this, telcos have tended to play a peripheral part in the market thus far, limited largely to providing the wireless and broadband connectivity supporting third-party products developed by players focused on adjacent vertical markets. Already the focus of telcos’ IoT strategies seems to have been redirected to enterprise and industrial IoT applications, along with the rapidly maturing connected car and smart cities markets, judging from the wave of new product and partnership announcements in these areas at recent trade shows, such as this year’s Mobile World Congress (MWC). Despite this, we believe that consumer IoT could still represent a large addressable market for telcos, based on data presented in chapter 3.

There are many reasons for the levelling of the expected consumer IoT growth curve, some of which we will explore in this report. In terms of definitions, we are limiting the term ‘consumer IoT’ to ‘consumer-centric’ applications and services, whether these are deployed primarily in the home (such as home automation and security) or on the person (e.g. wearables, and health and wellness). We will not directly discuss connected car / autonomous vehicle and smart cities applications, even though they relate to consumer services and experiences, as the dynamics of these services and their technological challenges are quite distinct. In addition, we will only tangentially discuss healthcare IoT, as it is far from clear what sort of ‘consumer’ business model will be established in this sector (as opposed to a public service model); although it is likely that remote health and social care will play an increasingly central role in a prospective ‘second wave’ of consumer IoT services, based on trustworthy processing of intimate personal data to enable really useful services.

In addition, we make a distinction between ‘connected’ devices and homes, on the one hand, and ‘smart’ devices / homes and IoT services, on the other. A home is not smart, nor an IoT service present, until the connected devices or ‘things’ involved, and the data they generate, are integrated as part of an app that the user controls. As shown in Figure 2, in the existing IoT business model, this involves delivery of the data from multiple devices and sensors to a cloud-based service, enabling collection, aggregation and analysis of the data, and remote and automated performance of actions on those devices based on the analysis and on the user’s preferences.

Contents:

  • Executive Summary: Trust is king
  • Introduction: Trust is a must for consumer IoT – but is consumer IoT a must for telcos?
  • Lack of trust is a major barrier to mass-market consumer IoT adoption
  • Building trust with customers must be at the forefront of telcos’ consumer IoT offer and brand
  • Consumer IoT 1.0: opportunities and threats for telcos; telco strengths and weaknesses
  • Opportunities: The addressable market for telcos is potentially huge
  • Threats: do consumers buy it?
  • Established telco strengths can help offset the risks
  • Weaknesses: IoT exemplifies the challenges of digital innovation in general
  • Conclusion: consumer IoT is a huge challenge but also a huge opportunity that plays into telcos’ strengths
  • Deutsche Telekom’s consumer IoT platform and services
  • Deutsche Telekom and the Qivicon platform
  • Efforts to address the data security and privacy issues of consumer IoT 1.0
  • Avast: telcos can play a role as part of a cross-industry approach
  • Orange: transparency over use of data is key
  • Atomite: consumer consent and rewards for sharing data with third parties
  • Telefónica’s AURA: cognitive intelligence but an immature business model
  • Consumer IoT 2.0: A move to a (data) sharing economy
  • GDPR: A change in the rules that looks set to change business models
  • Databox: “privacy-aware data analytics platform”
  • IoT and the personal data economy: putting ‘me’ at the centre of my internet of things
  • Conclusion: Telcos need to be in the consumer IoT 1.0 game to win in consumer IoT 2.0
  • A massive potential market, with a large slice of the pie available to telcos…
  • … but do the risks outweigh the potential benefits?
  • Telcos need to play the consumer IoT 1.0 game to reach consumer IoT 2.0

Figures:

  • Figure 1: Rogers’ diffusion of innovations theory
  • Figure 2: Consumer IoT 1.0
  • Figure 3: Consumer concerns about connected devices
  • Figure 4: Strengths, weaknesses, opportunities and threats for telcos in consumer IoT
  • Figure 5: Connected home installed base and penetration EU and North America, 2013–19
  • Figure 6: Companies most trusted with personal data
  • Figure 7: The Qivicon consumer IoT platform
  • Figure 8: Orange ‘Trust Badge’ – what personal and usage data is collected, and why
  • Figure 9: Key functionality of the Meeco personal data portal