(Not so) Random Musings from RSA Conference 2017

Cesare Garlati, Chief Security Strategist, prpl Foundation

cesare-garlati-rsa-sf-2017The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year.  There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers.  It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

What was extremely apparent, however, was a return to the future.  By this I mean the return of focus on securing  the endpoint.  From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything.  The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past.  This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets.  As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.

This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry.  Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.

RSA Conference 2017
RSA Conference 2017

But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event.  Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context.  It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space

It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance.  Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.

Finally, the last significant observation for me at RSA was the emerging role of identity  as it relates to securing corporate data.  There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.

It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.

Prpl interviewed by Share Radio on smart home security

While Cesare Garlati, prpl’s chief security strategist, was in London in December, he visited the Share Radio studios to pre-record an interview on the prpl Smart Home Security Report. His interview was aired on the 13th of December as part of the Share Radio Evening Show.

Cesare Garlati at Share Radio studiosCesare tackles the issue of whether smart homes are as secure as they should be and refers to prpl’s one of a kind global study that found that while there was more adoption of smart devices people were failing to secure their smart home. Jinan Rahma of Share Radio spoke to Cesare and began by asking whether the smart home was a thing of the future and dove deeper into what users should be doing to protect their connected homes.

shareradioThe full podcast is available to listen to here: https://www.shareradio.co.uk/podcasts/are-smart-homes-as-secure-as-they-could-be-13-dec-16/

Prpl takes part in IoTSF discussions on industry collaboration

Last Tuesday the prpl Foundation took part in the annual IoTSF conference in London. Art Swift, President on the prpl Foundation, took part in a panel Tuesday afternoon on “United We Stand; Addressing the Bigger Challenges of IoT Security with Collaboration”. The panel centered around the idea of the building an “Internet of Trust” and how security through collaboration can help. Along with Art, the panel featured John Hayne, chairman of the IoTSF, Paul Wilson of the Multos Consortium, Hugh Boyes of the IET, Idris Jahn from IoTUK and Aapo Markkanen, principle Analyst at Machina Research.iotsf

The panel began by asking each member how they see the IoT terrain changing over the next few years, and how can the current work being done by the IoTSF in promoting best practices in security could help this. The main theme throughout all answers was simple: trust. The IoT needs to invest in a supply chain of trust between manufacturers and consumers,with consumers being able to trust that the security of the products is up to standard, and that manufacturers will take the security of their products more seriously. Continue reading

Alliance between prpl Foundation and IoTSF puts ‘security by design’ at the heart of embedded computing

New collaboration to transform security of the Internet of Things

LONDON, UK – 5 December 2016 – The prpl Foundation and the IoT Security Foundation (IoTSF), two influential not-for-profit organizations working to promote security and openness in the Internet of Things (IoT), today announced that they have entered into a formal agreement to cooperate on projects that put ‘security by design’ into the IoT.  One element of the collaboration, around the IoTSF Self Certification Working Group, will be discussed tomorrow in London at the IoTSF Conference 2016 entitled Building an Internet of Trust.

”The prpl Foundation and the IoTSF share a belief that security is a fundamental requirement to the enablement and adoption of connected devices,” said Art Swift, president of the prpl Foundation.  “We are delighted to work together to advance the many aspects of IoT security to make its widespread use less risky so consumers can use the IoT to its full potential safely.” Continue reading

prpl Foundation and CABA create important alliance to advance smart home security

Open source foundation joins forces with leading smart home and building organization

November 28, 2016 – SANTA CLARA, CA

Today, the not for profit prpl Foundation, an open-source, community-driven, collaborative, foundation with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures, announced a significant collaboration with the Continental Automated Buildings Association (CABA), an international not-for-profit industry association dedicated to the advancement of intelligent home and intelligent building technologies. The mutual alliance will see both membership groups working together on research projects and whitepapers to improve standards in smart home security.

“prpl’s alliance with CABA is an incredibly important step in the advancement of smart home technology,” said Art Swift, president of the prpl Foundation. “By collaborating with CABA’s wealth of smart home security experts and members, we will work together to provide high quality research and guidance that will push IoT industry standards to make sure that consumers are kept safe as connected device usage in their homes grows.”
Continue reading

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

 

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading

The Internet of Things: Life-changing tech or a disaster waiting to happen?

Reposting from Tech City News NOV 02, 2016 http://techcitynews.com/2016/11/02/the-internet-of-things-life-changing-tech-or-a-disaster-waiting-to-happen/

By Cesare Garlati, chief security strategist at the prpl Foundation, an organisation working to make the IoT safer, explains how startups can get IoT security right to avoid being subjected to harm.

miraiThe Internet of Things (IoT) is exciting new territory for many startups and innovative companies looking to push boundaries and connect even the smallest devices to attempt to simplify and enhance our lives. But the security of these devices is fundamentally flawed for a number of reasons.

Continue reading