The Merriam-Webster Dictionary defines evolution as, among other things, “a process in which the whole universe is a progression of interrelated phenomena.” On the other hand, revolution is defined as “a sudden, radical, or complete change.” With so many different parts simultaneously in motion, the global communications industry is certainly undergoing radical change; whether change will be “sudden” or a more Darwinian “progression” that preserves the inter-relations of networks is not yet clear.

The mobile broadband (MBB) space, comprised of wireless high-speed internet access from a PC or mobile Internet device (MID) using standards such as GPRS, 3G, WiMAX, LTE UMTS/HSPA, and EV-DO, is particularly dynamic and seems to tilt toward revolution.

In a presentation at the GSMA World Congress in February of 2009, market research firm McKinsey & Company reported that countries with MBB penetration greater than 10 percent achieve incremental GDP growth of 0.6 to 0.7 percent. Growth comes through direct channels such as communications and technology products and services, as well as indirectly through productivity improvements driven by the new technologies and infrastructure.

Keen to drive MBB penetration, MNOs have been upgrading their networks to accommodate the anticipated broadband market and cater to an explosion of consumer and business applications. Telstra, the Australian MNO, has seen revenue from data grow as a percentage of its total retail revenue from 23 percent in 2007 to 38 percent in 2009.

The GSM networks have been evolving their radio access network (RAN) technologies and corresponding speeds as well. The following table lists the GSM RAN access speeds and timelines:

• 2G
  GPRS – 114 kbps – 2000
• 3G
  Wideband CDMA (WCDMA) – 384 kbps – 2001
• 3.5G
  High speed downlink packet access (HSDPA-1) – 3.6 Mbps – 2005
  HSPDA-2 – 14.4 Mbps – 2006
  High speed packet access (HSPA+) – 21-28 Mbps – 2008
  HSPA+ - 42 Mbps – 2009
• 4G
  Long-term evolution (LTE) – 100 Mbps – 2010
  LTE – 1Gbps peak – 2013

MNOs and their customers are realizing the power and benefits of MBB, which gives customers ubiquitous high-speed access to the Internet on the move. Communities and regulators are also realizing that MBB is one of the fastest and most cost-effective ways of rolling out broadband networks, in contrast to fixed broadband roll-outs that depend on customer density, truck-rolls, copper wire penetration and digging for rights-of-way.

MNOs such as Telstra are realizing that by increasing access speed, the newer generation of technology increases data usage and drives revenue growth. Also, the newer generation technologies drive down the cost of transporting the data for the MNO. A cost comparison of different data technologies from Telstra shows that long-term evolution (LTE) is 65 times more cost-effective than the older GPRS technology:

• GPRS = 100% of GPRS
• EDGE = 50% of GPRS
• WCDMA = 10% of GPRS
• HSDPA = 5% of GPRS
• HSPA = 2% of GPRS
• LTE = 1% of GPRS

As of this writing, there are approximately 90 million HSPA subscribers worldwide with projections for 400 million subscribers by 2012. The technology driving the MBB usage by 2012 will be HSPA/HSPA+. This will be followed by greater penetration globally of LTE. Both the GSM and the CDMA class of networks have an evolution path to faster data (e.g. mobile broadband) and both paths lead to LTE as the final technology choice.

In February 2009, Verizon, the US CDMA operator, announced the commercial rollout of its LTE network, beginning in mid-2010. The intended target is a new generation of MIDs with data speeds of 8 – 12 Mbps. AT&T currently plans to run LTE trials in 2010 in select U.S. markets. LTE has the benefit of reduced latency of less than 10 milliseconds across the radio access network compared with 70 milliseconds for older radio access technologies. This reduced latency can support direct voice over IP (VoIP), enabling Skype-like services directly on the handset communicating IP end-to-end with wideband codecs. However, operators deploying LTE do not yet have plans to migrate their voice away from their circuit switched infrastructure.

My calculations suggest this migration will take place once voice service is generating less than 50 percent of the MNOs’ revenue and the benefits of running a single all-IP network become overwhelming. At the rate of current trends, I project this will take place around 2013 for the major MNOs in the U.S.

The migration of MNO networks to offer these high-speed broadband services will put increasing pressure on the existing resources and businesses of fixed and mobile operators and, importantly, on the availability of interconnect services — hubs — that enable cross-network communication and the flow of payments (à la the IPX) for any service that requires global interconnectivity.

Regardless of semantics, change is coming, it’s going to affect every aspect of the industry and it’s moving fast.

Ajay Joseph is CTO of iBasis, responsible for the technical strategy, innovation and engineering of the company’s global telecommunications network and supporting systems. Prior to joining iBasis in 1999, he worked in engineering and design for companies including GTE Internetworking, DeskNet Systems and NYNEX Science & Technology.

In a previous blog post, I detailed VoIP and Internet security threats of which service providers should be aware. In this edition, I will focus on specific preventative measures that service providers should be taking to protect their organizations.

As you may recall, the key categories of VoIP threats are:

• Authentication: Provides assurance of the originator of data
• Integrity: Maintains data quality and protects it from sender to receiver
• Encryption: Ensures confidentiality and protection from disclosure to unauthorized persons
• Non-repudiation of Service: Ensures originator of communications can’t deny having done so later
• Availability of Service: Allows users access to service when they need it

The best defense for a service provider to these threats is to take the following steps, described in detail below:

• Implement a company-wide security policy.
• Create an Incident Response Team.
• Understand and know how to work with external entities.
• Remember the 80:20 rule.
• List and detail the most likely threats.
• Develop system architecture and execution procedures.
• Conduct penetration tests and third party verifiers.

The first step in any defense is to develop and implement a company-wide security policy. The purpose of this is to establish clear “do’s and don’ts” regarding security at various levels and covering physical, IP, VoIP and company information. The importance of security policy and procedures should be communicated across the entire organization and fully backed by the executive management team. The SANS Institute’s “A Short Primer for Developing Security Policies” is a good place to start.

The second step is creating an Incident Response Team (IRT) within the company that reports in to the executive staff, preferably the CEO. The IRT should be a cross-company team (or minimally a dedicated security officer) that serves as the single point of contact for anyone reporting incidents. The IRT should meet on a regular basis to analyze incidents and should be responsible for developing and updating an action plan for tackling threats and interfacing with external authorities. The typical external interface an IRT has is with local police, the FBI, other service provider IRTs and fraud-prevention organizations. Also, several network equipment vendors have developed security task-forces linking their service provider customers for quick interaction and specialized expertise.

In dealing with threats, the 80:20 rule is also very important to keep in mind. Many security manuals are theoretical on what the threats are and the ways to remedy them, a lack of detail that sometimes takes a very costly toll. Instead, it’s important to realize that several of these threats may not be applicable to a particular business you are in, and therefore, you should prioritize based on what is ongoing and most likely to occur. As an example, for a particular VoIP business authentication may be the most likely and damaging threat to margin and reputation, followed by availability of service, and to a lesser degree, confidentiality and non-repudiation attacks. Completely understanding vulnerabilities and weighing the risks is essential to creating the most focused and cost-effective threat prevention effort.

The next step is to have an architect(s) who knows your business network systems and processes list and detail each of the key threats following the 80:20 rule. For example, if authentication is a big potential “security hole,” then the architect needs to understand how this is done and assess potential damage. They should understand how a spoofer assumes the identity of a customer, benefits from transactions and steals money. The architect should also know how to exactly identify the call flows that contribute to these attacks. This exercise will illuminate existing holes, enabling procedures to be developed to seal any breaches, and monitoring activity to be effectively conducted to prevent future occurrences. Also, the architect should check at the business layer to ensure that consistency is maintained in the company’s business transactions to prevent ongoing fraud.

The next step is gaining an understanding of the tools used to seal these vulnerabilities. In the VoIP space, SIP has several mechanisms such as MD5 tokens for authentication, S/MIME for integrity, SRTP for media confidentiality and TLS for signaling security. There are also similar tools for other VoIP protocols including H.323. An excellent reference on the possibilities is available here.

Finally, using third-party security auditors and penetration testers is recommended. Some of the more well-known IT firms offer such services. The work of these groups can go a long way in validating a service provider’s security policies, systems and processes -- especially if done in a controlled and secret fashion – while unveiling any immediate threats and vulnerabilities that exist.

Ajay Joseph is CTO of iBasis, responsible for the technical strategy, innovation and engineering of the company’s global telecommunications network and supporting systems. Prior to joining iBasis in 1999, he worked in engineering and design for companies including GTE Internetworking, DeskNet Systems and NYNEX Science & Technology.

In my previous blog, I wrote about VoIP and Internet security threats. I had planned on continuing that thread in this installment but, considering the state of the economy and its prominence in the news, in this blog I’ve decided to focus on the challenges and opportunities arising during these difficult times. I’ll get back to VoIP security threats in a future installment.

The current financial crisis has seeped into the telco world and is affecting it in several ways. Strained confidence of customers, employees and employers alike is an obvious result. Given current conditions, many projects are being cancelled, delayed or downsized. The impact of this has already been seen with several telcos announcing restructuring plans including lay-offs to reduce over-capacity of labor and the trimming down of capital purchases.

Another challenge being seen currently is one of liquidity. The Telco 2.0 folks have a good thread on this. The credit crunch and the rise in borrowing costs, especially for several large telcos with debt maturing in the 2009-2010 timeframe, will create refinancing risk pressure. Six telcos (Vodafone, DT, FT, Telefonica, BT and Telecom Italia) have around $37 billion euro maturing in 2009 – 2010. Every 100 basis points increase in debt translates to $375 million euro in interest. This may impact cash generation and hence capex spending in order to maintain dividends. Another challenge is in the area of capital markets. Obviously, both venture and private equity financing will be increasingly difficult to come by. The time horizon for IPOs has faded beyond recognition, leading investors to consider other exit strategies with a bias toward selling the asset to established players.

Yet, these same challenges also create opportunities for telcos. The implosion being created by businesses hunkering down and behemoths such as Nortel collapsing — along with the uncertainty the economy creates for employees — has made it much easier for companies to hire top talent. Additionally, assets from VC’s and private equity firms can be monetized by telcos either fully as wholly owned assets or partially via strategic engagements. This funding can be used to develop areas telcos are not willing to tackle on their own right now. This is also a time when institutional investor money is rotating into the telco sector as a defensive mechanism in response to the beating being taken by the other industries.

The fact is, at a time when investor concerns are focused on “leverage,” telcos look relatively conservative. Analyst consensus forecasts show leverage (defined as the ratio of net debt-to-EBITDA) at well below 2.0x for the vast majority of major telcos over the next two years. In some cases (such as China Mobile) companies are sitting on significant net cash positions. In contrast, alternate carriers with private equity-backing such as cable companies carry 4.0x to 7.0x in leverage.

In the consumer and enterprise space the focus has moved to more bandwidth intensive applications and fixed mobile bundles, marked by stabilizing prices. Telcos with both fixed and mobile operations have the scale and geographic reach to deliver these services, particularly when compared to alternate carriers such as cable operators who do not have wide presence, operational scale and are heavily leveraged. This need to cater to high-bandwidth services with the telcos’ assets mentioned above will likely prompt regulators to offer telcos incentives to build out their networks in the longer-term, which in turn could drive up stock prices.

Telcos with the conservative 2.0 x of leverage should consider teaming up with over-the-top players (OTT) such as Google, Amazon, Microsoft, Cisco, Apple, Ebay etc. These companies have negative leverage (net debt / EBITDA) given their strong cash positions, zero debt and innovation potential to unleash new business models and drive growth. There is an opportunity for telcos who are not distracted with the current crisis to partner with these OTT players and transform themselves to create value using their latent assets.

It appears based on this analysis that incumbent telcos, especially those with both fixed and mobile assets, are in a very strong position compared with their private equity backed brethren. So while there is no denying that the economy is down, there is an up side that can present savvy telco operators with opportunities.

Also, what does this mean for telco vendors? Outside of cash laden IP vendors such as Cisco, traditional telco vendors such as Nortel, Lucent, and Ericsson will experience a consolidation in their sector. Pricing pressure along heavy customer support and massive Next Generation mobile network deployments from the Chinese networks using Chinese vendors will ensure the rise of the Asian telco vendors such as Huawei and ZTE.

The implications of these economic trends on Next Generation architectures will be slow but focused, with adoption of IP based technologies enabling lower capital spend, increased operating efficiency and potential for higher revenue growth via newer services.

Ajay Joseph is CTO of iBasis, responsible for the technical strategy, innovation and engineering of the company’s global telecommunications network and supporting systems. Prior to joining iBasis in 1999, he worked in engineering and design for companies including GTE Internetworking, DeskNet Systems and NYNEX Science & Technology.