|By Roger Strukhoff||
|May 27, 2014 01:51 PM EDT||
I am as excited as anyone about the potential of the IoT. But let's step back a second, and think about its security. With trillions and trillions of things deployed in the future, it might be an issue!
I addressed my concerns to Malte Pollmann (pictured below), CEO of Utimaco, who had this to say...
Roger: In the excitement over the Internet of Things, I don't see much talk about security. What are the big issues you see for security? In other words, is the IoT safe, and if not, how can it be safer?
Malte: The security challenges of objects becoming smart, personal and having their own identity are quite similar to the ones we have in the real world.
Once "anything" can play an active role, we want to be sure these "things" have the right identity, and then can be authenticated and the actions they require and initiate can be trusted. Security for the Internet of Things has precisely to care about the security of such identities.
Roger: What can you do to let CISOs ensure their data integrity is maintained and infrastructures immune from successful attack?
Malte: We face a dramatic overhaul of the old production world and systems today. Smart objects and permanent connectivity are creating a great opportunities, but are also source of concern due to hacker threats as well as security of data generated.
Whenever a whole lot of objects interact we see quickly big masses of data - potentially private or at least highly valuable data - being created. Securing the infrastructure and the data within is our core concern and whenever customers are concerned to protect high-value assets they generally turn to state-of the art encryption embedded in hardware security as the ultimate protection.
Our core expertise of hardware security modules of the highest protection class deals solves these problems every day.
Roger: How will security providers address privacy concerns? As a European company, you may have more experience with the EU and its concerns, for example, than in the US.
Malte: Basically every organization and company is somewhere maintaining customer data, not only addresses and invoicing data, but equally usage and support information from their client base. While the EU data protection laws are very strict and require customer consent if data is being processed by someone or somewhere externally - this is a trade-off against IT systems setup and efficiency in many cases.
Data encryption, encrypted transport and storage and ultimate master-key authority, for instance implemented with deployment of certified Hardware Security Modules can help solve this conflict in everybody´s interest and with great operational efficiency.
Roger: What about "back doors"? What sort of entry points should IT management be most concerned about with the IoT?
Malte: As a security vendor and as a company for more than 30 years in the business of protecting high-value assets and infrastructures, we have a clear "no-backdoor" policy and an absolute commitment to ensure that only our customers by themselves have the authority over their own key-material.
Manifold certifications by independent bodies proof this commitment, in addition to our worldwide broad base of loyal customers and our long time in business, never being compromised. So while you should be careful in your technical deployment, use encryption and access-rights management as much as you can, be also very clear and careful in your vendor selection.
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
Sep. 25, 2016 05:15 PM EDT Reads: 1,510
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Sep. 25, 2016 05:00 PM EDT Reads: 1,724
Sep. 25, 2016 04:15 PM EDT Reads: 2,536
Sep. 25, 2016 03:45 PM EDT Reads: 2,350
Sep. 25, 2016 03:15 PM EDT Reads: 4,381
Sep. 25, 2016 03:00 PM EDT Reads: 1,568
Sep. 25, 2016 02:30 PM EDT Reads: 1,508
Sep. 25, 2016 02:15 PM EDT Reads: 1,795
Sep. 25, 2016 02:00 PM EDT Reads: 1,513
Sep. 25, 2016 02:00 PM EDT Reads: 2,598
Sep. 25, 2016 01:00 PM EDT Reads: 825
Sep. 25, 2016 12:45 PM EDT Reads: 2,442
Sep. 25, 2016 12:15 PM EDT Reads: 3,377
Sep. 25, 2016 12:15 PM EDT Reads: 1,106
Sep. 25, 2016 11:45 AM EDT Reads: 1,645