Now more than ever before, fleet managers have greater access to advanced telematics technologies, devices, applications and all the valuable data it produces. As more information flows from the vehicle through the telematics device to a third party cloud and finally to your backend platform, there are critical contact point all along the way that may be vulnerable to hacking and unauthorized access. So as you start to evaluate service providers and telematics solutions, there are a few key security questions to keep in mind to ensure that data is protected:
1. How is the data secured from the vehicle to backend networks?
Fleet data should be secured by multiple layers of security at different points throughout the solution. CalAmp uses a ‘defense-in-depth’ strategy that secures the data in use, at rest and in transit. It is important that fleet managers understand these various layers, the technologies that that are used and where they overlap to ensure privacy and integrity of their fleet information from end-to-end.
2. How secure is the data flowing between the telematics device and vehicle?
A well-protected telematics solution should offer a secure, one-way (outbound) communications link between the telematics device and the vehicle itself. It is critical to prevent command and control data from being written back into a vehicle’s onboard computers to mitigate the risk of equipment malfunction or loss of data integrity.
3. What security controls are in place to prevent telematics device tampering?
Telematics devices should have additional security controls in place to ensure they cannot be reprogrammed or reconfigured by an unauthorized source. Some industry accepted security controls include Hyper Text Transport Protocol Secure (HTTPS) which encrypts and decrypts your login credentials and SSH, or Secure Shell, that allows you to securely access your hosting account remotely.
4. How is the back-end platform being secured?
The security posture of the back-end platform should be scrutinized to ensure that industry standard, best practices are being used to secure data in use, at rest and in transit. Fleet managers should familiarize themselves with the redundancies that have been put in place to ensure high levels of network availability and be aware of the plans in place that allow for secure fleet deployment scalability.
5. Does the telematics device have a secure construction?
Device construction may be an overlooked factor but it’s important to evaluate the physical security of the telematics device itself. Does it have a tamper resistant housings? Can it be easily concealed in a secure location in the vehicle?
Data security may be a new concept in trucking, fleet management and field force automation but the stakes are high when you consider the potential risks of a data breach at any point along the transmission of data from the vehicle to you backend network. Conducting a thorough review of all the layers of security in your telematics solution and maintaining ongoing diligence will mitigate security risks and allow you to leverage the valuable vehicle and driver data to make more informed decisions and streamline your operations.