Not for profit and its members showcase innovation and push the limits of embedded computing
Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.
During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.
The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year. There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers. It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.
What was extremely apparent, however, was a return to the future. By this I mean the return of focus on securing the endpoint. From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything. The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past. This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets. As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.
This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry. Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.
But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event. Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context. It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space
It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance. Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.
Finally, the last significant observation for me at RSA was the emerging role of identity as it relates to securing corporate data. There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.
It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.
Additional projects to be funded when existing ones are wrapped up (Art urges us to get them done)
US has appointed a new chair to of FCC therefore no new actions or decisions yet — seems they need to rebuild the commission
EU doc created in 2013 is supposed to be implemented in local law now, but is similar to FCC’s doc. some groups lobbying to better protect free software. ongoing discussion, seems similar to US discussions. might be some level of coordination between the two policy groups.
Next meeting will be held week of Feb 6-10 (doodle survey to select the date)
All welcome to participate in planning — contact Eric for further info