Keeping data secure: A happy marriage of hardware and software

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2015/11/18/keeping-data-secure-happy-marriage-hardware-and-software/

We’ve all heard the stories about being hacked – and perhaps even
experienced this ourselves – whether by rogue individuals or organised
criminal gangs. Cybersecurity anxiety appears to be the new normal for our
times. It seems not a week goes by without news of another prominent
computer security breach.

Recently, there’s been “VENOM” that exploits vulnerabilities in several
software hypervisors as well as the data breach at the Office of Personnel
Management (OPM) that exposed personnel files of four million U.S.
government workers. Many of us have also received one or more notifications
that our credit card or personal identity information may now be in the
hands of these invaders.

There’s nothing new in this, really. Willie Sutton enlightened us all a
long time ago. He allegedly said he robbed banks, “Because that’s where the
money is.” Today, money and other valuable personal information are 1s and
0s, digital bits stored on servers. There’s a real evolution from
traditional crime to cyber-crime. Yesterday’s bank vault is now a server
and disc storage array in a data center. Instead of armed guards standing
at the bank entrance, security now comes from computer access control and
encryption guarding our assets.

With everything rapidly moving online, it’s clearly a new age and one that
is quickly growing and changing. The Internet of Things and cloud
computing, two massive trends still unfolding, bring both benefits and
threats. As everything becomes more connected, we gain greater services
that improve our quality of life, such as being able to deposit checks and
make payments from our smartphones. Organisations are better able to drive
cost savings by improving asset utilisation, enhancing process efficiency
and boosting productivity. But at the same time, this connectedness creates
new opportunities for outsiders looking to exploit security holes for their
own profit.

The challenge is significant as individuals and organisations face daily
peril of theft in the digital age. People are now faced with the task of
protecting assets, whether on their smartphone or PC, and IT managers have
to protect servers, business laptops, and other embedded computing nodes.
Why embedded devices? Think about the multitude of new intelligent
connection points where data is being collected: biometric authentication,
mobile payment systems, toll roads, location tracking and smart electrical
grids. The advent of autonomous cars will add a new wrinkle, as clearly a
nefarious hack of the navigation and control system could prove disastrous.
Already there are hacking efforts pointing to the potential for this
vulnerability.

All of this is made more complicated by the vast technical complexities and
mix of user needs. Companies, public entities and governments have mobile
workforces, infrastructure and audiences that require global
communications, cloud-based functionality, and adherence to strict
regulations, all while compromising neither an employee’s ability to bring
their own device nor the organisation’s data security. At the same time,
even though individuals and businesses need security, they aren’t willing
to sacrifice convenience or performance. To achieve this along with a
greater level of security requires a combination of software and chip-level
hardware. Hardware-based security augments available software tools since
it cannot be remotely altered. The physical layer virtually eliminates the
possibility of malware, such as virtual rootkits, from infiltrating the
operating system.

Security-hardened platforms for PCs, servers, high-performance computing,
and embedded devices make consumer and commercial workloads more secure
through encryption acceleration, trusted execution environments, isolation
of sensitive applications, secured authentication and dedicated key
storage. To do this, hardware developers include a secure processor paired
with high performance cryptographic engines.

Dedicated hardware in the form of a secure processor enables more secure
computing, whether on a PC, laptop, server, or an embedded device. The
hardware provides encryption acceleration to protect data without slowing
the user’s experience. Hardware-based encryption is considered more secure
because the encryption keys are embedded in the hardware and poses a
significant road-block for the attacker to acquire the encryption keys. In
addition, hardware security implemented through a dedicated processor does
not consume system resources which results in faster performance for
security operations.

Hardware is only half of the security story. The best security comes from a
combination of hardware and software. By using an industry standard,
customers have access to proven security management software that includes
virus detection, anti-malware, system management, data encryption and data
geo-fencing. The software library meets the needs of the consumer,
commercial and embedded markets and because it is based on an open
ecosystem, continues to grow.

We’re now at a point where there’s a crisis of trust, where cybersecurity
is a fundamental requirement for modern computing. Without this, the
developing trends of greater connectivity through cloud computing and the
Internet of Things could possibly bring more risk than reward. As a
provider of computer processors, it’s incumbent on us to provide security
options that seamlessly integrate with software and that enable customer
choice.

Individuals and businesses need full solutions to help protect consumer
online experiences, corporate device and data management, security of cloud
infrastructure, and the Internet of Things. Robust security hardware and
software is key to securing our data future.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!