Weitere ähnliche Inhalte Ähnlich wie Internet of Things Security (20) Mehr von Thom. Poole (20) Kürzlich hochgeladen (20) Internet of Things Security1. © 2014 KlugTech www.klugtech.com
Data Security
Privacy – we need it, why don’t
companies provide it?
Thom Poole
Chief Innovation Officer
2. © 2014 KlugTech www.klugtech.com
State of Play
• The Internet of Things (IoT) is already here
• Connected devices talking to one another
• Ambient Intelligence (AmI) – making decisions
• Can be found in:
• Domestic
• Enterprise
• Transport (vehicles &
networks)
• Healthcare
• Utilities
• Public sector
• Retail
• Education
• Cities & urban
developments
• Agriculture
© 2014 KlugTech www.klugtech.com
3. © 2014 KlugTech www.klugtech.com
Security
4 key factors
• Something you KNOW
• Something you ARE
• Something you DO
• Something you HAVE
4. © 2014 KlugTech www.klugtech.com
Something you KNOW
• Password
• Username
• Personal details (mother’s maiden name, etc.)
• Contact details
BUT: Once compromised, published or stolen – it cannot be used again
Human’s are often sloppy in their security with this (reveal it readily, or
use the same details for multiple sites)
© 2014 KlugTech www.klugtech.com
5. © 2014 KlugTech www.klugtech.com
Something you ARE
• Biometrics – fingerprints, iris/retina scans, voice
print, facial recognition, etc.
BUT: once the data is digitised, it could be compromised. It can, however, not
be easily faked (at the moment)
6. © 2014 KlugTech www.klugtech.com
Something you DO
• Generally a gesture or tick
BUT: Can easily be mimicked. Once the gesture is digitised, it could
be compromised
7. © 2014 KlugTech www.klugtech.com
Something you HAVE
• A device (mobile
phone, key fob
passcodes, etc.)
• A key
• An access app or
programme
© 2014 KlugTech www.klugtech.com
8. © 2014 KlugTech www.klugtech.com
Data Management
• People and companies entrust
sensitive data to others, but if
data management is insecure…
• Recent breaches include some
big-name companies
• So who can you trust?
9. © 2014 KlugTech www.klugtech.com
CRM
• Database driven marketing
• Stores all customer data, transactions
• Users can access all information, download,
etc.
• Open to abuse
© 2014 KlugTech www.klugtech.com
10. © 2014 KlugTech www.klugtech.com
Security Management
• Too trusting of people
• Rely on a single factor – Something you KNOW
• Intelligence is flawed
• Trust must be restored
• People have too much access to too much information, and have
consistently proven themselves as a weak link.
• Over reliance on a password, which is required in full. Back up
factors such as mother’s maiden name is also frequently asked,
and too easy to get hold of.
• Machine intelligence is too easy to breach as it stands, and is
therefore flawed.
11. © 2014 KlugTech www.klugtech.com
Riskiest Employee Practices
1. Accessing the Internet via
unsecured wireless networks
2. Failing to delete unnecessary
but confidential information
from computers
3. Sharing passwords with
others
4. Using the same username/
passwords
5. Using generic portable drives
without proper encryption
6. Leaving computers
unattended & unsecured
7. Failing to notify firm after loss
of portable drives
8. Failing to shield screens/
data when working in
insecure areas
9. Carrying/accessing
unnecessary sensitive
information
10. Using personal devices to
access company networks
© 2014 KlugTech www.klugtech.com
12. © 2014 KlugTech www.klugtech.com
Swiss Banks
• Trusted ‘secret-keepers’ for decades
• Accounts were ‘numbers’
• No recorded mass breaches
• Still have a good reputation
Banking secrecy was enshrined in Swiss law since 1934 – and only
amended in 2004. It could be argued that the amended view is not
yet fully complied with.
13. © 2014 KlugTech www.klugtech.com
Learn from the Secret-Keepers
• Have to KNOW your number
• Have to HAVE your key
• Have to HAVE some identity
• Have to KNOW which bank
A single element was not enough…
Why is it OK for the IT industry?
© 2014 KlugTech www.klugtech.com
14. © 2014 KlugTech www.klugtech.com
Physical Security
• We can use a range of measures to keep people
out, and/or away from sensitive data files and
servers
• Why do all files need to be in one place (eggs &
baskets!)?
• Why do individuals need access to ALL the
information… ever?
© 2014 KlugTech www.klugtech.com
15. © 2014 KlugTech www.klugtech.com
Security Example
Would you leave your car…
• On the highway
• With the keys
• Unlocked
• With the registration documents
Datacentres are often know, or signposted
Physical access can be overcome – in datacentres, physical
access needed be on site, it can also be via the internet
Data is often in unencrypted files – encryption is only
involved in the transfer process
Data is often stored together – so usernames, passwords,
personal data, etc., are all grouped together, so even a
minor breach could provide a complete view of a customer
or group of customers
16. © 2014 KlugTech www.klugtech.com
What’s Stopping You?
• Take security seriously
• Split up your databases
• Use encrypted, multi-point security
• Limit data access
• Keep parts of your system clean & free from all
outside influences
• Work with your customers
© 2014 KlugTech www.klugtech.com
17. © 2014 KlugTech www.klugtech.com
KlugTech
• KlugTech was created to address the usability
and security of the Internet of Things
• We have created a modular approach to
securing your systems, but a single, safe
interface
• Domestic Solutions
• Enterprise Solutions
• Transport Solutions
• Healthcare Solutions
• Public Sector Solutions
• Smart Power Solutions
• Retail Solutions
• Delivery/Logistic Solutions
• Education Solutions
• Smart City Solutions
• Agricultural Solutions
• Security Solutions
www.klugtech.com