From the very start of the digital revolution in the automotive industry back in 1986, when the German company Robert Bosch GmbH presented the world’s first network protocol for communication between the electronic components of a vehicle – the Controller Area Network (CAN) – up to the latest electric vehicles (EVs) as the primary future means of smart, efficient and green transportation, security has been paramount to telematics and fleet management service (FMS) providers.
The diversity of the telematics ecosystem with all its stakeholders, applied technologies, communication channels and data being exchanged online requires a holistic approach to security. A rapidly increasing number of interfaces, controllers and mobile connectivity is enlarging the attack surface of vehicles, while any sort of connection – from a cellular modem in a telematics terminal to any infotainment box – can be targeted to compromise a vehicle or its infrastructure.
Security layers in FMS solutions
There are multiple layers of security that FMS providers need to ensure are present in their solutions. When business owners are selecting a solution, they need to know that FMS providers can guarantee that any technology added to the fleet will keep vehicle assets safe and secure. A security-conscious FMS provider should be able to offer:
- A complete analysis of the physical and digital security of internal and external interfaces, both wired and wireless, as well as physical access, control and maintenance services.
- Guaranteed application security, with exhaustive static and dynamic analysis of the FMS application source code, controller and telematics terminal security. This is crucial in order to assess the ability of bad actors to bypass authentication and authorization procedures, raise privileges and bypass security controls or fraud detection features.
- A thorough analysis of the interface of cloud-based systems with telematics, focusing in particular on the security levels of data centers and the ways that data backup and redundancy are managed.
- Advanced security analysis of each vehicle’s external communication channels, including all mobile frequency bands from 2G to 5G, WiFi, and Bluetooth.
- Strict adherence to data privacy regulations such as GDPR in Europe and automotive tracking guidelines such as AIS 140 in India, with a clear understanding of the value of protecting commercial and personal data.
SaaS: the solution for holistic telematics security
The above checklist represents the ideal scenario, but surely that level of security and diligence comes with a hefty price tag? Fortunately, FMS providers that offer SaaS (Software as a Service) solutions for vehicle telematics provide an opportunity for micro, small and medium business (MSMB) fleet owners to avail the advantages of technology without having all the overhead associated with an in-house IT setup and its associated security requirements. Even a single vehicle owner can easily access the heartbeat of their asset by using a web browser or mobile app. Industry standard SaaS solutions come bundled with necessary security requirements, whether for data in storage, in transit or for user access.
SaaS software solutions can be easily integrated with Enterprise Resource Planning (ERP) solutions through application programming interfaces (API) providing all necessary information in a single solution. As MSMBs grow in business volume, they need not worry about the scalability of SaaS solutions since they are capable of integrating with their evolving ERP landscape. Cloud hosting of these solutions also ensures that not only are they secure today, but they stay agile to adapt to the evolving security requirements of the automotive industry and beyond.
Tips for FMS providers:
The true test of a versatile secured system is to ensure that business dynamics are managed efficiently while staying within security requirements. Industry standard SaaS solutions come equipped with the flexibility required. Some of the advantages of a SaaS solution are:
- URL link-based sharing of vehicle with parties outside the organization. In situations that involve contracting vehicles for jobs, the ability to share telematics information for a specified time (e.g., few hours) through a secured link enables operators to share data without compromising on security.
- Project/ Joint ventures (JV) specific access is needed for vehicles contributed by both parties. In project-driven industries like construction and mining, vehicles are often contributed by different parties at various life stages of the project. During this period, comprehensive access is needed by the project team. Industry standard SaaS solutions come with multi-tier access controls and flexibility to tag vehicle units into groups, which enables information sharing with required project personnel on a need-to-know basis.
- SaaS platforms are modular in nature, which enables multiple sensor integration catering to various aspects of operating cost (e.g., diesel, tyre, temperature, load etc.) or business requirements (container door lock, surveillance cameras etc.). This enables the security framework of the solution to roll up and cover this under a uniform standard without the need for solution-specific security investments.
When it comes to fleet security in a landscape of applications, interfaces and communication technologies that is becoming ever more complex, industry-standard SaaS FMS solutions that satisfy the security requirements described above have a clear advantage. Suitable for enterprises of all sizes, SaaS solutions offer a truly holistic approach to security.
Jens Strohschneider, Chief Commercial Officer at Omnicomm International is telecommunication, business development and sales leader with a long track record of software and technology projects in Russia successfully launched to international marketplaces. He focuses on the development of new telecommunications and telematics services, in particular Internet Multimedia Services (IMS), Location Based Services (LBS), mobile Value Added Services (mVAS), and the Internet of Things (IoT).
Nilesh Jain is CA with an MBA (Gold Medalist), CIMA (UK) and currently is Director at iTrade Telematics Pvt Ltd (email@example.com). He has 18 years of experience providing technology solutions across the globe with comapnies like Infosys etc.
Published in Telematics Wire