IoT Blog | August, 2017
Head of Business Development, Vodafone IoT
What’s at the heart of security? Community
In the competitive world of business, being open doesn’t come naturally. Most businesses are tight-lipped about what goes on inside their organisations. They want to protect their intellectual property, product roadmaps and customer relationships. But when it comes to security, secrecy is a hindrance, not a help.
That’s because in the world of security, we’re stronger when we’re united against the common threat posed by attackers — many of which are well resourced and persistent. We’re better off sharing what we know so we can all benefit from insights, refine best practices, and close vulnerabilities before they’re exploited. At Vodafone, we have a long history of contributing to the community.
Sharing threat intelligence
For example, we’re an active member of global group FIRST, the Forum of Incident Response and Security Teams. Our Security Operations Centre shares data about security events and attacks on our network with other FIRST members, including security teams from other operators and IT providers. Doing so lets us all benefit from early warning systems and better defend our systems against emerging techniques.
Leading by example
But security is not just about specialist teams talking to each other — it’s a responsibility of everyone in the business. We work with lots of businesses in our partner ecosystem — from some of the world’s biggest system integrators to small resellers, specialist hardware companies and niche consultancies — to share best practices and help them improve security. Together, we look at how they can improve their processes — from handling customer data to designing Internet of Things (IoT) products. More formally, we insist that any partner we work with follows our security standards and commits to sharing data on security incidents with us.
Contributing to standards
The security landscape is always changing, and as an industry we need to look ahead to what the future holds. Our security experts play a leading role in the industry, to share insights and develop new standards that benefit everyone. For instance, we take an active part in bodies such as ETSI, GSMA, ENISA and 3GPP — in particular, leading the GSMA Fraud and Security Group. Vodafone is also a founding member of the Global Forum on Cyber Expertise, and we sit on the Executive Steering Board of the IoT Security Foundation. Through these roles, we help advance the cause of security and ensure that new technologies are as robust as they can be.
Driving meaningful dialogues
Many areas of security and privacy involve contentious legal and political issues: such as government surveillance, crime prevention, and free speech. We believe it’s important for the technology industry to face these issues openly and agree a position that is best for our customers and for society. For example, Vodafone is a founding member of the Telecommunications Industry Dialogue and a signatory to its Guiding Principles on Freedom of Expression and Privacy. These define a common approach to dealing with demands from governments that may affect privacy and freedom of expression in a principled, coherent and systematic way. You can find out more about our approach and the laws surrounding communications by visiting our Digital Rights and Freedoms Reporting Centre.
What can you do?
To find out more about our work in securing the IoT, take a look at our new IoT Security White Paper