Securing the Datasphere
An approach to data security in an increasingly connected world
There’s an old saying: “Never let a good crisis go to waste.” For cybercriminals, COVID-19 couldn’t have provided a better opportunity to take advantage of organizations across the globe as they were scrambling to shift to a remote workforce. As if a massive disruption in business alone wasn’t enough, corporate leaders were challenged with the task of securing enterprise perimeters that had suddenly vanished.
Now, with more than half of 2020 behind us, organizations are moving forward, but are looking at enterprise security through a much different lens. As they chart a path toward ensuring that people, computers, networks and platforms are secured, many have adopted a zero-trust approach. And, for good reason. With data underpinning decision making in nearly every industry—finance, healthcare, retail and transportation—the ecosystem has become increasingly complex as the threat landscape expands.
For the past 10-years, IDC has been calculating the amount of information the world collectively creates, captures, replicates and consumes in what it calls the global “datasphere.” In a comprehensive study sponsored by Seagate, IDC experts predict our digital world will reach 175 zettabytes by 2025 to reflect a 61% increase from 45 zettabytes in 2019. Putting this into context, IDC senior VP David Reinsel explains that storing 175ZB of data would require 12.5-billion hard drives, or so many Blue Ray discs that when stacked would climb the distance of the moon (238,900 miles)—23 times. (Then, correlate this volume of data to security vulnerability).
For decades, data has been essential to the transformation of the automotive industry, where on-board diagnostics (OBD) were introduced in the 1980s by the California Air Resources Board to track emissions in an effort to reduce pollution. By 1996, when the OBD system was mandatory for all new vehicles, General Motors introduced OnStar, which connected drivers to roadside assistance and emergency services. Since then, OBD has become ubiquitous, not only giving vehicle owners insight to safety, maintenance, miles and driver behavior but also revolutionizing fleet management. The presence of the OBD port allows GPS fleet tracking devices, widely referred to as telematics, to silently collect information such as fuel and electric usage, external weather conditions, road safety and traffic information, as well as provide insight into vehicle health and driver behavior. In fact, in the commercial and government sectors — where telematics solutions have been widely adopted among small, medium and mega-sized fleets — connected vehicles are a reality; businesses and governments could not operate without them.
According to Allied Market Research, the global automotive telematics market is projected to reach $320.6-billion by 2026, reflecting a compound annual growth rate of 26.8% from 2019 to 2026. While the industry continues to experience explosive growth as data becomes increasingly invaluable, not only for fleets operators but also carmakers, insurance, logistics and supply chain companies, data security is more important than ever.
40-billion data points
As the top commercial telematics vendor, ranked #1 worldwide by ABI Research, Geotab Inc. takes a rigorous approach to security. With more than 40,000 customers around the world collectively deploying approximately 2.2-million Geotab GO devices, along with the MyGeotab platform to optimize fleet management, our firm processes more than 40-billion data points every day. Geotab’s highest priority is to implement and maintain stringent security, technical and organizational measures designed to help keep customers’ data secured and their privacy protected. Through the Geotab Security Center, customers and partners have access to the most up-to-date resources and best practices. Collaborating with leading stakeholders to protect and advance the industry, we adopt a philosophy of vigilance, where reviewing, improving and validating security mechanisms and processes is key to helping ensure systems remain resilient to intrusion and disaster. This has resulted in significant industry firsts and achievements demonstrating our ability and commitment to meet the highest standard of cybersecurity.
Last year, Geotab was awarded the world’s largest single-source telematics contract by the GSA Fleet, a division of GSA (General Services Administration), which provides centralized procurement for U.S. federal agencies. Subsequently, Geotab achieved FedRAMP certification and was the first telematics company to receive FIPS 140-2 validation by NIST. In addition, this year Geotab successfully achieved accredited ISO 27001:2013 certification, further underpinning the company’s dedication to following the best practices of information security and its ability to adequately protect company information. The ISO 27001 certification, which audits Geotab and its products worldwide, is essential as it affirms that Geotab is focused on having policies and best practices that help protect the company’s vital assets such as employee and client information, brand image or other private information.
Threats are bound to arise
Additionally, having spent considerable time and effort studying security issues and conversing with other experts, the team at Geotab believes in operating with the mindset that data security is a practice rather than an act. And, because new security threats are bound to arise as technology develops and the complexity of a system grows, an organization that is serious about security will continuously engage with security issues by updating their systems, training employees, refining processes and finding potential vulnerabilities.
It is essential that an organization maintain vigilance at all levels. Internally that means controlling and monitoring employees’ access privileges, logging important operations and making sure all employees are aware of the risks related to their actions. Another key to building security confidence is by safely exposing a telematics system to potential threats. This can be accomplished by performing penetration tests, which are authorized hacking attempts performed by a company specializing in computer security. In a penetration test, the security researcher(s) will attempt to find vulnerabilities in an organization’s hardware and software and, instead of exploiting these vulnerabilities like an actual hacker might, they will document their attack methodology and report their findings to the company. The results of the penetration test should then be acted upon accordingly, whether that requires fixing security holes or changing internal procedures, before malicious agents can exploit those very same vulnerabilities.
Security best practices
Other security best practices for a resilient telematics platform include implementing secure data transfer using data encryption, individualizing security-critical data, enabling hardware code protection, using different security keys for different roles, monitoring metadata, limiting server access through multi-factor authentication, among others.
As vehicles, homes, cities and people become more connected in the ever-expanding datasphere, vigilance is required on every level. Recognizing that analytics—not data alone—is at the core of transformative technologies and innovation, security should be a top priority for every public and private organization, employee, government agency and individual. When we are more aware, educated and committed, we will be empowered and confident to explore both the physical and virtual worlds in which we work, learn and live.
Alan Cawse is the chief security officer and executive vice president of technical services at Geotab Inc., Oakville ON. A member of the team since its inception, Alan has over 28 years of information technology experience. With a strong passion for information technology and software development, Alan oversees Geotab’s Security programs; technical support and its team of engineers; IT operations, including all internal, networks, servers, hosting services and security for Geotab; and all ERP and reseller portal systems.