Describe Gemalto’s operations in the regionWithout even knowing it, almost all of use Gemalto services on a daily basis, the company being a global leader in secure access solutions. Hsin Hau Hanna, VP, Global Marketing Communications discusses how Gemalto is helping secure our increasingly mobile future 

We are a leader in digital security solutions; a lot of that has to do with solutions that run over the servers and that in turn leverage secure personal devices that are there to protect the accessees. It’s different from the usual anti-virus where you are protecting the perimeter of the network. Our solutions are creating the right authenticated access for communications, payment, data access or for physical access of some kind. Basically, our solutions are for creating some kind of authenticated user access. For instance in the region we are doing Electronic Identity Cards, and the systems behind it to manage e-Government services to make sure that people can be properly authenticated and they can maintain their privacy to protect them as well. We also work with mobile service providers that cover 75% of consumers in the region. We also worked with about 30 banks in the region when they migrated to chip cards and now we work with some of the biggest banks in the region including Emirates NBD, Barclays, Standard Chartered and many more.

Discuss some of your solutions in banking and card payments

For banks, we provide them various server services and payment cards so their end customers can have peace of mind as they enjoy the payment services or e-banking and make sure that all the back-end services are well taken care as well. We have many types of solutions in mobile communication; from helping mobile providers send out marketing campaigns to telephones; to setting up mobile payments or for people to use their mobile payments; to enabling people use their smartphones to pay for transport.

We are working with Emirates NBD for their Go4it card, a multi-application card that allows customers to use in in Dubai’s metro system as we all as traditional shopping thus creating more convenience for users in having a single card to use for several different functions. For banks the key is “Top-of-Wallet”, in that whatever you can do, be it an innovative service or marketing; you do what you can do to help consumers have an affiliation with your products that help you push your products better.

What in your opinion sets Gemalto apart from the competition?

What we strive to do is provide a range of security solutions that are convenient to use. Many times security and convenience may seem incompatible with each other. Security applications sometimes means adding layers on top of one another making it very difficult for customers. So we always think of how to make things easy the end result being solutions such as Near Field Communication (NFC). It’s very easy to create consumer friction with people deciding to stop using your services. In the workplace, if you make life too difficult for employees to access the emails or the company account, they may not use it or try for ways around it.

Discuss your solutions for mobile payments and the security protocols around it

People are concerned with the security implications of putting a bank account in a smart phone that is as safe as your own bank card. Gemalto can take your bank credentials and put them in a phone, store it in a tamper-proof place, in this case a sim card and the leverage your payment account and enable you activate it, deactivate it, download it and so on. Within those secure devices, there’s not only secure OS that enable you to run the application, but the one thing that Gemalto has been doing very well is that we have been miniaturizing applications to allow access over smartphones as many of us do not have the luxury to desktops and laptops. The embedded software sitting on those devices is the one doing the authentication.

How can an organization that takes Gemalto as a vendor be able to protect itself from the rising cases of hacking and other security breaches

All organizations need to be able to protect their IT assets; make sure that the right people with the right access have the right credentials. For banks, the database that holds customer information is the most sensitive of all. So you have to be sure that you have all the right security policies and the technology framework around it. The best way is to have a multi-channel and holistic way of looking at all these aspects. It does not take just one breakthrough to compromise the whole system. There are many ways this can be done-you can protect consumers from the back end to make sure their data is not leaked; you can upgrade technology to make sure you are using the latest technology whether they are making card payments, online payments and so on.

If you have high value customers like enterprise customers like company CEOs, make sure you give them two-factor authentication for them whenever they do e-banking so that they are not just logging using their passwords which are inherently insecure.  A bank should offer them a secondary factor such as a one-time password or a secure token to verify who they are. For people who are high value risk, it’s not too much of a hassle to have them have extra security. And that is one thing Gemalto has always advocated with our customers for them to take a layered approach to security. Consider who’s a high value risk and then take a segmented approach to security-basic level of security, increased levels of security, or two-factored authentication because if you put the same level of security for everyone, either you are not addressing everyone sufficiently, you are not investing adequately or you are over-investing as some people do not want to use excessive technology.

With a lot other services being offered on the cloud, is this an area you are focusing on?

We are offering a lot of services over the cloud by using our data centres for things like activating payment for mobile phones from our secure data centres. A lot of our services do not need to be heavily installed in the company’s servers. Mobile payment is a very good example with TSM (Trusted Service Management) where we can for instance take a metro ticket and put it in a smartphone. We can do the same for authentication. If a company wants to authenticate the credentials of their employees, the traditional way was to put a big server on the back-end but now we have customers asking us to help do the authentication on their behalf through our servers and then give their employees the access.

Discuss a specific solution for clients over the cloud

A lot of the small service providers do not have the means to install their own servers especially so they rely on hosted services. SensorLogic, now part of Gemalto is a SaaS, runs over the cloud which customers can use to monitor several applications. An example would be small scale healthcare provider. Healthcare provision is typically much localised and niche and the providers do not have the scale to go global sometimes for regulatory reasons. In that situation, it’s very compelling for them to have a cloud service where they can monitor without the expense of putting up a server. They can use our cloud services to run their M2M monitoring and track their patients. This is a very important area because most of the time you are dealing with very sensitive data in healthcare, not just in the personal health records themselves, but also the billing aspect of it. We have to ensure that this health data is well protected. This is where Gemalto excels bringing services that are not only easy to use but they’ve also got the Gemalto security features as well.

What’s the future of secure access in the region from Gemalto’s perspective?

It’s only the beginning for digital security; this is only the beginning. Millions of people still do not have electronic IDs or passports. eGovernment services are just starting while cell phones are only becoming powerful now. The world is only moving in one direction-more digital interaction.  And when you go digital, not only do you have to authenticate people well, you got to be able to protect transactions well and you also have to protect their privacy well. Security is the functional mirror image of what’s really at stake. What’s at stake is that people trust your service a lot-consumers are fickle, if they don’t trust your service, they won’t use it.

Describe Gemalto’s operations in the region

We are a leader in digital security solutions; a lot of that has to do with solutions that run over the servers and that in turn leverage secure personal devices that are there to protect the accessees. It’s different from the usual anti-virus where you are protecting the perimeter of the network. Our solutions are creating the right authenticated access for communications, payment, data access or for physical access of some kind. Basically, our solutions are for creating some kind of authenticated user access. For instance in the region we are doing Electronic Identity Cards, and the systems behind it to manage e-Government services to make sure that people can be properly authenticated and they can maintain their privacy to protect them as well. We also work with mobile service providers that cover 75% of consumers in the region. We also worked with about 30 banks in the region when they migrated to chip cards and now we work with some of the biggest banks in the region including Emirates NBD, Barclays, Standard Chartered and many more.

Discuss some of your solutions in banking and card payments

For banks, we provide them various server services and payment cards so their end customers can have peace of mind as they enjoy the payment services or e-banking and make sure that all the back-end services are well taken care as well. We have many types of solutions in mobile communication; from helping mobile providers send out marketing campaigns to telephones; to setting up mobile payments or for people to use their mobile payments; to enabling people use their smartphones to pay for transport.

We are working with Emirates NBD for their Go4it card, a multi-application card that allows customers to use in in Dubai’s metro system as we all as traditional shopping thus creating more convenience for users in having a single card to use for several different functions. For banks the key is “Top-of-Wallet”, in that whatever you can do, be it an innovative service or marketing; you do what you can do to help consumers have an affiliation with your products that help you push your products better.

What in your opinion sets Gemalto apart from the competition?

What we strive to do is provide a range of security solutions that are convenient to use. Many times security and convenience may seem incompatible with each other. Security applications sometimes means adding layers on top of one another making it very difficult for customers. So we always think of how to make things easy the end result being solutions such as Near Field Communication (NFC). It’s very easy to create consumer friction with people deciding to stop using your services. In the workplace, if you make life too difficult for employees to access the emails or the company account, they may not use it or try for ways around it.

Discuss your solutions for mobile payments and the security protocols around it

People are concerned with the security implications of putting a bank account in a smart phone that is as safe as your own bank card. Gemalto can take your bank credentials and put them in a phone, store it in a tamper-proof place, in this case a sim card and the leverage your payment account and enable you activate it, deactivate it, download it and so on. Within those secure devices, there’s not only secure OS that enable you to run the application, but the one thing that Gemalto has been doing very well is that we have been miniaturizing applications to allow access over smartphones as many of us do not have the luxury to desktops and laptops. The embedded software sitting on those devices is the one doing the authentication.

How can an organization that takes Gemalto as a vendor be able to protect itself from the rising cases of hacking and other security breaches

All organizations need to be able to protect their IT assets; make sure that the right people with the right access have the right credentials. For banks, the database that holds customer information is the most sensitive of all. So you have to be sure that you have all the right security policies and the technology framework around it. The best way is to have a multi-channel and holistic way of looking at all these aspects. It does not take just one breakthrough to compromise the whole system. There are many ways this can be done-you can protect consumers from the back end to make sure their data is not leaked; you can upgrade technology to make sure you are using the latest technology whether they are making card payments, online payments and so on.

If you have high value customers like enterprise customers like company CEOs, make sure you give them two-factor authentication for them whenever they do e-banking so that they are not just logging using their passwords which are inherently insecure.  A bank should offer them a secondary factor such as a one-time password or a secure token to verify who they are. For people who are high value risk, it’s not too much of a hassle to have them have extra security. And that is one thing Gemalto has always advocated with our customers for them to take a layered approach to security. Consider who’s a high value risk and then take a segmented approach to security-basic level of security, increased levels of security, or two-factored authentication because if you put the same level of security for everyone, either you are not addressing everyone sufficiently, you are not investing adequately or you are over-investing as some people do not want to use excessive technology.

With a lot other services being offered on the cloud, is this an area you are focusing on?

We are offering a lot of services over the cloud by using our data centres for things like activating payment for mobile phones from our secure data centres. A lot of our services do not need to be heavily installed in the company’s servers. Mobile payment is a very good example with TSM (Trusted Service Management) where we can for instance take a metro ticket and put it in a smartphone. We can do the same for authentication. If a company wants to authenticate the credentials of their employees, the traditional way was to put a big server on the back-end but now we have customers asking us to help do the authentication on their behalf through our servers and then give their employees the access.

Discuss a specific solution for clients over the cloud

A lot of the small service providers do not have the means to install their own servers especially so they rely on hosted services. SensorLogic, now part of Gemalto is a SaaS, runs over the cloud which customers can use to monitor several applications. An example would be small scale healthcare provider. Healthcare provision is typically much localised and niche and the providers do not have the scale to go global sometimes for regulatory reasons. In that situation, it’s very compelling for them to have a cloud service where they can monitor without the expense of putting up a server. They can use our cloud services to run their M2M monitoring and track their patients. This is a very important area because most of the time you are dealing with very sensitive data in healthcare, not just in the personal health records themselves, but also the billing aspect of it. We have to ensure that this health data is well protected. This is where Gemalto excels bringing services that are not only easy to use but they’ve also got the Gemalto security features as well.

What’s the future of secure access in the region from Gemalto’s perspective?

It’s only the beginning for digital security; this is only the beginning. Millions of people still do not have electronic IDs or passports. eGovernment services are just starting while cell phones are only becoming powerful now. The world is only moving in one direction-more digital interaction.  And when you go digital, not only do you have to authenticate people well, you got to be able to protect transactions well and you also have to protect their privacy well. Security is the functional mirror image of what’s really at stake. What’s at stake is that people trust your service a lot-consumers are fickle, if they don’t trust your service, they won’t use it.