Context-Aware Mobile Security: GDPR Compliance with Blockchain
Last week, neXt Curve, a San Diego-based digital research advisory firm focused on advising entrepreneurs, enterprises and governments in the building of a better digital future, hosted a webinar on the use of Blockchain as a General Data and Privacy Regulation (GDPR) solution for what industry analyst, Akshay Sharma, calls “Contextually-Aware Mobile Security,” which is detailed in his article “Contextually-Aware Mobile Security as a Service: The Key to IoT Security and GDPR Compliance & Readiness with Blockchain”.
Sharma, who spent more than a decade at Gartner covering telecom and technology disruption, is a research principal at neXt Curve. He and Leonard Lee, managing director and founder of neXt Curve, have been studying the complexity and confusion associated with the GDPR, and side with those who believe Blockchain technologies are an answer to managing personal data in the GDPR era, not an antithesis of GDPR as some observers have posited.
“Privacy regulations are fundamental to individual rights and protections,” Sharma said in an interview following the webinar (replay available here). “With more, not less regulation coming into play – including the new California Consumer Privacy Act passed last month – businesses are going to be challenged in complying with increasingly stringent requirements and controls on the consent and use of consumer’s personal data.”
Consequently, Sharma stated, “ICT service providers have an opportunity to generate revenue through new privacy and security services – based on their own GDPR-compliant capabilities and processes - that enable enterprises to manage and control the full lifecycle of regulatory compliance under the GDPR and other regional privacy regulations without adding unmanageable complexity to their existing systems and business processes.”
“A platform of smart, decentralized, trusted and highly-encrypted network of computing nodes can be the next revolutionary wave in security infrastructure,” Sharma predicted, "with carriers (telecom operators) in an outstanding and unique position to broker privacy permissions and policies across a range of current and new business applications that could use consumer personal data protected with carrier-class security to offer new Privacy First (GDPR-compliant) services.” Sharma dubs this converged IT/CT solution paradigm the Mobile Security as a Service (MSaaS) platform, which he predicts could be the next big thing for ICT service providers.
According to Sharma, Blockchain presents new options in the way operators can architect identity and access management across their fixed and mobile networks and support the secure provisioning of the rich personal data that a carrier has on consumers to enable new business applications and services. An example that Sharma cited was contextually-targeted advertisements that factor in a consumer’s location, device being used, preferences and other personal information that a consumer has opted-in to share with an advertiser or business.
Sharma foresees the emergence of integrated and interoperable privacy functions supported by a distributed and decentralized security platform. “We call it Federated Identity Management (FIDM) enabled by Blockchain, which is the foundation of a MSaaS platform,” stated Sharma. “The way we see it, Blockchain will enable architects to design the silos out of their current security infrastructure by making a common, distributed identity management framework based on smart contracts that can administer privacy policies in a consistent and highly secure way a technical reality.”
Sharma and Lee stated that based on their research there are a number of promising Blockchain technologies and solutions that will enable mesh-like integration of privacy regimes across public and private network and compute domains, which will be important for securely brokering privacy policy across multiple public IoT environments, for example. “The technical parts and capabilities that can enable an efficient and scalable MSaaS platform are emerging,” stated Lee. “However, these solutions need to continue to mature in an ecosystem-nurturing environment that can be readily provided by carriers that pursue the MSaaS opportunity,” added Sharma.
According to Sharma, the MSaaS opportunities could be game-changing for carriers that deliver privacy services that enable enterprises to develop or remediate and deploy GDPR-compliant business applications. “A new world of revenue opportunities become available that could give carriers, for example, a larger cut of digital advertising dollars that OTT (over-the-top) players such as Facebook and Google enjoy today,“ stated Sharma. “Imagine new monetization models for targeted ad brokering by carriers, with opt-in/opt-out, and ads-paid by merchants based on actual impressions, mobile payments, and so forth,” Sharma said, encouraging service providers to think outside the box, and to look at stricter regulations as an opportunity not a threat.
Given the low level of GDPR compliance among companies in the EU estimated at less than 50 percent according to Gartner Inc., Sharma expects that carriers can deliver significant value to businesses looking for a packaged solution that provides them with the privacy controls and secure environments to meet GDPR technical and governance requirements. “Think of it as outsourcing your GDPR risk to someone who can offer compliant processes and infrastructure at scale,” stated Sharma.
Edited by Ken Briodagh
