Information Assurance

Archive for the ‘Blog’ Category

President’s Day in Estonia

President’s Day in Estonia. Last week Guardtime Tallinn office was visited by President of Estonia, Mr Toomas Hendrik Ilves. Gustav Poola, Head of Guardtime Estonia gave Mr President a tour in the office where he met with our people. “It’s clear who really runs things around here,” […]

Read more

Whitepaper: Virtualization and Attribution

In this paper, Matthew C. Johnson, Guardtime’s CTO, argues how KSI allows digital assets and virtualized network functions can be attributed allowing for a new model for policy based data governance and paving the way for SLA assurance and a level of service provider accountability and transparency that was previously impossible.

Read more

Heartbleed

Heartbleed is a surprisingly small bug in a piece of logic that relates to OpenSSL’s implementation of the TLS ‘heartbeat’ mechanism. A surprisingly small bug with dire consequences – a tremendous of the security infrastructure is dependent in some way on OpenSSL. And for better or for worse, industry’s reliance on OpenSSL is only increasing.

Read more

KSI and Third Party Verification (TPV) Services

KSI and Third Party Verification (TPV) Services Large scale compromises are having a major financial impact and reliance on third party security services is proving insufficient to protect businesses from legal liability and the consequences of damaged reputations. Target’s recent compromise of over 100MM consumer credit cards […]

Read more

Securing APIs and Operational Data Sources using KSI

If you are a CIO considering opening up your operational data sources via APIs to a developer community then you may well be committing career suicide.

The temptation and commercial pressure is undoubtedly high. Exposing operational data stores to innovation and attracting the worlds top developers to write their killer apps is an excellent pursuit but the security challenges have not been addressed and security vendors, packaging their same old ‘certificate based’ solutions are doing nothing more than putting lipstick on a pig.

Read more

Whitepaper: IoT, Turning Defense Into Offense

Whitepaper: IoT, Turning Defense Into Offense Baz Khuti, Guest Author Imagine the future, you are in 2020, the alarm clock coordinates with your wearable sleep sensor to gently wake you up. Simultaneously, your car reviews the calendar, determining you need to be at the airport in three […]

Read more

Whitepaper: Cloud Insecurity and True Accountability

Today, CIO’s should make the assumption that any outsourced infrastructure will at some point be compromised, if not already. You can’t outsource trust with the complexities offered today or with the people operating those resources on your behalf. Also it’s reasonable to assume your own infrastructure is already compromised or soon will be in the (near) future.

In a paper authored by Matthew Johnson, Guardtime’s CTO, he discusses how to mitigate the threats with the above foundational assumptions, addressing some of the Top Threats, outlined by the CSA’s Top Threat’s Working Group (as surveyed by largely unnamed industry experts from the cloud industry) with a focus on truth, not trust and transparent accountability of the service provider industry.

Read more

Implementing Data Governance at Internet Scale

Two authors have recently raised important ideas on Internet data governance. Microsoft’s Craig Mundie in his recent paper “Privacy Pragmatism” and MIT’s Alex Pentland in a series of academic papers and recent book “Social Physics” both espouse on the need for governance of data usage to ensure both maximum benefit for society as a whole but also maintaining protection for the rights of individuals who actively or passively provide their data. In this blog we will summarize the ideas of both authors and show how it is possible to implement their ideas at the scale needed for modern networked society.

Read more

SDN & IoT: Attributed Software Defined Networks and 50 Billion Machines

With the emergence of software-defined networks (SDNs), security must become a core component of the network. With 50 billion things scheduled to be connected in a massive “Internet of Everything” the challenges of security can only be addressed by designing security in to the network from the start. Keyless Signature Infrastructure (KSI) does exactly that – by creating attributed networks – networks that provide attribution, auditability and accountability as a core network service.

Read more

The Target Compromise: Trust and Verification in Cyberspace

Up until recently “searching for needles in a haystack” strategy was the only option for IT security calling for layered approach of firewalls, IDS, sandboxes is something that every trained network security and cyber security expert would recommend. There remained one harsh reality however: the odds remain overwhelmingly in favor of the attacker as it only takes one successful breach (needle) for an attacker to succeed. Anything less than 100% success means defeat.That is why despite all the security technologies available in the marketplace an estimated 95% of all enterprise networks remain compromised.

Read more