Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era"

Transcription

1 Sponsored by Oracle Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era

2 Introduction About Survey Respondents The Internet of Things (IoT) and the rise of a machine-to-machine (M2M) ecosystem have been long anticipated. As this ecosystem converges with major trends like cloud computing and big data, businesses need to be prepared to securely address the new wave of connected intelligent device and protect the data that comes with them. To help better understand the realities of security in this coming wave, Beecham Research has analyzed the relevant results of its recent research survey conducted for Oracle of the M2M/IoT market. This analysis of security concerns and methods for the IoT era are enhanced by additional recent studies that Beecham Research has been executing, and focus on some key points: Responses from 193 market players were received over a 10 day period. The breakdown of their business unit s primary role in the M2M/IoT market were as follows: How important is a systems approach in securing any IoT program? How are the latest principles of security for IoT affecting program successes? What are the best practices in strongly securing devices, data, identity and more? If innovation is key to differentiation, how do you deliver innovation without compromising on security, which is often paramount? What are the impacts on device manufacturers and ISV s? More cost or more opportunity? These types of questions required respondents to have detailed knowledge of and experience with the M2M/IoT market, with a particular focus on the connected devices themselves and the expected trends for those devices. As a result, the survey was aimed at market players rather than enterprise users. Source Beecham Research Business Unit Primary Role in M2M/IoT At 41% of the total, there was a particular focus on Product Design/Manufacture and this was made up from a combination of products running user applications and communication hardware devices used for the network connection. In addition there was good representation from Service Providers (12%), ISV/Application Developers (19%) and Solution Providers/Integrators (17%). Network Operators (9%) are an essential part of the connected devices market and were also represented. In addition, in view of the more technical nature of the research objectives, the split between Technical (62%) and Business (38%) roles of the respondents themselves was weighted towards technical but with a suitable business input. A further parameter of interest was the key regional markets served by respondents business units. The largest score to this was Europe, followed closely by North America. AsiaPacific also scored more than 50% of the vote. These findings about security from the survey were presented and discussed in a webinar on November 12, Follow this link to access the recording of the webinar. This white paper is intended to accompany the webinar and to summarize the key points on the role of security. Copyright Beecham Research Ltd. All rights reserved. 1

3 Security Needs & Threats Top Requirements for Connected Devices Projects The first key question put to respondents asked them to select their top two requirements for projects involving applications embedded in connected devices at the network edge. These were as follows: Security There is a growing trend of increased and more widespread threats to security throughout the M2M/IoT ecosystem. In the device domain, the attacks on embedded devices include installation of malware and stealing of sensitive data. Recent examples of security breaches at the device level in the automotive sector have ranged from vehicle odometer fraud, to remote vehicle control, to location tracking. Flexibility - Device use across Sectors Cost - Bill of Material New value-adding Services Reliability/ Time in-market Time to Market Developer Ecosystem Source Beecham Research 0% Security needs are often classified into the three separate domains of Devices, Networks and Services. This separation helps ecosystem players to understand where their security needs are emerging from and to categorize many of the threats to their operations. There are interplays between these domains across the various trust boundaries and these interplays also need to be considered. 10% 20% 30% 40% 50% 60% Top Requirements for Connected Devices Projects In line with other recent surveys, security was seen as the top requirement. Security has rapidly gained in importance in the market over the last two years as companies begin to use their M2M/IoT solutions for business-critical activities and to share M2M/IoT data more widely across the enterprise. In the network domain, connected devices are already subject to eavesdropping of network traffic and identity spoofing of the devices and related servers. Beecham have seen use of the well-known SQL injection types of attacks in M2M/IoT networks, where wireless connections have been exploited to prompt databases to expose secrets. Data attacks that aim to abuse business logic are proliferating in the services domain. Threats include the subversion of maintenance interfaces for systems of connected devices to gain control, gain information or deny service. Oracle has a holistic view of security generally and multiple touch points across the supply chain. There is device security from small sensors out on the edge, or gateways. Network security what is being transported over the network. As well as the services or applications that are running on the devices, and may in part also be running on the back-end, the interplay between security issues in devices, networks and services needs to be evaluated across trust boundaries. Looking at topology and deployment, there is a need to secure data from enterprise data centers, across networks, and right out to the edge. Copyright 2013 Beecham Research Ltd. All rights reserved. 2

4 Systems Approach To Security Securing IoT programs is recognized to be a complex activity requiring a Systems Approach even by those focused on a limited area of the supply chain. However the IoT security supply chain spans areas from the heart of the connected device, in hardware protection through to embedded applications, via many layers to integration with Enterprise IT Systems. Source Beecham Research One driver for that systems approach throughout the security supply chain is the increasing need to match the requirements of the business, the verticals and the M2M/IoT business models. Isolated solutions customized for a limited area of the supply chain run the risk of creating a mismatch with those needs. Collaborations enabling the systems approach to security such as those between Enterprise IT experts and embedded device developers are proving valuable to the delivery of balance between the elements of security. As another aspect of the systems approach, it is increasingly common for M2M/IoT programs to be implemented using an end-to-end security approach. This helps ensure that the solutions move beyond just the required balance between elements of security. It also ensures secure interactions at the boundaries between sections of the overall M2M/IoT supply chain. M2M/IoT brings new challenges to everyone in the value chain. For device and API security it is critical to strengthen security with device fingerprinting and device context-based authentication and authorization. This can mean that before devices communicate with a backend service they need to be securely authenticated, often without requiring any human intervention. Enterprises can improve their compliance and lower their TCO by extending their existing access and identity management services to embedded devices. Risk mitigation and analysis is also a challenge for organizations developing their IoT strategy. Oracle s approach to risk mitigation and management applies from the edge to the enterprise enabling comprehensive security solutions across all 3 domains. Organizations need to consider identity federation and social integration. As this covers services on M2M/IoT platforms, there is also a need to consider the integration and impact of social data (such as Twitter, Facebook) that will also be integrated into devices and IoT services. Identity authentication must extend to third party applications, which will either feed on information from the devices and/or send messages to the devices. Copyright 2013 Beecham Research Ltd. All rights reserved. 3

5 Latest Security Principles & Defending Devices Best Practices for Strongly Securing IoT Solutions A few key principles of security are affecting M2M/IoT program successes. Right-sizing security capabilities are gaining a central role to address the threats but also control costs and the viability of the M2M/IoT business model. Thought leaders are recognizing the need to balance applications security and protect the various internal and external security boundaries. This survey and other recent studies by Beecham Research have investigated best practices in strongly securing devices, data, identity and more. Focusing on the use of Smart Cards and SIMs reveals a history of connected devices success in this area. In our survey the expectation that security in edge devices would increase over the next few years was supported by 74% of the respondents, with only 10% believing it would not. This reflects the growing concern about tamper-proofing of devices. Don't Know 16% The use of such technologies is now extending, as new directions for security are taken in M2M/IoT. The expansion to wider protection at both application platform level and at the embedded systems level is a strong trend. Such extensions of security include support for secure updates, changes of connections etc for high volumes of devices and their connections. These capabilities enable the setting of trust contracts that are maintained. One technology that is a promising enabler for the future is the range of embedded Secure element (ese) solutions. No 10% Yes 74% Source Beecham Research Regarding tamper-proofing of devices, there is a need to ensure that attackers cannot change functionalities, reboot the system, or have access to flash memory. Among other concerns are to prevent them installing malware on devices and signing application code. It is essential to protect data at rest against theft through disclosure, or modification. From a hardware point of view there are some threats that are more difficult that the industry will be looking closely at: Can someone change the device or limit access by either over or under delivering voltage to the device? Can they power on or power off something remotely? Using parameters that are outside the control of the device to change it, such as changing its temperature. One key feature of strong security protection, the need for identity management associated with connected devices at the network edge, was seen by the overwhelming majority of surveyed organizations as being necessary. An increase is expected by 94% with no answers indicating any decrease. Our research has identified an increasing need for protection of personal information in M2M/IoT solutions. We are seeing early moves towards M2M/IoT adoption of connected consumers and the related needs to defend consumer data, identity and privacy. On the network side, Oracle believes that non-repudiation is key, making absolutely sure that the devices that are trying to connect and communicate should be doing so, using methods like mutual authentication, the use of digital signatures, and identity authentication. Oracle also recognizes the need for protection of the data in motion over the Internet, ensuring that it cannot be accessed or modified by unauthorized users. And the protections that are required for normal IP network security issues, like man in the middle attacks, apply to IoT systems as well. On the services side, Oracle examines the different threats and then how those can be addressed. For example, business logic, where the device is required to behave in a certain way and execute code and the commands that were programmed in. Through the use of monitoring and logging in Java, you can make sure that devices are actually working as expected. There is also an ability to do after the fact analysis and troubleshooting of failures and crashes. Availability is also critical. Customers expect that the services are always available and are able to provide the function on demand. You may not consider these things from a security perspective but clustering, performance and heuristics, which enable an application and a service on a device to run 24x7 or meet the designed Copyright 2013 Beecham Research Ltd. All rights reserved. 4

6 SLA, are important. If there is a threat that brings that service down, there is a need to ensure that service will run elsewhere in parallel, and that there is a fail-over to another device. Innovation Without Security Compromise Innovation is seen by many as the key to differentiation in the M2M/IoT ecosystem. Delivering the necessary security in the current growth phase where innovations of M2M/IoT devices and services are accelerating brings challenges. Both M2M/ IoT device manufacturers and service providers need an easier route to secure solutions. Adopting development environments that deliver security by default and moving away from potentially insecure native developments can deliver many of those required results. Capabilities such as the Java sandbox and the related execution in a controlled environment are leading examples of this. Implementing device and client specific security policies, such as those available in Oracle s Java ME Embedded, are of immediate interest to current M2M/IoT market players for defense against malware compromises between apps. Such embedded capabilities are also valuable for security in future M2M/IoT multi-tenancy scenarios. These types of integrated embedded security capabilities are a clear market trend, not least in the security strategies of device enablers such as ARM Holdings. Additionally, there is also the example of the One Box IoT gateway platform from Freescale that features Oracle s Java Embedded software. These features contribute to developers having the ability to increase the security level or reduce the amount of custom implementation or integration that they have to do themselves. One key advantage is that this is not an all or nothing model, it is possible to pick and choose the things that are applicable or are convenient to use with Java, with the use increasing over time. They are not mutually exclusive. Take secure socket support as an example. PKI based communications support between devices and services is available with Java out of the box. Signed software is another example. JAR signatures protect, so the software is and remains as the developer intended. A further example is the verifiable code feature, which enables debugging of the code and understanding problems prior to putting that code into production. Just having standard communications methods built into the software has relevant advantages. For example the support for RESTful services and JAX-RS are examples of integration available in the Java platform. The developer not having to implement this themselves reduces the chances of getting it wrong or introducing bugs during development. The Java platform is built on the OpenJDK platform, a full open source environment, so the platform is standards based and developed in the open. It is therefore available for people who either want to take it and extend it themselves or want to have the peace of mind that the platform is out there and will be supported for some time. Many of the features needed for a systems approach to securing IoTprojects have been in the Java platform for quite some time. Largely on the Enterprise side these are taken for granted. From an embedded perspective, embedded developers are not as aware of the security related features within Java and what they can provide. As noted by Oracle, there are 10 security features that have been within the standard Java platform for quite some time, as follows: Java Cryptographic Architecture Web Compatible Verifiable Code Secure Sockets Signed Software Compatible Products Open Source Unified Logging Re-use tested code Support available Copyright 2013 Beecham Research Ltd. All rights reserved. 5

7 Opportunities Emerging Summary Our survey and related studies looked into the opportunities emerging from security in M2M/IoT. The impacts on device manufacturers and ISVs are emerging more as opportunities rather than costs, as outlined below. Security is at last moving away from its image as a necessary but resented cost. There is a wide range of these opportunities emerging, as illustrated by the following. As noted earlier, respondents identified security as their top requirement for connected device projects. With more real time decision making and data analysis at the edge, it is perhaps not surprising that three quarters of respondents also expected the need for security to increase in edge devices. As well as this, respondents were also asked if they saw the need for identity management associated with connected devices at the network edge to change. 94% expected this to increase, with the remainder expecting it to stay the same. Nobody expected it to decrease. Many opportunities are emerging for combining the strengths of Enterprise IT security teams and the advanced M2M/IoT security capabilities that are coming available. Rewards through increased market share are expected as security becomes a must-have in M2M/IoT solution procurement. IoT device manufacturers can gain market leadership through use of integrated, embedded security capabilities. We are also seeing the potential for emergence of Security as a Service markets based on standardized embedded security capabilities in M2M/IoT devices and solutions. It is clear that security is critical in M2M/IoT and there are benefits to the current widespread awareness of the important role that security plays. A company s ability to securely integrate devices and to apply the right level of security will open up their ability to provide services for a specific industry. Healthcare for example, will have different degrees of security than Home Automation. You have to be able to understand the market that you are developing a service for, and then understand and build the right level of security that is applicable for that market. Java ranks very highly against these security requirements as it was built with security in mind. From its sandbox security model to its support for advanced data encryption and identity management, Oracle is well positioned to support end to end M2M/IoT security. Everyone is excited about the M2M/IoT opportunity, and Oracle believes that Java can provide a very strong building block and foundation for organizations, not only when they are considering security, but when they are considering a development platform for their organization, moving forward into M2M/IoT. Java has been around for quite some time and it does span the range from devices, to network support, to backend service, as well as the services that will be deployed on them. Companies ability to develop software, to have that software be versioned, deployed, managed across a large environment is key, and Java has the ability to provide such functionality and flexibility. It is important to note that Oracle is investing significant time, money and resources into the platform, into partnerships and the ecosystem to ensure that all the way across the value chain, the benefits of Java can be embraced to provide a very solid platform for M2M/IoT. Combining that with Oracle s technology stack, such as what has already been delivered for identity management, represents a very strong offering that can help organizations overcome some of these security challenges. If you can get this security story correct, and you can build it into your platform from day one, then you will have competitive advantage going into that market. There will be a minimum requirement for security in every industry, and they will vary by industry. Your ability to build that into your offering at the right level for that industry should lead to tremendous success. Copyright 2013 Beecham Research Ltd. All rights reserved. 6

8 About Beecham Research Beecham Research is a leading market analyst and consulting firm that has specialized in the development of the rapidly-growing M2M/Internet of Things market worldwide for over a decade, since Based in Cambridge UK and in Boston US, we actively participate in initiatives aimed at achieving M2M market development and growth. Recent research has included two market-leading and widely supported studies on M2M Cloud-Based Platform Services and a study of the worldwide Satellite M2M market contracted by the European Space Agency. Ongoing research includes new business models for the Internet of Things, Smart Cities, ehealth and a particular expertise in Wearable Technology as it applies to IoT. A particular specialty is primary research surveys involving users (adopters) and market players worldwide, in multiple languages. Contact us at: Website: Tel: +44 (0) Fax: +44 (0) M2M blog at: Copyright 2013 Beecham Research Ltd. All rights reserved. 7

Research Report: Designing an M2M Platform For The Connected World

Research Report: Designing an M2M Platform For The Connected World Sponsored by Oracle Research Report: Designing an M2M Platform For The Connected World Executive Summary A survey of the M2M solutions market was conducted for Oracle in September 2012 by Beecham Research,

More information

Accenture and Oracle: Leading the IoT Revolution

Accenture and Oracle: Leading the IoT Revolution Accenture and Oracle: Leading the IoT Revolution ACCENTURE AND ORACLE The Internet of Things (IoT) is rapidly moving from concept to reality, as companies see the value of connecting a range of sensors,

More information

Embedded Java & Secure Element for high security in IoT systems

Embedded Java & Secure Element for high security in IoT systems Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product

More information

Longmai Mobile PKI Solution

Longmai Mobile PKI Solution Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2

More information

Java and the Internet of Things

Java and the Internet of Things Java and the Internet of Things Henrik Stahl Vice President Java Product Management 1 9 Million+ Java developers worldwide #1 Choice for developers #1 Development platform 5 of Top 5 OEMs ship Java ME

More information

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web

More information

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE MACHINE-TO-MACHINE ENABLE AND SECURE A CONNECTED LIFE DRIVEN BY GOVERNMENT REGULATIONS, COMPANY AND CONSUMER NEEDS, PRODUCTS ARE TRANSFORMED INTO INTELLIGENT,

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

SSL ACCELERATION DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

SSL ACCELERATION DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY SSL ACCELERATION DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY Introduction OPTIMIZING SSL DEPLOYMENT On-demand business breaks down the traditional network perimeter, creating interconnected systems between

More information

Machina Research Viewpoint. The critical role of connectivity platforms in M2M and IoT application enablement

Machina Research Viewpoint. The critical role of connectivity platforms in M2M and IoT application enablement Machina Research Viewpoint The critical role of connectivity platforms in M2M and IoT application enablement June 2014 Connected devices (billion) 2 Introduction The growth of connected devices in M2M

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Seven Ways to Create an Unbeatable Enterprise Mobility Strategy

Seven Ways to Create an Unbeatable Enterprise Mobility Strategy Seven Ways to Create an Unbeatable Enterprise Mobility Strategy A practical guide to what business and IT leaders need to do NOW to manage their business s mobile future By Arun Bhattacharya, CA Technologies

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Understanding the impact of the connected revolution. Vodafone Power to you

Understanding the impact of the connected revolution. Vodafone Power to you Understanding the impact of the connected revolution Vodafone Power to you 02 Introduction With competitive pressures intensifying and the pace of innovation accelerating, recognising key trends, understanding

More information

INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT?

INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT? A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT? Copyright 2014 Harvard Business School Publishing. sponsored by SPONSOR PERSPECTIVE Each year the

More information

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein INNOVATORS START HERE. EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly growing data

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

Vortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

Vortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems Vortex White Paper Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems Version 1.0 February 2015 Andrew Foster, Product Marketing Manager, PrismTech Vortex

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform McAfee Endpoint Security 10 provides customers with an intelligent, collaborative framework, enabling endpoint defenses to

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Putting Web Threat Protection and Content Filtering in the Cloud

Putting Web Threat Protection and Content Filtering in the Cloud Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The

More information

Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute

Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute 1 Executive Summary The Ponemon Institute recently conducted a cybersecurity

More information

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Secure Authentication for the Development of Mobile Internet Services Critical Considerations Secure Authentication for the Development of Mobile Internet Services Critical Considerations December 2011 V1 Mobile Internet Security Working Group, SIMalliance AGENDA SIMalliance presentation What s

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Evaluating IaaS security risks

Evaluating IaaS security risks E-Guide This expert tip examines the risks organizations need to be aware of when evaluating IaaS solutions, and highlights the key architectural and process components of access management services that

More information

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity

More information

exceet Secure Solutions Smart & Secure Network From Vision to Reality

exceet Secure Solutions Smart & Secure Network From Vision to Reality exceet Secure Solutions Smart & Secure Network From Vision to Reality Agenda 1. About exceet 2. Entering the World of Smart Connected Products 3. exceet s Transformation Developing New Competencies 4.

More information

Wind River Helix Chassis

Wind River Helix Chassis Wind River Helix Chassis Simplifying the Connected Car Connected, intelligent vehicles hold great promise, but the increasing complexities of developing, integrating, and managing a growing number of software

More information

The Internet of Things: Understanding the evolving value chain

The Internet of Things: Understanding the evolving value chain www.ovum.com The Internet of Things: Understanding the evolving value chain Jamie Moss, Senior Analyst, Consumer Technology & IoT Gary Barnett, Chief Analyst, Software, Ovum Ovum s Internet of Things (IoT)

More information

Windows Server 2003 Migration: Take a Fresh Look at Your IT Infrastructure

Windows Server 2003 Migration: Take a Fresh Look at Your IT Infrastructure EXECUTIVE BRIEF Windows Server 2003 Migration: Take a Fresh Look at Your IT Infrastructure Sponsored by: Symantec Carla Arend December 2014 Andrew Buss IDC Opinion Microsoft will be ending Extended Support

More information

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission

More information

Defending the Internet of Things

Defending the Internet of Things Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity

More information

Cloud Development of Medical Systems By Oleg Kruk, Embedded Research Lab Leader, DataArt

Cloud Development of Medical Systems By Oleg Kruk, Embedded Research Lab Leader, DataArt Cloud Development of Medical Systems By Oleg Kruk, Embedded Research Lab Leader, DataArt Abstract Wireless electronic medical devices have made remote medicine a reality. Disease prevention, monitoring

More information

T r a n s f o r m i ng Manufacturing w ith the I n t e r n e t o f Things

T r a n s f o r m i ng Manufacturing w ith the I n t e r n e t o f Things M A R K E T S P O T L I G H T T r a n s f o r m i ng Manufacturing w ith the I n t e r n e t o f Things May 2015 Adapted from Perspective: The Internet of Things Gains Momentum in Manufacturing in 2015,

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

IoT Analytics Today and in 2020

IoT Analytics Today and in 2020 Competitive Edge from Edge Intelligence IoT Analytics Today and in 2020 Aapo Markkanen: Principal Analyst Competitive Edge from Edge Intelligence IoT Analytics Today and in 2020 INTRODUCTION Across the

More information

The State of Application Delivery in 2015

The State of Application Delivery in 2015 The State of Application Delivery in 2015 a report by F5 f5.com/soad 1 Introduction F5 surveyed customers from more than 300 organizations (of all sizes) across a broad spectrum of vertical markets such

More information

Preparing your network for the mobile onslaught

Preparing your network for the mobile onslaught IBM Global Technology Services Thought Leadership White Paper Preparing your network for the mobile onslaught How networks can overcome the security, delivery challenges posed by mobile devices 2 Preparing

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information

A UNIVERSAL MACHINE FOR THE INDUSTRIAL INTERNET OF THINGS. MultiConnect Conduit

A UNIVERSAL MACHINE FOR THE INDUSTRIAL INTERNET OF THINGS. MultiConnect Conduit A UNIVERSAL MACHINE FOR THE INDUSTRIAL INTERNET OF THINGS MultiConnect Conduit 1 A Universal Machine for the Industrial Internet of Things The term Universal Machine, introduced in 1936 by the mathematician

More information

The Evolving Threat Landscape and New Best Practices for SSL

The Evolving Threat Landscape and New Best Practices for SSL The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...

More information

Security for the Internet of Things

Security for the Internet of Things Security for the Internet of Things Moderated by: Robin Duke-Woolley Founder & CEO Beecham Research Sponsored by: Syed Zaeem Hosain Chief Technology Officer Aeris 16 December 2016 Security for the Internet

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Securing the Internet of Things WHITEPAPER

Securing the Internet of Things WHITEPAPER Securing the Internet of Things WHITEPAPER Table of Contents Introduction...1 Expectations of Security Risk...1 Complexity... 2 What is Secure Enough?... 2 Authenticated Sender & Receiver... 3 Accessible

More information

WEBSENSE TRITON SOLUTIONS

WEBSENSE TRITON SOLUTIONS WEBSENSE TRITON SOLUTIONS INNOVATIVE SECURITY FOR WEB, EMAIL, DATA AND MOBILE TRITON STOPS MORE THREATS. WE CAN PROVE IT. PROTECTION AS ADVANCED AND DYNAMIC AS THE THREATS THEMSELVES The security threats

More information

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

In the pursuit of becoming smart

In the pursuit of becoming smart WHITE PAPER In the pursuit of becoming smart The business insight into Comarch IoT Platform Introduction Businesses around the world are seeking the direction for the future, trying to find the right solution

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity

More information

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application Introduction Security continues to be a hot topic in all areas of technology, including machine-tomachine (M2M) applications.

More information

5 Pillars of API Management with CA Technologies

5 Pillars of API Management with CA Technologies 5 Pillars of API Management with CA Technologies Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional

More information

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Innovative Security for an Accelerating World New Approaches for Chief Security Officers

Innovative Security for an Accelerating World New Approaches for Chief Security Officers Information Systems Security Association Innovative Security for an Accelerating World New Approaches for Chief Security Officers John N. Stewart Senior Vice President Chief Security and Trust Officer

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

"Secure insight, anytime, anywhere."

Secure insight, anytime, anywhere. "Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others

More information

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores Solution Brief Aerohive and OpenDNS Advanced Network Security for Retail Stores Introduction Protecting your retail business requires security for all users and devices connected to the network, regardless

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Affordable, Scalable, Reliable OLTP in a Cloud and Big Data World: IBM DB2 purescale

Affordable, Scalable, Reliable OLTP in a Cloud and Big Data World: IBM DB2 purescale WHITE PAPER Affordable, Scalable, Reliable OLTP in a Cloud and Big Data World: IBM DB2 purescale Sponsored by: IBM Carl W. Olofson December 2014 IN THIS WHITE PAPER This white paper discusses the concept

More information

security changes with Orange focus on your business, we focus on your security

security changes with Orange focus on your business, we focus on your security security changes with Orange focus on your business, we focus on your security the only constant in security is change New uses and new technologies, proliferation of platforms and new workspaces in a

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview 2 RSA and Citrix have a long history of partnership based upon integration between RSA Adaptive Authentication and Citrix NetScaler

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Does your Citrix or Terminal Server environment have an Achilles heel?

Does your Citrix or Terminal Server environment have an Achilles heel? CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com

More information

The Role of the Operating System in Cloud Environments

The Role of the Operating System in Cloud Environments The Role of the Operating System in Cloud Environments Judith Hurwitz, President Marcia Kaufman, COO Sponsored by Red Hat Cloud computing is a technology deployment approach that has the potential to help

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Securing Your Enterprise in the Cloud. IT executives must be ready to move to the cloud safely

Securing Your Enterprise in the Cloud. IT executives must be ready to move to the cloud safely Securing Your Enterprise in the Cloud IT executives must be ready to move to the cloud safely The technology pendulum is always swinging. And chief information security officers must be prepared to swing

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

ARCHITECT S GUIDE: Mobile Security Using TNC Technology ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

More information

ICTN 4040. Enterprise Database Security Issues and Solutions

ICTN 4040. Enterprise Database Security Issues and Solutions Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of

More information

IoT IT Security and Secure Development Life Cycle

IoT IT Security and Secure Development Life Cycle IoT IT Security and Secure Development Life Cycle Security BSides Ljubljana, 2015 By Christopher Scheuring, ERNW Germany #2 /whoami Christopher Scheuring Security Analyst @ ERNW Since 2010 IT Security

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

CERT's role in national Cyber Security: policy suggestions

CERT's role in national Cyber Security: policy suggestions CERT's role in national Cyber Security: policy suggestions Subject: Legal Aspect of Cyber Security. Author: Vladimir Chitashvili Lecture: Anna-Maria Osula What is national Cyber Security is? In another

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Fred Yentz President & CEO ILS Technology, a Telit company. Richard Shepherd Director of Sales Industrial IOT Solutions Group, AT&T

Fred Yentz President & CEO ILS Technology, a Telit company. Richard Shepherd Director of Sales Industrial IOT Solutions Group, AT&T Carriers, software developers, and hardware makers are increasingly offering M2M platform services designed to get solutions to market more cost effectively, more quickly and at reduced risk. This session

More information

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

Federated Identity Theft

Federated Identity Theft Federated Identity Theft By John C. Checco, CISSP Many factors vie for attention in today s financial IT enterprise. Virtualization, grid computing, web services, outsourcing, resource flexibility, business

More information

Connect for new business opportunities

Connect for new business opportunities Connect for new business opportunities The world of connected objects How do we monitor the carbon footprint of a vehicle? How can we track and trace cargo on the move? How do we know when a vending machine

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information