Why cyber security represents a new cold war
Why cyber security represents a new cold war

As more users, devices and data move beyond the traditional security of the corporate campus, attacks on information have grown in both diversity and sophistication.

Today, the dangers range from sophisticated advanced persistent threats (APT) that can silently monitor a network, to FireWire attacks able to bypass endpoint encryption, to the all-too-common lost or stolen laptop.

Meanwhile, governments around the globe are enacting laws and regulations that require companies to publicly disclose data breaches, and often pay hefty fines—unless the company can guarantee its data is safe and cannot be misused by unauthorised persons.

Most recent is the EU data regulatory change announcement that puts C-level executives, particularly the CIO, in the firing line and promises fines of up to two per cent of global annual turnover for businesses in breach.

The traditional defence of hiding information behind a wall of software is clearly inadequate to meet these challenges. It will become even less effective as enterprises increasingly rely on mobile platforms, cloud computing and personal devices used for work.

Recent reports suggest that the BYOD trend has now become a central part of a great many enterprises and furthermore that executives are using these new conditions to bypass network controls and the CIO.

This means that IT teams face an ever increasing and complex set of challenges around device management, security, resource accessibility, data control, ownership and network connectivity.

The technological foundation for such support is already well-established or easily available in business-class computers through open industry standards advocated by the Trusted Computing Group (TCG), which has found widespread acceptance in the form of embedded security tools such as Trusted Platform Modules (TPMs) and self-encrypting drives (SEDs).

These standards are not new: the TCG has been around since 2003 and the concepts are more than 20 years old, and its open standards are advocated by national governments, including the UK and US.

The most recent development by the TCG is the standard for mobile security, in the form of the Mobile Trusted Module (MTM), which replicates the features of the TPM and is seen by many as the most effective solution for smartphone, tablet and other mobile-device protection.

If we accept that BYOD is now a mainstream process and that the move to the cloud is also gathering a head of steam, how can enterprises offer full mobile-device support and manage a range of encryption processes in the cloud?

Adoption of Trusted Computing standards, which would necessarily include enterprise management software, translates embedded security into proactive, enforceable policy by enabling organisations to remotely monitor and manage all TPMs and SEDs across the scattered enterprise.

Central management further allows central IT staff to use TPMs to detect the presence of pre-boot malware as endpoint computers switch on, and thereby pre-emptively prevent network access of infected machines.

A Trusted Computing-based centralised management platform restores real-time universal administration, policy-based security controls and proof of compliance on the network's furthest endpoints.

Security is clearly the primary focus for enterprises embracing BYOD and moving into the cloud, and there are three different data states to be considered: data at rest; data in use; and data in transport.

Data at rest (data on the hard disk) and data in transport can be protected with current encryption techniques. The hard disk can be fully encrypted with FDE software or special hard disks that encrypt data on the controller of the hard disk or Opal drives. In addition, using an encrypted container or sandbox will mean all the data is housed in an encrypted file, and when sending secure data over the network, Secure Sockets Layer (SSL) can be used.

However, data in use is a much bigger concern. For example, a rootkit might be able to get to the data that is in memory or processed by the CPU. The TPM has the capability to measure the state of the platform and detect if anything has been changed such as the BIOS firmware or platform components.

Overall, IT teams should ensure that devices can be authenticated, authorised and checked for integrity or device health. Devices should have security processes embedded, through the TPM, the SED and the MTM.

The aim should be to have a policy and structure in place that ensures end-to-end security management of every device on the network, from initialisation to authorisation, including device health checks, monitoring throughout device life and decommissioning.

Another key consideration for IT teams is what to do if an employee's device is lost or stolen. The ability to wipe information remotely will be essential and there are multiple methods available.

The first is sending a so called “kill pill”, where an agent on the platform receives this message and blocks access to, or deletes, the data. The platform must be connected to the internet to make this method work.

Another method is to disable access to data automatically when the platform does not connect to a specific server for a set period of time. Once disabled, the company can then restore access by proving the identity of the user.

These are easy to circumvent by preventing network traffic, such as removing the network cable and switching off wireless. In the case of a mobile internet connection, it's possible to use a jammer to distort the signal and then remove the SIM card. After this, an attacker can access the device. The only method to block access is the “timer method” that kicks in and prevents access. Until that moment, the attacker can make copies and work offline to access the data.

In all these cases there is insufficient trust in the state of the platform. In other words, we think that the platforms are working fine but under the hood, components are changed that jeopardise the integrity and confidentiality the data.

The solution for this is a “trusted device” – a concept central to all Trusted Computing standards. A trusted device means establishing integrity checks that shows that the underlying components are not changed. This requires methods that work outside of the operating software.

Although hardware costs should be reduced with BYOD and cloud migration, servicing multiple platforms with a higher support profile will be much more expensive than one standardised platform. Trusted Computing solutions have been proven to cut network and device management costs.

There will also inevitably be a number of legal and ethical issues arising when companies adopt a BYOD scenario. Some of these will become apparent quickly but others will only develop over time. Trusted Computing standards provide the base for embedded device security, from which the protection of data and management of devices flows easily.

BYOD and the cloud create a buzz within large organisations and it is clear that the evolution of multiple networked devices and outsourced data process services is going to continue. However, until legal, technical, organisational and security issues are resolved, too many enterprises remain exposed at all levels. The solution is to build a wall of trust through Trusted Computing standards.

Joseph Souren is V-P and general manager of Wave Systems EMEA and a member of the Trusted Computing Group.