LIVE FROM GSMA MOBILE 360 SERIES – PRIVACY & SECURITY: KPN chief information and security officer (CISO) Jaya Baloo (pictured) claimed concern over the security of remote SIMs currently outweighs the potential benefits they offer.

While the CISO sees many advantages to deploying remote SIMs, she is wary of implementing the technology amid worries over “the ability to make it secure and offer a full replacement of what we have now in terms of the assurance we can provide”.

Baloo believes 5G will bring a landscape where SIMs and “hardware trust points” will be replaced by a remote SIM and a focus on software. Such an approach would enable users to easily swap carriers based on their location, because the customer will no longer have to install a SIM card in their device, instead using “funky remote SIMS” capable of being provisioned from afar.

However, “this is a huge area of concern because you really have to get it right”, Baloo said during a panel session covering resilient infrastructure.

Baloo explained the whole handset, rather than just the SIM, would need to be replaced in the event of a massive system failure: “How many operators want to do that?” she asked.

“I’m a big fan of adding features, but not at the cost of privacy and security which should be inherent… if we can’t do that as a primary requirement we shouldn’t do it.”

Industry responsibility
When it comes to providing privacy and security, she believes the industry should give up any expectations of end users educating themselves. Operators should assume users are “clueless teenagers” who will download apps without a thought.

Baloo argued there should be: “no more user awareness, it’s our awareness and we need to work together to build a better ecosystem.”

Fellow panelist David Kruger, VP of business development at communications security software provider Absio Corporation, agreed with the KPN executive.

He said the industry must stop relying on the user to help it, and instead needs to work together to make solutions which are simple to implement, do not interfere with the user experience, and don’t require the user to learn new things.

“The user needs to be able to buy a phone, download an app and know its secure and private and has the right mechanisms in place,” he said.

“If we rely on them to do the right thing we are doomed to fail”.