Why Service Providers Can't Ignore CPaaS Traffic Security

POSTED BY Sam Barker

A continuing debate in the CPaaS market is ‘build vs buy’.

While Juniper Research, in its latest CPaaS research, believes that these decisions must be made on a case-by-case basis, the ability to add in APIs to platforms efficiently has now become a necessity for CPaaS platforms. As an increasing number of SMEs adopt CPaaS services, it is becoming more likely that CPaaS users do not have in-house developers that can create customer APIs; thus, the onus is on the CPaaS platforms to develop them and integrate within their own solutions.

A key component of this movement is the impact upon security. The level of focus on security varies by industry but is certainly increasing. CPaaS platforms are experiencing greater demand for 2FA and MFA traffic. Over the next five years, Juniper Research expects a greater integration with KYC (Know Your Customer) checks in the banking industry to enhance security.

Cybersecurity is becoming an increasingly important matter for enterprises, as messaging is often used for OTPs (One-time Passwords) and verification purposes, as well as the transfer of sensitive information. Juniper Research notes that the most successful conversational commerce vendors will offer their own, in-house cybersecurity solutions. 

While messaging platforms can implement advanced fraud detection methods which accurately detect, block and prevent spam messages from reaching customers, this method is not efficient, as service providers would have to wait for malicious players to act. Instead, Juniper Research believes that service providers must implement advanced anti-fraud detection systems upon development which can then be modified through the use of AI.

Customer expectations are also a driver. Simplification of identity services and identity-driven transactions are likely to be the catalyst for success in terms of which identity solution wins out. However, there is a high probability that a more pragmatic approach utilising best-of-breed options incorporated into a fuller ID Network or ecosystem will offer the requirement for many use cases.

Multiple driving forces are coming together to develop the requirements of identity use cases. Platforms such as CIAM (Customer Identity and Access Management) are morphing into powerful, API-enabled ecosystems, sometimes called ‘ID Networks.’ These so-called ID Networks are designed to have a more fluid approach to sharing identity data – some offering ‘decoupled,’ transaction-led ID interactions for enhanced flexibility and use models. 

ID Networks are based on the idea of ‘connecting the dots’ around use cases. Being API based, the networks draw in the functionality of many of the identity technologies mentioned in the report. A typical system will be based on a controlling component, an IdOE (Identity [Data] Orchestration Engine) which is a multi-functional API. This acts as a central piece to manage the requirements of a service. The service will be based on rules of engagement. These rules reflect the needs at specific junctures in a user journey. For example:
  • The user may be required to have identity attributes verified – the IdOE will call a verification service to perform this function. 
  • The user may be required to choose an existing identity account to federate login – the IdOE will offer a set of optional identity providers. The IdOE will handle protocol translations to allow for a wide choice of federated IDPs. 
  • The user may be required to add attributes to a new or existing identity account or during a transaction (such as banking details) – the IdOE will handle this and verify these additional attributes if requested. This may include checks that cover AML, sanction lists and behavioural monitoring.
  • The user may be required to provide consent across various parts of the user journey pipeline – the IdOE would handle the collection of consents; sharing consent event data (eg log file) with a consent manager.

Related Reading

Our complimentary whitepaper, Moving Beyond SMS: How CPaaS Will Evolve in 2023, identifies key disruptive strategies for CPaaS providers and how platforms can leverage them to differentiate their services from competitors.
“A new study from Juniper Research has found that the value of the CPaaS (Communications Platform-as-a-Service) market will reach $29 billion globally by 2025; rising from $16 billion in 2022. To capitalise on this substantial growth of 80% over the next three years, the report urges CPaaS vendors to focus on the development of managed services over their platforms. These services must enable the creation and management of rich media content over channels such as OTT business messaging, email and social media.”
“Juniper Research’s latest CPaaS (Communications Platform-as-a-Service) research provides a comprehensive assessment of this growing market, featuring a regional analysis and an evaluation of each of the channels that comprise CPaaS offerings.”