Yesterday’s announcement of Trustonic, a new venture from ARM (the UK-based chip company), Gemalto and Giesecke & Devrient, signaled that industry was finally getting serious about the need for trust built into smart connected devices—just as more and more consumers and corporate users look to conduct commerce or financial transactions on their tablets or smartphones. Trustonic’s formation stands as a validation of the transformational role Trusted Computing will play in the mobile device security of tomorrow.
Wave is an official launch partner, and it’s fitting, as we’ve been one of the most strident advocates for a safer, more trusted computing environment for more than a decade now, since we introduced our EMBedded Application Security SYstem, or EMBASSY solution. EMBASSY included a chip that provided a programmable trusted execution environment (TEE) that securely ran ‘trustlets.’
Recent research has revealed that fewer than half of CIOs test cloud security systems and procedures. At the same time, the survey, conducted by risk consulting firm Protiviti, reported that 84 per cent of respondents were concerned about cyber security.
This reveals a contradiction: why do CIOs care about cyber security, and yet not exercise measures to ensure data safety within the cloud?
A report from the Office of Inspector General confirmed that the Veterans Affairs (VA) Department failed to make good on its hard drive encryption policy, installing and activating only 65,000 of the encryption licenses it bought since its widely publicized data breach in 2006. The breach involved records of 26.5 million active duty troops, veterans and their family members.
The 2006 incident made the VA the poster child for data breach and became the catalyst for new measures to protect Personally Identifiable Information (PII), as well as prompting a slew of laws and regulations in the US and Europe –and now expanding across the globe.
Enterprises are incorporating—and even promoting—the use of social networking applications such as Facebook, Twitter and LinkedIn as a key, if not primary, method for communicating and disseminating information. Indeed, social networking could one day supplant traditional email messaging—in large part owing to its instantaneous one-to-many dissemination feature.
Simultaneously, there’s been a trend to move information to the Cloud. It’s more cost-effective and accessible—but introduces the potential for data exposure, leakage and breach, due to the nascent state of cloud “security.”
It begs the question: What assurances does the enterprise have that documents containing intellectual property or personally identifiable data are actually safe in the Cloud?
Despite the emergence of Advanced Persistent Threats (APTs) software security has consistently failed to detect threats that target the pre-boot stage of the device. However, all is not lost as enterprises have in-built security in their employees’ devices already – it just needs to be activated and managed. Hardware-based security is the most effective way to secure data and is increasingly moving into the mainstream via Windows 8.
For some time, layering security software on top of a device has been the approach that thousands of enterprises (and software security providers) have relied on in their quest to protect information and evade network threats. It’s easy to see why – it’s the approach that’s been sold to them.