Whitepaper: IoT, Turning Defense Into Offense Baz Khuti, Guest Author Imagine the future, you are in 2020, the alarm clock coordinates with your wearable sleep sensor to gently wake you up. Simultaneously, your car reviews the calendar, determining you need to be at the airport in three […]
Today, CIO’s should make the assumption that any outsourced infrastructure will at some point be compromised, if not already. You can’t outsource trust with the complexities offered today or with the people operating those resources on your behalf. Also it’s reasonable to assume your own infrastructure is already compromised or soon will be in the (near) future.
In a paper authored by Matthew Johnson, Guardtime’s CTO, he discusses how to mitigate the threats with the above foundational assumptions, addressing some of the Top Threats, outlined by the CSA’s Top Threat’s Working Group (as surveyed by largely unnamed industry experts from the cloud industry) with a focus on truth, not trust and transparent accountability of the service provider industry.
Two authors have recently raised important ideas on Internet data governance. Microsoft’s Craig Mundie in his recent paper “Privacy Pragmatism” and MIT’s Alex Pentland in a series of academic papers and recent book “Social Physics” both espouse on the need for governance of data usage to ensure both maximum benefit for society as a whole but also maintaining protection for the rights of individuals who actively or passively provide their data. In this blog we will summarize the ideas of both authors and show how it is possible to implement their ideas at the scale needed for modern networked society.
With the emergence of software-defined networks (SDNs), security must become a core component of the network. With 50 billion things scheduled to be connected in a massive “Internet of Everything” the challenges of security can only be addressed by designing security in to the network from the start. Keyless Signature Infrastructure (KSI) does exactly that – by creating attributed networks – networks that provide attribution, auditability and accountability as a core network service.
Up until recently “searching for needles in a haystack” strategy was the only option for IT security calling for layered approach of firewalls, IDS, sandboxes is something that every trained network security and cyber security expert would recommend. There remained one harsh reality however: the odds remain overwhelmingly in favor of the attacker as it only takes one successful breach (needle) for an attacker to succeed. Anything less than 100% success means defeat.That is why despite all the security technologies available in the marketplace an estimated 95% of all enterprise networks remain compromised.
We seem to be struggling to identify a set of way-ahead recommendations that can be differentiated from the past, can be implemented while actually decreasing the insider population, and that provide the only truly sustainable way ahead against insiders: deterrence. While Keyless Signature Infrastructure (KSI) is not a silver bullet against the entire malicious insider problem, it certainly has the aforementioned attributes – and most especially the ability to create strong deterrent effects.
At Davos this year cybersecurity is taking center stage. McKinsey and the WEF published a joint paper estimating the cost of ineffective cybersecurity at three trillion dollars by 2020. Brad Smith, General Counsel of Microsoft stressed the need to respect the legal rules and safeguards, including measures that ensure that the requesting government adheres to established due process standards. The challenge however is not establishing standards for due process. That’s the easy part. The hard part is verifying that those standards are being followed.
The 4V’s of Big Data Infrastructure Crucial for an Enterprises’ Success by Daniel Riedel CEO of New Context You started collecting data before it was called Big Data — you did it because you knew it would help raise revenue and lower cost. Today, big data has […]
With the disclosures by Edward Snowden, the Insider Threat issue has been at the forefront of governments, corporations, and individuals. The industry is sprinting in 2014 to repackage old ideas and offer ‘new’ security solutions focused on detecting and mitigating a malicious Insider’s activity. These often costly ‘solutions’ do not deal with the fundamental problem of Insider-related subjugated or subverted security applications, logging, file, object, configuration, and event reporting systems. How to deal with these issues?