‘IT security has for too long been based on a band-aid approach’

5 Jun 2020

Martin Giess. Image: Emnify

Emnify co-founder and CTO Martin Giess discusses cellular IoT and why traditional approaches to security may be overdue a rethink.

Martin Giess is the CTO of Emnify, a German SaaS company serving customers in the cellular IoT space. He co-founded the business in 2014 with CEO Frank Stoecker and VP of carrier relations and roaming Alexander Schebler, after working together for 15 years in the telecoms industry.

Here, Giess discusses the importance of investing in teams for the long term and prioritising robust security.

‘The challenge for us is to recognise early what sector cellular IoT connectivity can transform next’

Tell us about your own role and your responsibilities in driving tech strategy.

As Emnify’s CTO, I oversee the R&D activities to build the underlying technology stack that drives Emnify’s product vision. This includes daily work with our product managers, engineering teams and customers to discuss new ideas, try out new things, run research spikes, review our different product backlogs and iterate over user stories to drive a continuous stream of product increments that meet our customer requirements and drive our long-term product vision.

Our main mission is the democratisation of mobile networks, removing the constraints of a telecoms industry traditionally driven by a closed garden model.

The internet of everything is the main driver for future growth and is purely mobile. I believe only an underlying infrastructure that comes with very high flexibility, total automation, observability and global scalability enabling enterprises to create mobile networks tailored to their needs will allow successful and sustainable business models in this space.

Are you spearheading any major product or IT initiatives you can tell us about?

When we founded the company – which enables cellular IoT connectivity on a global basis – we believed that it was time to apply the cloud service model to IoT connectivity and to the underlying core network services.

In 2014, we were the first company to run a 100pc cloud-native mobile core network supporting 2G and 3G and LTE on AWS. Since then, we have seen great adoption of our model in the industry: the concept of infrastructure as a service has been proven not only as a viable model for such mission critical components but, furthermore, the savings in operations and support efforts are significant and the greatly reduced time-to-market for new services is a driver for telecom operators and communication service providers to choose our platform.

While IoT applications also moved onto cloud infrastructure at the same time, our priority was to make IoT connectivity a cloud-native resource that is integrated, managed and sourced in the same way as computer resources. This may sound obvious, but typically connectivity is still managed today outside of the cloud, with low integration that also opens all kinds of security vulnerabilities.

By bringing it inside, where customers are already running their applications on the likes of AWS or Microsoft Azure or Google Compute Engine, we create an airtight, secure environment that prioritises ease of access, management and integration of cellular connectivity.

Improved observability by advanced tracking and tracing capabilities leads to much deeper understanding of security threats and countermeasures can be implemented in an agile way on software-defined network infrastructure. Our objective today remains to make this as easy as any other cloud integration would be. This is an ongoing initiative.

How big is your team? Do you outsource where possible?

Since 2014, we have grown from a three-person founding team to a company with over 100 employees across Europe and Asia. On the technical side, we have 40 people working across technology, technical strategy and engineering roles. We are actively hiring and currently have 20 open positions across the business, including multiple technical roles.

We generally don’t outsource our business-critical core network components as it is hard to find engineers who are deeply experienced in telecoms and cloud technology at the same time, so we have our educational programme and we believe in work in long-term, high-performing teams of engineers working as peers.

What are your thoughts on digital transformation and how are you addressing it?

We view the IoT as one of the key digital transformation technologies. As more and more connected devices emerge, the opportunity to transform digitally extends to businesses and industries that previously were excluded from digitisation.

We see this in the diversity of our customer base – from early adopters of IoT connectivity in fleet management and logistics to more recent converts such as hospitality, agriculture, waste removal, healthcare and even some unexpected sectors, such as pest control.

The challenge for us is to recognise early what sector cellular IoT connectivity can transform next.

What  big tech trends do you believe are changing the world and your industry specifically?

With the advent of the first consumer 5G phones, people are currently very focused on the impressive increased bandwidth and lower latency, while the killer applications for that must still be found. For the IoT, 5G can enable new business cases and device types due to improvements in power consumption, opening the possibility to design miniaturised, connected devices that can run from one battery for many years.

The deployment of intelligent sensors and remote robotic actuators everywhere in our environment will be massive, not comparable to anything we have seen so far. The high density of up to 1m devices per sq km supported by 5G is essential for that. This way, the physical world and its virtual representation will converge completely at some point in the future.

In terms of security, what are your thoughts on how we can better protect data?

IT security has for too long been based on a band-aid approach: generations of band-aids are what hold together established IT infrastructure, including product updates, virus scanners and security patches. New fixes on old vulnerabilities, again and again, one on top of the other.

Rather than continually repairing security flaws, we are in the industry of creating completely new technologies that are security-first. In the world of cellular IoT connectivity, our security concerns are primarily related to protecting connected IoT devices from external interference. Mirai attacks reportedly increased in 2019 and businesses worldwide spent $1.5bn on IoT security in 2018.

When it comes to connecting devices via cellular IoT and creating an IoT network for a business use case, the selling point is typically the data and derived insights the network will produce and what real-time value that will offer.

It is easy to get carried away by what is a fascinating sector with unlimited potential and opportunity. A consequence of this excitement is that security is often overlooked. But IoT solution providers not taking a security-first approach are risking significant revenue and reputation loss in the event of a security breach – both for their own business as well as their customer’s business.

In the worst cases, the harm done from one single security breach will far outweigh any previously created customer value.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.