Connected vehicles, disconnected security: Why connectivity architecture now matters most

The number of connected cars on our roads today is projected to have exceeded 400 million, and almost every newly manufactured car now embeds connectivity by design, from sensor-based telematics that generate vast streams of data to driver assist technologies that enhance the in-vehicle experience. According to some estimates, the average car will generate roughly 25 gigabytes of data per hour by the end of the decade – that’s the equivalent of streaming more than 11 hours’ worth of Netflix shows in 4k or downloading 12,500 high-resolution photos. Per car, per hour. And this is passive data generation.

Over the last 12 months, I’ve noticed a subtle but significant change in how connected vehicles are being discussed in the industry. What was once positioned as a feature-led evolution, focused on in-car experiences and digital services in the pursuit of monetization and delivering better user experiences, is now being treated as something far more structural and systemic. For one, data portability is gaining traction across both the EU and the US, giving individuals greater control over how their data is accessed, shared and reused, including data generated by their vehicles. At the same time, connectivity is becoming the default. That combination of greater user control and near-universal connectivity is forcing a rethink of how data moves, who can access it and what responsibilities come with that access – and that rethink is now long overdue.

What stands out to me is that much of the industry’s attention is still focused on value capture. Automakers, platform providers and third-party developers are all competing to position themselves closer to the data, often with the consent of the vehicle owner shaping how those relationships evolve. But alongside that runs an even greater challenge – every new integration between a vehicle platform, a cloud service, an analytics engine or an application creates another pathway into the ecosystem. And those pathways are rarely direct or contained. Depending on operator choices and third-party network services, data moves across multiple public and private networks, providers and environments, often without a clear line of sight into how it is routed or where it is exposed along the way. Vehicles now have more in common with our laptops than they do our old Ford Fiestas, and that’s creating a set of predictable challenges. “Who owns the data” is only one side of the coin. The other is whether our connectivity architecture can support real-time data exchange in a way that is consistent, secure and controllable at scale.

Connected vehicles are an ecosystem, not a product

When a manufacturer or retailer sells a connected vehicle, the deal doesn’t stop there. A modern car no longer operates in isolation. Instead, it sits at the center of an ecosystem that includes mobile networks, cloud platforms, subscriptions, analytics providers, mapping services and an expanding universe of both paid and unpaid third-party applications. Data flows constantly between these environments, supporting everything from navigation and infotainment to predictive maintenance and advanced driver assistance. In most cases, those interactions are happening in real time, with decisions and updates being made based on inputs that extend far beyond the vehicle itself.

That level of integration is creating some exciting new opportunities for monetization, but also introduces complexity that is becoming increasingly difficult to navigate. Each connection between systems represents a dependency, and each dependency brings its own architecture, assumptions and risk profile. What looks like a seamless user experience on the surface is often supported by a chain of interactions that spans multiple providers and geographies. The challenge for CIOs is that, like running a multi-national business with countless suppliers, vendors and partners, the boundaries of that system are no longer clearly defined. The vehicle is only one component in a much larger environment and understanding how those components interact will be essential as we move forward.

Fragmented connectivity creates fragmented security

As these ecosystems expand, the way data moves between them becomes harder to predict. In many of the environments I’ve looked at, vehicle data doesn’t follow a single, optimized path from source to destination. It traverses mobile networks, cloud regions, third-party platforms and back again, often crossing multiple administrative and geographic boundaries along the way. Much of that traffic still relies on the public Internet or indirect routing between providers, where visibility is limited and control is minimal. On paper, each individual connection may be secured, encrypted and compliant. In practice, however, the end-to-end journey of that data can be anything but transparent.

That creates a gap between how security is designed and how these systems actually behave. Traditional approaches tend to focus on protecting endpoints, applications or specific environments, assuming that the pathways between them are either trusted or at least well understood – but in a connected vehicle ecosystem, that assumption is borderline dangerous. When data exchange is spread across dozens of loosely connected pathways, it becomes difficult to apply consistent policies, monitor behavior in real time or even identify where potential exposure exists. Small inefficiencies, such as latency, packet loss or inconsistent routing, don’t just affect performance; they erode confidence in the integrity of the system itself. Over time, that fragmentation turns into a structural issue, where security posture varies depending on how and where traffic happens to flow, rather than being enforced in a uniform and predictable way.

Architecture is the control plane for security

This is where I see the conversation starting to change. Security in these environments can’t be treated as a layer that sits on top of connectivity, as it does in traditional business environments. It has to be shaped by the connectivity itself. When data is constantly moving between vehicles, cloud platforms and third-party services, the real point of control doesn’t sit at the application layer or endpoint, but on the path data takes between them. If those paths are opaque, indirect or constantly changing, then applying consistent security controls becomes an impossible task. What more forward-looking organizations are doing is treating network architecture itself as the foundation of their security model. They’re being more deliberate about where data is exchanged, how it is routed and which environments are allowed to interact directly with one another. So, instead of relying heavily on the public Internet or loosely defined interconnections, there’s now a growing emphasis on creating controlled exchange points where traffic can be managed with greater visibility and consistency. When data flows through known, vendor-neutral nodes, it becomes much easier to enforce policy, monitor behavior and reduce unnecessary exposure – not to mention the added connectivity improvements where performance and redundancy are concerned.

What this all points to is a complete reevaluation of how vehicles are defined and understood. They aren’t standalone products anymore, and they’re no longer defined solely by the hardware or software that leaves the factory floor. They’re part of a living, distributed digital infrastructure that extends across networks, cloud environments and third-party platforms, all of which contribute to how the vehicle performs over time. As data portability accelerates and integrations deepen, that infrastructure will only become more interconnected, with more participants contributing to the overall experience. The opportunity is significant, but so is the exposure, particularly when the underlying pathways remain fragmented or difficult to control.

For CIOs, this creates a different kind of responsibility – in the auto industry, yes, but also further afield. It’s no longer enough to secure individual systems or vet direct suppliers. The focus has to expand to include how data moves across the entire ecosystem, how dependencies are structured and how disruption in one part of the network might ripple across others. This is where interconnection starts to play a more defining role. By bringing networks, cloud platforms and service providers together at neutral Internet Exchanges (IXs), organizations can create more controlled, transparent environments for data exchange, rather than relying on indirect and unpredictable routing across the public Internet. That shift enables greater visibility into traffic flows, more consistent application of security policies and a reduction in unnecessary exposure points. At an industry level, it reflects a growing recognition that connectivity is not just a transport layer, but a strategic control point for security and performance. As vehicles continue to evolve into data-driven platforms, the ability to design and manage those interconnections will become central to how security, resilience and trust are delivered at scale.

This article is published as part of the Foundry Expert Contributor Network. Want to join?