SlideShare ist ein Scribd-Unternehmen logo

Internet of Things Security

Thom. Poole
Thom. Poole

Security has been low on the agenda for many companies (hopefully, unintentionally), and as we enter the age of the Internet of Things (IoT) or Internet of Everything (IoE), security should be flawless. Thom Poole delivered a presentation on the issues and thinking around security for this new sector.

Technologie
1 von 17
© 2014 KlugTech www.klugtech.com Data Security Privacy – we need it, why don’t companies provide it? Thom Poole
 Chief Innovation Officer
© 2014 KlugTech www.klugtech.com State of Play •  The Internet of Things (IoT) is already here •  Connected devices talking to one another •  Ambient Intelligence (AmI) – making decisions •  Can be found in: •  Domestic •  Enterprise •  Transport (vehicles & networks) •  Healthcare •  Utilities •  Public sector •  Retail •  Education •  Cities & urban developments •  Agriculture © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Security 4 key factors •  Something you KNOW •  Something you ARE •  Something you DO •  Something you HAVE
© 2014 KlugTech www.klugtech.com Something you KNOW •  Password •  Username •  Personal details (mother’s maiden name, etc.) •  Contact details BUT: Once compromised, published or stolen – it cannot be used again Human’s are often sloppy in their security with this (reveal it readily, or
 use the same details for multiple sites) © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Something you ARE •  Biometrics – fingerprints, iris/retina scans, voice print, facial recognition, etc. BUT: once the data is digitised, it could be compromised. It can, however, not
 be easily faked (at the moment)
© 2014 KlugTech www.klugtech.com Something you DO •  Generally a gesture or tick BUT: Can easily be mimicked. Once the gesture is digitised, it could
 be compromised
© 2014 KlugTech www.klugtech.com Something you HAVE •  A device (mobile phone, key fob passcodes, etc.) •  A key •  An access app or programme © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Data Management •  People and companies entrust sensitive data to others, but if
 data management is insecure… •  Recent breaches include some big-name companies •  So who can you trust?
© 2014 KlugTech www.klugtech.com CRM •  Database driven marketing •  Stores all customer data, transactions •  Users can access all information, download, etc. •  Open to abuse © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Security Management •  Too trusting of people •  Rely on a single factor – Something you KNOW •  Intelligence is flawed •  Trust must be restored •  People have too much access to too much information, and have consistently proven themselves as a weak link. •  Over reliance on a password, which is required in full. Back up factors such as mother’s maiden name is also frequently asked, and too easy to get hold of. •  Machine intelligence is too easy to breach as it stands, and is therefore flawed.
© 2014 KlugTech www.klugtech.com Riskiest Employee Practices 1.  Accessing the Internet via unsecured wireless networks 2.  Failing to delete unnecessary but confidential information from computers 3.  Sharing passwords with others 4.  Using the same username/ passwords 5.  Using generic portable drives without proper encryption 6.  Leaving computers unattended & unsecured 7.  Failing to notify firm after loss of portable drives 8.  Failing to shield screens/ data when working in insecure areas 9.  Carrying/accessing unnecessary sensitive information 10.  Using personal devices to access company networks © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Swiss Banks •  Trusted ‘secret-keepers’ for decades •  Accounts were ‘numbers’ •  No recorded mass breaches •  Still have a good reputation Banking secrecy was enshrined in Swiss law since 1934 – and only amended in 2004. It could be argued that the amended view is not yet fully complied with.
© 2014 KlugTech www.klugtech.com Learn from the Secret-Keepers •  Have to KNOW your number •  Have to HAVE your key •  Have to HAVE some identity •  Have to KNOW which bank A single element was not enough… Why is it OK for the IT industry? © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Physical Security •  We can use a range of measures to keep people out, and/or away from sensitive data files and servers •  Why do all files need to be in one place (eggs & baskets!)? •  Why do individuals need access to ALL the information… ever? © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com Security Example Would you leave your car… •  On the highway •  With the keys •  Unlocked •  With the registration documents Datacentres are often know, or signposted Physical access can be overcome – in datacentres, physical access needed be on site, it can also be via the internet Data is often in unencrypted files – encryption is only involved in the transfer process Data is often stored together – so usernames, passwords, personal data, etc., are all grouped together, so even a minor breach could provide a complete view of a customer or group of customers
© 2014 KlugTech www.klugtech.com What’s Stopping You? •  Take security seriously •  Split up your databases •  Use encrypted, multi-point security •  Limit data access •  Keep parts of your system clean & free from all outside influences •  Work with your customers © 2014 KlugTech www.klugtech.com
© 2014 KlugTech www.klugtech.com KlugTech •  KlugTech was created to address the usability and security of the Internet of Things •  We have created a modular approach to securing your systems, but a single, safe interface •  Domestic Solutions •  Enterprise Solutions •  Transport Solutions •  Healthcare Solutions •  Public Sector Solutions •  Smart Power Solutions •  Retail Solutions •  Delivery/Logistic Solutions •  Education Solutions •  Smart City Solutions •  Agricultural Solutions •  Security Solutions www.klugtech.com

Empfohlen

Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
You cant secure yesterday
You cant secure yesterdayYou cant secure yesterday
You cant secure yesterday
NetDef
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
Michael Scheidell
 
20190523 Breach Notification Wizard: Lessons in Knowledge Management!
20190523 Breach Notification Wizard: Lessons in Knowledge Management!20190523 Breach Notification Wizard: Lessons in Knowledge Management!
20190523 Breach Notification Wizard: Lessons in Knowledge Management!
3Lions Publishing, Inc.
 
Oper8 document management solution v2.0
Oper8 document management solution v2.0Oper8 document management solution v2.0
Oper8 document management solution v2.0
Tony Riley
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
Mike Brannon
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 

Empfohlen

Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
You cant secure yesterday
You cant secure yesterdayYou cant secure yesterday
You cant secure yesterday
NetDef
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
Michael Scheidell
 
20190523 Breach Notification Wizard: Lessons in Knowledge Management!
20190523 Breach Notification Wizard: Lessons in Knowledge Management!20190523 Breach Notification Wizard: Lessons in Knowledge Management!
20190523 Breach Notification Wizard: Lessons in Knowledge Management!
3Lions Publishing, Inc.
 
Oper8 document management solution v2.0
Oper8 document management solution v2.0Oper8 document management solution v2.0
Oper8 document management solution v2.0
Tony Riley
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
Mike Brannon
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 
uLaw Security Simplified - Whitepaper
uLaw Security Simplified - WhitepaperuLaw Security Simplified - Whitepaper
uLaw Security Simplified - Whitepaper
uLawPractice Jillian Lim
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Michael Scheidell
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New World
SensePost
 
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight.com
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
Ernest Staats
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updated
Advent IM Ltd
 
Interview With Eric Vanderburg, Cyber Security & Privacy Expert
Interview With Eric Vanderburg, Cyber Security & Privacy ExpertInterview With Eric Vanderburg, Cyber Security & Privacy Expert
Interview With Eric Vanderburg, Cyber Security & Privacy Expert
Muhammad Khan
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
Rishabh Dangwal
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
John Martin
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
Simon Cuthbert
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
How & Why SME's Go On The Internet
How & Why SME's Go On The InternetHow & Why SME's Go On The Internet
How & Why SME's Go On The Internet
Thom. Poole
 
AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things
Defence and Security Accelerator
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
rahulbindra
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
Internet Security Auditors
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
Mani Rathnam
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
team-WIBU
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
University of Ontario Institute of Technology (UOIT)
 

Weitere ähnliche Inhalte

Was ist angesagt?

Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Michael Scheidell
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 

Was ist angesagt? (13)

uLaw Security Simplified - Whitepaper
uLaw Security Simplified - WhitepaperuLaw Security Simplified - Whitepaper
uLaw Security Simplified - Whitepaper
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New World
 
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IP
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updated
 
Interview With Eric Vanderburg, Cyber Security & Privacy Expert
Interview With Eric Vanderburg, Cyber Security & Privacy ExpertInterview With Eric Vanderburg, Cyber Security & Privacy Expert
Interview With Eric Vanderburg, Cyber Security & Privacy Expert
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 

Andere mochten auch

Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
team-WIBU
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
Internet Security Auditors
 
The competitive landscape of the Internet of Things
The competitive landscape of the Internet of ThingsThe competitive landscape of the Internet of Things
The competitive landscape of the Internet of Things
IoTAnalytics
 

Andere mochten auch (16)

How & Why SME's Go On The Internet
How & Why SME's Go On The InternetHow & Why SME's Go On The Internet
How & Why SME's Go On The Internet
 
AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
The competitive landscape of the Internet of Things
The competitive landscape of the Internet of ThingsThe competitive landscape of the Internet of Things
The competitive landscape of the Internet of Things
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g
Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-gInternet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g
Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g
 

Ähnlich wie Internet of Things Security

IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 

Ähnlich wie Internet of Things Security (20)

Secure CRM Management
Secure CRM ManagementSecure CRM Management
Secure CRM Management
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security Presentation
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
[Austria] Security by Design
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
 
Secure End User
Secure End UserSecure End User
Secure End User
 
Team black
Team blackTeam black
Team black
 
How to Manage the Great BlackBerry Migration
How to Manage the Great BlackBerry MigrationHow to Manage the Great BlackBerry Migration
How to Manage the Great BlackBerry Migration
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits
 
3 steps security
3 steps security3 steps security
3 steps security
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101
 
The Connected World
The Connected WorldThe Connected World
The Connected World
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 

Mehr von Thom. Poole

Mehr von Thom. Poole (20)

Amersham on the Hill
Amersham on the HillAmersham on the Hill
Amersham on the Hill
 
Customer Satisfaction
Customer SatisfactionCustomer Satisfaction
Customer Satisfaction
 
Entrepreneur
EntrepreneurEntrepreneur
Entrepreneur
 
Is the Smart Home fit for purpose?
Is the Smart Home fit for purpose? Is the Smart Home fit for purpose?
Is the Smart Home fit for purpose?
 
Connected Cars - Do we need them?
Connected Cars - Do we need them?Connected Cars - Do we need them?
Connected Cars - Do we need them?
 
Day in the Life of a Senior Marketer
Day in the Life of a Senior MarketerDay in the Life of a Senior Marketer
Day in the Life of a Senior Marketer
 
Getting Recruited into Marketing Roles
Getting Recruited into Marketing RolesGetting Recruited into Marketing Roles
Getting Recruited into Marketing Roles
 
Speed in Digital Marketing (Arabic)
Speed in Digital Marketing (Arabic)Speed in Digital Marketing (Arabic)
Speed in Digital Marketing (Arabic)
 
L'argumentation commercial pour la vitesse dans le marketing numérique
L'argumentation commercial pour la vitesse dans le marketing numériqueL'argumentation commercial pour la vitesse dans le marketing numérique
L'argumentation commercial pour la vitesse dans le marketing numérique
 
Der Business-Case für Beschleunigung im digitalen Marketing
Der Business-Case für Beschleunigung im digitalen MarketingDer Business-Case für Beschleunigung im digitalen Marketing
Der Business-Case für Beschleunigung im digitalen Marketing
 
Speed in digital marketing en
Speed in digital marketing enSpeed in digital marketing en
Speed in digital marketing en
 
Publish a book
Publish a bookPublish a book
Publish a book
 
Marketing Bootcamp
Marketing BootcampMarketing Bootcamp
Marketing Bootcamp
 
The Business Case for CRM
The Business Case for CRMThe Business Case for CRM
The Business Case for CRM
 
The CRM Jungle
The CRM JungleThe CRM Jungle
The CRM Jungle
 
CIM CRM Workshop
CIM CRM WorkshopCIM CRM Workshop
CIM CRM Workshop
 
Managing Business Customers on the Web
Managing Business Customers on the WebManaging Business Customers on the Web
Managing Business Customers on the Web
 
Trust and the marketing art of the opt-in
Trust and the marketing art of the opt-inTrust and the marketing art of the opt-in
Trust and the marketing art of the opt-in
 
Mobile Mastery
Mobile MasteryMobile Mastery
Mobile Mastery
 
Financing your business
Financing your businessFinancing your business
Financing your business
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Internet of Things Security

  • 1. © 2014 KlugTech www.klugtech.com Data Security Privacy – we need it, why don’t companies provide it? Thom Poole
 Chief Innovation Officer
  • 2. © 2014 KlugTech www.klugtech.com State of Play •  The Internet of Things (IoT) is already here •  Connected devices talking to one another •  Ambient Intelligence (AmI) – making decisions •  Can be found in: •  Domestic •  Enterprise •  Transport (vehicles & networks) •  Healthcare •  Utilities •  Public sector •  Retail •  Education •  Cities & urban developments •  Agriculture © 2014 KlugTech www.klugtech.com
  • 3. © 2014 KlugTech www.klugtech.com Security 4 key factors •  Something you KNOW •  Something you ARE •  Something you DO •  Something you HAVE
  • 4. © 2014 KlugTech www.klugtech.com Something you KNOW •  Password •  Username •  Personal details (mother’s maiden name, etc.) •  Contact details BUT: Once compromised, published or stolen – it cannot be used again Human’s are often sloppy in their security with this (reveal it readily, or
 use the same details for multiple sites) © 2014 KlugTech www.klugtech.com
  • 5. © 2014 KlugTech www.klugtech.com Something you ARE •  Biometrics – fingerprints, iris/retina scans, voice print, facial recognition, etc. BUT: once the data is digitised, it could be compromised. It can, however, not
 be easily faked (at the moment)
  • 6. © 2014 KlugTech www.klugtech.com Something you DO •  Generally a gesture or tick BUT: Can easily be mimicked. Once the gesture is digitised, it could
 be compromised
  • 7. © 2014 KlugTech www.klugtech.com Something you HAVE •  A device (mobile phone, key fob passcodes, etc.) •  A key •  An access app or programme © 2014 KlugTech www.klugtech.com
  • 8. © 2014 KlugTech www.klugtech.com Data Management •  People and companies entrust sensitive data to others, but if
 data management is insecure… •  Recent breaches include some big-name companies •  So who can you trust?
  • 9. © 2014 KlugTech www.klugtech.com CRM •  Database driven marketing •  Stores all customer data, transactions •  Users can access all information, download, etc. •  Open to abuse © 2014 KlugTech www.klugtech.com
  • 10. © 2014 KlugTech www.klugtech.com Security Management •  Too trusting of people •  Rely on a single factor – Something you KNOW •  Intelligence is flawed •  Trust must be restored •  People have too much access to too much information, and have consistently proven themselves as a weak link. •  Over reliance on a password, which is required in full. Back up factors such as mother’s maiden name is also frequently asked, and too easy to get hold of. •  Machine intelligence is too easy to breach as it stands, and is therefore flawed.
  • 11. © 2014 KlugTech www.klugtech.com Riskiest Employee Practices 1.  Accessing the Internet via unsecured wireless networks 2.  Failing to delete unnecessary but confidential information from computers 3.  Sharing passwords with others 4.  Using the same username/ passwords 5.  Using generic portable drives without proper encryption 6.  Leaving computers unattended & unsecured 7.  Failing to notify firm after loss of portable drives 8.  Failing to shield screens/ data when working in insecure areas 9.  Carrying/accessing unnecessary sensitive information 10.  Using personal devices to access company networks © 2014 KlugTech www.klugtech.com
  • 12. © 2014 KlugTech www.klugtech.com Swiss Banks •  Trusted ‘secret-keepers’ for decades •  Accounts were ‘numbers’ •  No recorded mass breaches •  Still have a good reputation Banking secrecy was enshrined in Swiss law since 1934 – and only amended in 2004. It could be argued that the amended view is not yet fully complied with.
  • 13. © 2014 KlugTech www.klugtech.com Learn from the Secret-Keepers •  Have to KNOW your number •  Have to HAVE your key •  Have to HAVE some identity •  Have to KNOW which bank A single element was not enough… Why is it OK for the IT industry? © 2014 KlugTech www.klugtech.com
  • 14. © 2014 KlugTech www.klugtech.com Physical Security •  We can use a range of measures to keep people out, and/or away from sensitive data files and servers •  Why do all files need to be in one place (eggs & baskets!)? •  Why do individuals need access to ALL the information… ever? © 2014 KlugTech www.klugtech.com
  • 15. © 2014 KlugTech www.klugtech.com Security Example Would you leave your car… •  On the highway •  With the keys •  Unlocked •  With the registration documents Datacentres are often know, or signposted Physical access can be overcome – in datacentres, physical access needed be on site, it can also be via the internet Data is often in unencrypted files – encryption is only involved in the transfer process Data is often stored together – so usernames, passwords, personal data, etc., are all grouped together, so even a minor breach could provide a complete view of a customer or group of customers
  • 16. © 2014 KlugTech www.klugtech.com What’s Stopping You? •  Take security seriously •  Split up your databases •  Use encrypted, multi-point security •  Limit data access •  Keep parts of your system clean & free from all outside influences •  Work with your customers © 2014 KlugTech www.klugtech.com
  • 17. © 2014 KlugTech www.klugtech.com KlugTech •  KlugTech was created to address the usability and security of the Internet of Things •  We have created a modular approach to securing your systems, but a single, safe interface •  Domestic Solutions •  Enterprise Solutions •  Transport Solutions •  Healthcare Solutions •  Public Sector Solutions •  Smart Power Solutions •  Retail Solutions •  Delivery/Logistic Solutions •  Education Solutions •  Smart City Solutions •  Agricultural Solutions •  Security Solutions www.klugtech.com