A recent story from Reuters kicked up a bit of a stir by claiming that hackers could use sound to steal data from a computer or network. While the story was true it turns out that it isn't the whole story and is less of a problem than the report inferred, according to cybersecurity expert Jack Wolosewicz. Here's the interview.
By Lou CoveyEditorial Director
While outsourcing software and design development is a common practice, the idea of putting your company’s crown jewels into the cloud for a freelancer to monkey with tends to drive sales of anti-emetics. Can you safely allow virtual strangers to access your server, or should you just suck it up and overwork your employees?
That has been a continuous conundrum of the Electronic Design Automation Industry (EDA) and its customers in the embedded software and semiconductor industries. Larger companies, like Synopsys and Intel either use internal security paradigms in the collaborative tools or work with some of the big players, like IBM and OpenText. The costs of those tools however don’t always fit in the budget for smaller companies and can be a hindrance to outsourcing companies.
What makes the whole issue more difficult is that while companies readily admit is is an important issue, not many are actually willing to talk about what they are doing about it.
At the Design Automation Conference in San Francisco this week, there was a noticeable presence of companies stating they actually do provide for secure collaboration and were more than willing to tell you who they provided it for. One of the main players, OpenText, customers proudly proclaims their list of customers, including, in the electronics world, Alcatel-Lucent, Cirrus Logic and Renesas (see interview here).
Other players, like the recently funded Zentera, not so much. We visited Zentera’s booth at the Design Automation Conference and they were quite adamant about not saying anything substantial on the record, but their website touts a lot of partners, including Microsoft and Qualcomm.
Then you get into the realm of the EDA tool providers and the walls go up quickly. Mentor Graphics expressed surprise that one of their major customers, Qualcomm, was working with Zentera to provide secure collaboration. Synopsys and Cadence claim their own “cloud” solution, consisting of private servers stuffed in their headquarters building.
Dassault Systeme, on the other hand, was quite effusive about their Enovia collaborative platforms and focuses security according to roles, geography and hierarchy. Dassault is relatively new to the world of semiconductor design and is making a strong effort to differentiate itself from the “holy trinity” of Synopsys, Mentor Graphics and Cadence, and they have been miles ahead of the EDA industry on the issue of collaboration and security, simply because of their much broader range of customers including the mil-aerospace niches that require a standardized approach.
For third-party providers of design services these secure collaboration platforms can open doors for working with the most cutting-edge technologies that are often strapped for resources. Customers that want to integrate design environments from multiple sources can use them to integrate the external design teams into an all encompassing environment without giving up those aforementioned crown jewels. If the customer doesn’t want the additional expense, it might be worth the investment by outsourcers to adopt the collaboration platforms and work the cost into their services overall.
This is another part of our ongoing series on outsourcing services, again focusing on security Large companies rely on the work of outsourcing providers for developing security solutions and containing breaches. By Lou Covey, New Tech Press
News reports about data breaches are almost a daily occurrence. Companies spend millions on identity protection services for affected customers while the same type of breaches continue with no end in sight. The sheer volume of data stolen is astronomical begging the question, why isn’t anything being done?
“There is no financial reason for companies and governments to do anything about the problem because we have not seen any significant economic damage done to the companies or their customers,” said Anne Saunders of Eurocal Group, a U.S. software development company.
She has a point. There have been relatively few people who have actually experienced personal financial loss. For example, just last week, Target announced a settlement of $10 million for the breach that compromised the data of more than 100 million people -- 10 cents for each victim, not counting legal fees.
While the amount of data stolen has been massive and growing with each attack, the money spent on identity theft protection for and by those customers after any given attack is extremely low. The entire ID theft industry is currently only $3 billion annually with a projected growth rate of 0.5 percent and no measurable profit. The number of companies in the market make each slice of that pie very thin, so it’s not a business for the weak-hearted. The good news for that industry is corporations are adding budget for those purchases because, well, it’s relatively cheap.
Eurocal Group is one of many companies providing outsourcing services for companies around the world and they are finding a growing demand for the services with deep experience in cybersecurity. “If security isn’t a significant part of your development, whether it is embedded systems or web design, you’re just asking for trouble. Lucky for us, lots of companies have not been thinking about security,” Saunders said.
A battle weary market
Then there is the problem of breach fatigue. The number of people affected by breaches is impossible to measure because of the interconnectedness of the data. One person might be affected by the Target, Anthem and Michael’s breaches and another might not be affected by any. A recent report from Experian stated that 62 percent of consumers received at least two notifications of breaches in the past year.
Correlating to the Experian survey, market research firm Ipsos reported in December that 62 percent of consumers in the US are now concerned about the security of their data, which is an increase from 53 percent the previous year. However, 85 percent reported that they knew of no one whose data had been compromised and only 6 percent reported being the victim of a breach. So while there is growing concern, there is hardly a demand from the market to actually do something about it.
Which may be why some leading figures in the industry tell consumers they are pretty much on their own. Herjavec Group Founder & CEO, Robert Herjavec discussed the recent and massive breach of Anthem in a recent interview with Fortune magazine. He stated that the integrated nature of health care systems requires consumers take responsibility for security. ”They must diligently check credit card records, and monitor their personal records with insurance and medical providers to mitigate the risks of credit card fraud and identify theft in the fall out of this breach.”
Don’t just do something, stand there
The U.S. government is also concerned about cybersecurity and is convening panels and study groups from Federal all the way to municipal levels. They have produced reams of legislation designed to deal with the issue, but there are two problems: 1. The legislation is designed more for show rather than actually deal with the real problems; 2. The legislation is designed to improve and control government surveillance, rather than the security of voter data.
Better progress is being made in the European Union, especially in smaller countries in Central Europe. according to Jack Wolosewicz, CTO of cybersecurity tech startup, Certus Technology Systems. He said Europeans seem more open to security innovation than the US government and large corporations. "They tend to outsource to known companies, like RSA and Verisign, not because those are the best solutions but because, if there is a breach, they can say they went with the best known solutions. So no new ideas are considered.
Wolosewicz said the "CYA mindset" is the biggest barrier to adoption of effective security in large companies and enterprises which means smaller enterprises are more likely to be willing to look outside of the box.
“Financial services and internal corporate security is taken more seriously with big bucks being spent on 2nd factor authentication like RSA tokens,” he stated. "Expensive and outdated as they are, there is a market for that because relying on passwords alone is not a security strategy that anyone trusts any more. For mass markets, single-sign on is everywhere and browsers remember your passwords because it's easy for users, but it’s still passwords and that only increases risk."
Wolosewicz pointed out that Microsoft and Yahoo have launched initiatives to move away from passwords, so there is some movement in the right direction. "Mass markets are happy to pay for a better user experience to attract new users, but till now, better security meant worse user experience."
In the end, the major players that control what happens to the consumer data are not financially incentivized to change how things are done. Since their customers have pretty much accepted the status quo, any substantial change will have to come from non-traditional sources.
“We’ll take that business,” Saunders concluded.
This is part one of a a two-part interview with Jack Wolosewicz, CTO of Eurocal Group and founder of Certus, a security technology firm. We talk about the inherent weakness of passwords in relation to the growing use of streaming video.
Sponsored by Blaylock Engineering, EuroCal Group, MeBox Media and Busivid.
Home security gadgets are all the rage, fueled in no small part by Dropcam and their competitors. But video surveillance and smart locks have issues of data storage and hack-ability to deal with that scares most non-techie types. Pilot Labs, a small OEM wireless product manufacturing company in San Diego, decided to leap into the fray with a product that brings wireless security to the masses who have a hard time figuring out fax machines. Coin Guard, currently awaiting funding through Kickstarter before it becomes widely available, hopefully in time for Christmas, Is a disk about two inches across that the user lays onto of something to protect. If the disk is moved, it sends an alarm to a mobile phone. So, if you can download an app to your phone, plug an ethernet cable into a router, and press a button you can have a security system installed in minutes.
We sat down with company co-founder Chris Thomas to get the skinny on the unusual product. Check it out.
By Joe BasquesManaging Editor
A recent report by IBM said 2.5 exabytes of data were created every day through 2012. This is almost nothing compared to what we will collect in 3 to 5 years as the Internet of Things moves into reality and everything from milk jugs to the clothes we wear will contain sensors actively collecting data.
Two of the biggest challenges businesses face today are where to begin when developing their Strategic Big Data Plan, and how to lessen the “creepy factor” so customers willingly consent to contributing their data. Gartner predicts that one-third of Fortune 100 companies will experience an information management crisis by 2017, due to the fact that many U.S. companies don't have a clear data strategy.
As part of our ongoing series looking at the latest in Big Data, we sat down with Ann Buff, Business Solutions Manager and Thought Leader for SAS at Enterprise Data World in Austin Texas to discuss Big Data Strategy and how companies overcome the “creepy factor” to provide a high-value proposition to their customers.
Lou CoveyEditorial Director
As we move deeper into the 21st Century, Western concerns about China regarding to cyberwar, intellectual property and the security of the internet of things is almost a daily part of the news cycle. However, as more Chinese consumers integrate their lives on social media and through consumer devices, their concerns and desires regarding those same issues are beginning to mirror those of the West. Perhaps the “twain” shall meet? We interviewed David Harold at #EELive on that exact issue. See the video.
Icon Labs announced the Floodgate Defender Appliance earlier this year as a means to backfit security into legacy embedded systems and we sat down with the company's CEO, Alan Grau to talk about just how crucial this is. The video follows:
