A new approach to mobile data security | SC Media
Mobile

A new approach to mobile data security

January 30, 2014

The past few months have been a little alarming when it comes to mobile data security. Scandals seem to break out every other week. For a lot of businesses, this has been eye-opening. Priorities have shifted, and now IT professionals are thinking harder about what it really means to have “secure” mobile data.

Achieving this is no easy task, as the ongoing battles between Google and European Union member states have shown. Countries have different regulations on how mobile data can be used, stored and transferred. I've personally spoken to a number of businesses that are uneasy about this diversity of laws and regulations. It can make you constantly wonder whether you're doing something that could lead to legal repercussions or create further vulnerabilities, like exposing sensitive customer information. So what can mobile content and service providers do to solve the problem?

Most mobile network operators know that the data they use is a moving target. Literally. A customer's data is only one part of the puzzle when you're delivering a mobile service, and the other pieces can often be scattered across the map. For instance, mobile marketing companies have to work out where users are to serve relevant ads. A customer in the vicinity of a supermarket is much more likely to respond to mobile deals on groceries. Since these mobile tools are dependent on the user and the target's location, service providers have to know the addresses of mobile base stations to triangulate the position of the person.

Unfortunately, base station addresses are very often regarded as critical infrastructure information that can only be stored within the borders of one country. So a company providing a location-based service in Spain can't store the details of the mobile base stations outside of Spain. If it does, there could be serious regulatory consequences.

Since the need for real-time data transfers and interactions span industries, so too do the regulatory risks involved – especially industries like finance or health care, which are protected by additional privacy laws. Having a server in a different country than the recipients of e-health services, for example, is nearly impossible. Mobile healthcare services can't transfer user information out of one country to a server in another and bring it out again without violating regulations. Machine to machine companies can also be vulnerable as they collect and transfer data between electricity consumption and appliances or gas consumption, cars and insurance companies. 

Any mobile operator will tell you that the mobile service delivery community is growing increasingly complex and volatile. Just take a look at Instagram – the company went from zero users and zero visibility to more than 100 million users in less than three years. Similarly, there are seasonal and significant short-term peaks in some sectors. Major events, TV shows or one well-placed article in a leading publication can lead to explosive growth in consumer demand. Consequently, planning for the right infrastructure investment is like trying to peer into a crystal ball.

A recent research report, “IT Challenges in the Mobile Community,” revealed that mobile operators are looking for two things above all in their infrastructure:

  • The optimization of connectivity to reduce latency and ensure quality of service for a global customer base
  • The balance of flexibility and control to ensure cost-effectiveness while staying nimble in a volatile market – but not so nimble that security or compliance is compromised.

Businesses can't have one of these elements in their networks without the other. Optimizing network speeds makes customers happy in the short run, but if no one is watching where data travels, it's inevitable that there will be a security or compliance breach. Yet too much control can bog down a system and provide a poor customer experience.

In the end, connectivity, flexibility and control are dependent on data center and infrastructure options. While some mobile operators explained in the report that cloud services can be suitable for high-growth start-ups, others said that it can be more expensive to rapidly scale within a cloud environment. Others, still, chose to avoid public clouds altogether, because of the security concerns. Hybrid solutions seemed to strike a balance, as e-commerce providers have low-risk data such as catalog and product information stored on a cloud, but payment data stored within dedicated hardware at a data center.

Go local to control compliance

The report found that, when mobile operators reached maturity, relying on clouds wasn't a feasible way to maintain the control and compliance over data that's needed in a global market. Because the barriers to entry in most countries are so low for mobile services, that leaves regulations as the biggest hurdle. Delivering the service at a speed and level of consistency that consumers expect without putting data at risk can require some sophisticated maneuvering. And that's where local data centers play an important role.

By keeping localized data in one country, stored in local data centers, businesses can help guarantee that no regulations or laws will be broken regarding data use. That's why the key is to have multiple data centers across international borders. Additionally, having physical infrastructure in place to store data can reduce latency and improve the end-user experience.

Colocation can enhance speeds by reducing the complexity of data and algorithms as they are delivered, too. The capital market trading community, for example, has long depended on colocation for trading infrastructure to reduce latency and costs. The video content space has also been recently following a colocation strategy to support real-time bidding for ad exchange platforms.

By staying local, mobile businesses can simultaneously guarantee that the user experience is fully optimized and no compliance issues arise.
prestitial ad