Chairman of the Board – 20th anniversary Q&A
Nils Gerhardt, Chairman, GlobalPlatform
As GlobalPlatform approaches its 20th anniversary, Chairman Nils Gerhardt gives his assessment of the organization’s past, present and future.
What do you think is GlobalPlatform’s greatest achievement so far?
Over the past 20 years, GlobalPlatform has become the industry voice promoting a collaborative and open ecosystem where digital services and devices can be trusted. While there are many achievements we could reference here, fundamentally multiple global industries could not function effectively and securely without GlobalPlatform.
Payments, communications (mobile network operation, for example) and secure IoT are just some of the vertical markets that utilize the billions of GlobalPlatform-certified chips and devices as the foundation for interoperability, trust and security.
Which GlobalPlatform technology do you think has had the greatest impact and why?
Secure Element (SE) technology has been around for a substantial amount of time and is widely adopted. We conservatively estimate that 5.5 billion SEs based on GlobalPlatform specifications were deployed in 2017 alone. What’s more, form factors are diversifying and over the last three years, in excess of 1 billion SEs were embedded within mobile devices, based on GlobalPlatform technology.
These figures highlight the importance of GlobalPlatform’s specifications and certification programs, and the central role the organization is playing in enabling the protection of devices and digital service for all markets.
But SEs are obviously not our sole focus. Other technologies, like the Trusted Execution Environment, and initiatives, like Device Trust Architecture, are also gathering significant momentum. Watch this space!
Which sectors do you think GlobalPlatform has added the most value to in the last two decades and why?
Digital banking and payments are a great place to start. SEs have been central to EMV® chip payment cards for years. And, with the diversification of payments, our role in securing devices with TEE technology is now playing a significant role in the proliferation of mobile payments. What’s more, when a secure component is present in a device it can also be used to protect other elements of the payments process, beyond just the data. For example, the TEE also secures biometric sensors for strong customer authentication (SCA) and the trusted user interface (TUI) ensures information displayed to, or entered by, the user is protected and can be trusted.
Connectivity is another area of significant success and I’ll divide this into two areas. First, GlobalPlatform has played a significant role in enabling authenticated connectivity in 2G, 3G and 4G cellular networks using SIMs. Furthermore, our work on remote SIM provisioning in collaboration with GSMA is allowing MNO subscriptions to be securely downloaded to a device dynamically over-the-air (OTA), at any point post-production and when devices are already deployed in the field.
Which sectors do you think will be the biggest source of growth for GlobalPlatform technology in the future?
GlobalPlatform technology can bring huge benefits to the security and interoperability of the consumer and industrial IoT. We currently see quite a fragmented market with varying security requirements, but with incidences of hacking and malware growing exponentially more needs to be done to protect devices, services, data and intellectual property.
Building on this, and my answer to the previous question, lifecycle management is one technology that may not seem glamorous but offers great potential. With secure components live in the field for longer, as with connected vehicles, or in remote locations, the ability to update over the air is essential.
My last, but certainly not least, example is quantum-safe cryptography. With the arrival of quantum computing, many of our existing algorithms will no longer be secure enough. GlobalPlatform will therefore be contributing to new standardization efforts to protect the wide-ranging ecosystems using this technology.
What do you think are the greatest opportunities for the connected device ecosystem today?
There is a big opportunity to align the industry on important pillars of the IoT ecosystem. This includes security-by-design, root of trust, device and network intent, secure device onboarding, attestation, secure lifecycle management and certification. A holistic approach like this has the potential to introduce and promote security across the IoT market.
What do you think are the greatest challenges facing the connected device ecosystem today?
Finding the balance between business competition and collaboration is always challenging, but it is fundamental to enable standardization work to commence early enough. As ecosystems collide, new and existing players need to come together to create a stable and trusted IoT ecosystem that can grow and develop long-term.
As well as this, security certification needs to expand to meet rapidly evolving requirements. We now have a diverse range of devices – from small sensors to mobile phones, industrial machines and cards – and costs and certification timelines need to be acceptable to manufacturers.
It is also important to note that processing the vast amount of data that now exists in our digital economy will only be possible with new secure network structures, including edge computing.
As the IoT continues to grow, how do you think education can help with the creation of secure digital services and devices?
Time and again we see that many companies will only invest in security once they have suffered an incident or breach. While regulation to drive security will undoubtedly increase as IoT grows, in the interim education is invaluable, but will not succeed in isolation. Real world applications and implementations are always more compelling to demonstrate that robust security is possible and economically viable in competitive timelines.
After 20 years of creating fully collaborative and open ecosystems, how do you feel GlobalPlatform will evolve in the future?
For decades to come, GlobalPlatform will continue to evolve and provide a platform for collaboration. Technologies will change but the fundamental challenge of securing the ecosystem while being interoperable will be the same. The immediate focus is for GlobalPlatform to enable security in the IoT market. We are constantly working to develop specifications that facilitate collaborative and open ecosystems, where digital services and devices can be trusted and managed securely, while privacy is supported.
As we go into the future, GlobalPlatform will evolve alongside technology and our technical specifications will be used in many new exciting areas that are yet to come.