Internet of Things Security
4 likes1,901 views
The document discusses the importance of data security and privacy in an increasingly interconnected world through the Internet of Things (IoT), highlighting the shortcomings in current practices and security measures. It outlines key factors of security, risks associated with employee practices, and lessons from trusted institutions like Swiss banks regarding data management. Klugtech proposes solutions for better security, offering a modular approach tailored for various sectors.
Internet of Things Security
- 1. © 2014 KlugTech www.klugtech.com Data Security Privacy – we need it, why don’t companies provide it? Thom Poole Chief Innovation Officer
- 2. © 2014 KlugTech www.klugtech.com State of Play • The Internet of Things (IoT) is already here • Connected devices talking to one another • Ambient Intelligence (AmI) – making decisions • Can be found in: • Domestic • Enterprise • Transport (vehicles & networks) • Healthcare • Utilities • Public sector • Retail • Education • Cities & urban developments • Agriculture © 2014 KlugTech www.klugtech.com
- 3. © 2014 KlugTech www.klugtech.com Security 4 key factors • Something you KNOW • Something you ARE • Something you DO • Something you HAVE
- 4. © 2014 KlugTech www.klugtech.com Something you KNOW • Password • Username • Personal details (mother’s maiden name, etc.) • Contact details BUT: Once compromised, published or stolen – it cannot be used again Human’s are often sloppy in their security with this (reveal it readily, or use the same details for multiple sites) © 2014 KlugTech www.klugtech.com
- 5. © 2014 KlugTech www.klugtech.com Something you ARE • Biometrics – fingerprints, iris/retina scans, voice print, facial recognition, etc. BUT: once the data is digitised, it could be compromised. It can, however, not be easily faked (at the moment)
- 6. © 2014 KlugTech www.klugtech.com Something you DO • Generally a gesture or tick BUT: Can easily be mimicked. Once the gesture is digitised, it could be compromised
- 7. © 2014 KlugTech www.klugtech.com Something you HAVE • A device (mobile phone, key fob passcodes, etc.) • A key • An access app or programme © 2014 KlugTech www.klugtech.com
- 8. © 2014 KlugTech www.klugtech.com Data Management • People and companies entrust sensitive data to others, but if data management is insecure… • Recent breaches include some big-name companies • So who can you trust?
- 9. © 2014 KlugTech www.klugtech.com CRM • Database driven marketing • Stores all customer data, transactions • Users can access all information, download, etc. • Open to abuse © 2014 KlugTech www.klugtech.com
- 10. © 2014 KlugTech www.klugtech.com Security Management • Too trusting of people • Rely on a single factor – Something you KNOW • Intelligence is flawed • Trust must be restored • People have too much access to too much information, and have consistently proven themselves as a weak link. • Over reliance on a password, which is required in full. Back up factors such as mother’s maiden name is also frequently asked, and too easy to get hold of. • Machine intelligence is too easy to breach as it stands, and is therefore flawed.
- 11. © 2014 KlugTech www.klugtech.com Riskiest Employee Practices 1. Accessing the Internet via unsecured wireless networks 2. Failing to delete unnecessary but confidential information from computers 3. Sharing passwords with others 4. Using the same username/ passwords 5. Using generic portable drives without proper encryption 6. Leaving computers unattended & unsecured 7. Failing to notify firm after loss of portable drives 8. Failing to shield screens/ data when working in insecure areas 9. Carrying/accessing unnecessary sensitive information 10. Using personal devices to access company networks © 2014 KlugTech www.klugtech.com
- 12. © 2014 KlugTech www.klugtech.com Swiss Banks • Trusted ‘secret-keepers’ for decades • Accounts were ‘numbers’ • No recorded mass breaches • Still have a good reputation Banking secrecy was enshrined in Swiss law since 1934 – and only amended in 2004. It could be argued that the amended view is not yet fully complied with.
- 13. © 2014 KlugTech www.klugtech.com Learn from the Secret-Keepers • Have to KNOW your number • Have to HAVE your key • Have to HAVE some identity • Have to KNOW which bank A single element was not enough… Why is it OK for the IT industry? © 2014 KlugTech www.klugtech.com
- 14. © 2014 KlugTech www.klugtech.com Physical Security • We can use a range of measures to keep people out, and/or away from sensitive data files and servers • Why do all files need to be in one place (eggs & baskets!)? • Why do individuals need access to ALL the information… ever? © 2014 KlugTech www.klugtech.com
- 15. © 2014 KlugTech www.klugtech.com Security Example Would you leave your car… • On the highway • With the keys • Unlocked • With the registration documents Datacentres are often know, or signposted Physical access can be overcome – in datacentres, physical access needed be on site, it can also be via the internet Data is often in unencrypted files – encryption is only involved in the transfer process Data is often stored together – so usernames, passwords, personal data, etc., are all grouped together, so even a minor breach could provide a complete view of a customer or group of customers
- 16. © 2014 KlugTech www.klugtech.com What’s Stopping You? • Take security seriously • Split up your databases • Use encrypted, multi-point security • Limit data access • Keep parts of your system clean & free from all outside influences • Work with your customers © 2014 KlugTech www.klugtech.com
- 17. © 2014 KlugTech www.klugtech.com KlugTech • KlugTech was created to address the usability and security of the Internet of Things • We have created a modular approach to securing your systems, but a single, safe interface • Domestic Solutions • Enterprise Solutions • Transport Solutions • Healthcare Solutions • Public Sector Solutions • Smart Power Solutions • Retail Solutions • Delivery/Logistic Solutions • Education Solutions • Smart City Solutions • Agricultural Solutions • Security Solutions www.klugtech.com