Data security has always been a key concern for enterprises, but new regulations such as the GDPR have brought the protection of customers’ personal data into even sharper focus. CTO of HOT TELECOM Steve Heap and Nexmo Director of Strategic Carrier Relations David Vigar explain what enterprises that handle personal data internationally should know about the security of the networks delivering that traffic.
To read the full transcript, scroll below the video.
Data Security in International Customer Messaging (Full Transcript)
Glen Kunene, Editor-in-Chief at Nexmo: Got it. Thanks. And so, I wanna move on to another topic that I know is always, sort of, towards the top of the list for enterprises, which is security.
So just broadly speaking, can you talk to the security of the data that’s entrusted to carriers, as businesses, you know, have maybe sensitive data, personally identifiable data for their customers, or if they’re, you know, sending the details of bank transactions and so on. What’s the state of security? What are the, sort of, the key concerns or trends there?
David Vigar, Director of Strategic Carrier Relations at Nexmo: So one of the things that we’ve seen that the carriers are really focusing on at the moment is that data security. Because it’s not just about the security of the data of the company that’s sending the communication, it’s mobile operators’ own subscriber’s data that’s within that core record.
You know, the number the enterprise is calling is the number, and, obviously, numbers today are very unique, you know, you’ll probably have your mobile number for the rest of your life. It’s a very personal thing to you and mobile operators are very concerned about how they protect their subscribers from, you know, misuse of that information. They are investing heavily in securing the networks in a number of ways.
“You’ll probably have your mobile number for the rest of your life. It’s a very personal thing to you and mobile operators are very concerned about how they protect their subscribers”
You know, there have been a few reports recently about the ability to hack and collect these kind of…defraud people through the SS7 network, which is the closed carrier-to-carrier messaging network. And there are a number of companies out there with very clever solutions that really prevent abuse of that network.
So the carriers are certainly focusing on that data security a lot more than they used to be. In Europe, they’re also being helped by some very tough new regulations coming in. You know, the coming next year, the…will mean that carriers have to be very, very careful about that data because the fines are, I think, something like 10% or 15% of revenue. So they’re, you know, they’re pretty scary from a carrier’s perspective.
There are still a few challenges around data security and one of the things is the, particularly for something like messaging, and I think also to a lesser extent, voice. If you’re trying to, traditionally, if you’re trying to get one of those calls or messages around the world, it might be that that call or message passed through two, three, four different companies before it hit the far end.
Trying to minimize the number of hops in that chain should be quite a key metric for enterprise in terms of that data security. You wanna be sure that your communications provider isn’t bouncing your call five times around the world before it hits the terminating network and the subscriber you’re trying to reach. And that’s why, you’ll see, we have a carrier relations department at Nexmo because we are focused on building out that network with operators to cut out those extra hops in the chain.
Steve Heap, CTO at HOT TELECOM, a leading telecom research and consulting firm: Yeah, and just carrying on with that discussion. One of the things that the international carriers have been putting in place over the past maybe four or five years is that although the services are moving to IP, they’re not being carried on the public internet.
They’ve set up a separate IP-based, in effect, private IP network, which they call the IPX, which is totally separate from the public internet. And so these calls are being carried on in private, in effect private quality managed paths across the world. And so there’s no way that that can be accessed by anyone by the public internet.