Richard Parris, CEO of digital identity expert Intercede, explores how recent high-profile cyberattacks have created an urgent need for service providers to find a new, more effective approach to security
When we leave the house in the morning, we close the windows and lock the doors. We worry that, in our absence, someone might be able to get into our homes and steal our personal items. We want to protect what we value, and that means keeping anyone we don’t know out of our private space and their hands off our things. But why are we not able to take the same approach to security in the online realm?
The media continues to be awash with hack this and breach that. LinkedIn, O2, TalkTalk – even social media tsar Mark Zuckerberg himself – all fell victim to online attacks, as opportunistic cybercriminals siphoned off a wealth of personal data to be sold to the highest bidder. In most of these instances, the problem has been the old username/password paradigm; the equivalent of putting your door on the latch rather than locking it with a deadbolt – it’s closed, but not quite completely locked. This has subsequently caused unease among consumers, who are fast losing faith with how businesses are protecting their digital identities – they want better protection but service providers are failing to deliver. Indeed, research we commissioned in 2015 indicated more than 95 per cent of UK and US millennials believe their personal data is unsafe and not adequately protected by current security methods.
This failure to protect and serve the consumer has led the industry to a crossroads: continue down the same road, and risk losing customers and revenues in the process. Or pave a new proactive path for security where consumers can begin to trust service providers again.
In security we trust
To remain profitable and operational in today’s digital economy, businesses need to ditch easily circumnavigated usernames and passwords and implement new security methods that are more proactive, secure and resilient. Analyst firm Gartner predicted there will be 20 billion connected ‘IoT devices’ in the world by 2020. The world and its people, places and products are now more hyper-connected than ever before. Failure to effectively secure the online ecosystem today will risk the future of innovation tomorrow. Without security methods we can trust, consumers could cease to use the online services that make up most corporate and personal interactions today. But what does digital trust look like, and how will it become integral to the future of security?
Regaining digital trust with ‘Silicon-to-Services’ security
Digital trust is accomplished by following the process of Identify – Trust – Connect. This means identifying and authenticating people, businesses and devices in the first instance, before trusting and providing them with access to valued resources: be that data, a network, a system, or entrance to a building.
This premise forms the basis of a new method of security – Silicon-to-Services – that sees protection weaved into the fabric of each layer of technology. Silicon-to-Services joins the dots between all stages of the digital relationship, from silicon chips used to power our devices, to the user, the device itself, the connections and services they utilise, apps used and locations where data is stored.
The Silicon-to-Services ecosystem is embedded into devices and systems at the point of manufacture, enabling computers, smartphones and IoT devices to use a basic but secure cryptographic functionality already present in the large majority of silicon processors. By building a trust and key management infrastructure into silicon chips at the point of design, they are then shipped as ‘trust-ready.’ Once the chip is ready to use, only secure services within the cloud must be used to ‘personalise’ the silicon – enabling specific security technology and features. Consequently, the chip becomes ‘trust-enabled’ and is ready to be securely implemented in adherence with the service provider’s own policies.
The next-generation of security
A Silicon-to-Services security approach has the ability to transform the industry for the better. It’s an ecosystem evolved from standards already in place, rather than creating new ones that could be harder to implement. The result is mutually beneficial to businesses, service providers and consumers alike. For example, growth and adoption of the approach will lead to improved consumer experiences through increased privacy and safer transactions. Service providers will also be able to generate new revenue streams as infrastructure costs are reduced and the risks of fraud or data breaches are lowered.
Building a brighter digital economy
When it comes to online security, businesses need to urgently change tack if they want to flourish in today’s digital economy. Investment needs to be placed in more proactive cyber defence methods, that are resistant in structure and design and ensure that only trusted people, devices and applications are gaining access to valuable information and assets.
By harnessing the Silicon-to-Services approach, consumers can continue to enjoy innovation, safe in the knowledge that their internet service provider, online retailer or bank won’t be the next victim of an attack that sees their personal data shared with prying eyes. The time is now for businesses to act before they become the next cautionary tale of a password blunder or embarrassing data breach.
[su_box title=”About Richard Parris” style=”noise” box_color=”#336588″][short_info id=’70936′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.