Internet of Things Security


Published on

Security has been low on the agenda for many companies (hopefully, unintentionally), and as we enter the age of the Internet of Things (IoT) or Internet of Everything (IoE), security should be flawless.
Thom Poole delivered a presentation on the issues and thinking around security for this new sector.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Internet of Things Security

  1. 1. © 2014 KlugTech Data Security Privacy – we need it, why don’t companies provide it? Thom Poole
 Chief Innovation Officer
  2. 2. © 2014 KlugTech State of Play •  The Internet of Things (IoT) is already here •  Connected devices talking to one another •  Ambient Intelligence (AmI) – making decisions •  Can be found in: •  Domestic •  Enterprise •  Transport (vehicles & networks) •  Healthcare •  Utilities •  Public sector •  Retail •  Education •  Cities & urban developments •  Agriculture © 2014 KlugTech
  3. 3. © 2014 KlugTech Security 4 key factors •  Something you KNOW •  Something you ARE •  Something you DO •  Something you HAVE
  4. 4. © 2014 KlugTech Something you KNOW •  Password •  Username •  Personal details (mother’s maiden name, etc.) •  Contact details BUT: Once compromised, published or stolen – it cannot be used again Human’s are often sloppy in their security with this (reveal it readily, or
 use the same details for multiple sites) © 2014 KlugTech
  5. 5. © 2014 KlugTech Something you ARE •  Biometrics – fingerprints, iris/retina scans, voice print, facial recognition, etc. BUT: once the data is digitised, it could be compromised. It can, however, not
 be easily faked (at the moment)
  6. 6. © 2014 KlugTech Something you DO •  Generally a gesture or tick BUT: Can easily be mimicked. Once the gesture is digitised, it could
 be compromised
  7. 7. © 2014 KlugTech Something you HAVE •  A device (mobile phone, key fob passcodes, etc.) •  A key •  An access app or programme © 2014 KlugTech
  8. 8. © 2014 KlugTech Data Management •  People and companies entrust sensitive data to others, but if
 data management is insecure… •  Recent breaches include some big-name companies •  So who can you trust?
  9. 9. © 2014 KlugTech CRM •  Database driven marketing •  Stores all customer data, transactions •  Users can access all information, download, etc. •  Open to abuse © 2014 KlugTech
  10. 10. © 2014 KlugTech Security Management •  Too trusting of people •  Rely on a single factor – Something you KNOW •  Intelligence is flawed •  Trust must be restored •  People have too much access to too much information, and have consistently proven themselves as a weak link. •  Over reliance on a password, which is required in full. Back up factors such as mother’s maiden name is also frequently asked, and too easy to get hold of. •  Machine intelligence is too easy to breach as it stands, and is therefore flawed.
  11. 11. © 2014 KlugTech Riskiest Employee Practices 1.  Accessing the Internet via unsecured wireless networks 2.  Failing to delete unnecessary but confidential information from computers 3.  Sharing passwords with others 4.  Using the same username/ passwords 5.  Using generic portable drives without proper encryption 6.  Leaving computers unattended & unsecured 7.  Failing to notify firm after loss of portable drives 8.  Failing to shield screens/ data when working in insecure areas 9.  Carrying/accessing unnecessary sensitive information 10.  Using personal devices to access company networks © 2014 KlugTech
  12. 12. © 2014 KlugTech Swiss Banks •  Trusted ‘secret-keepers’ for decades •  Accounts were ‘numbers’ •  No recorded mass breaches •  Still have a good reputation Banking secrecy was enshrined in Swiss law since 1934 – and only amended in 2004. It could be argued that the amended view is not yet fully complied with.
  13. 13. © 2014 KlugTech Learn from the Secret-Keepers •  Have to KNOW your number •  Have to HAVE your key •  Have to HAVE some identity •  Have to KNOW which bank A single element was not enough… Why is it OK for the IT industry? © 2014 KlugTech
  14. 14. © 2014 KlugTech Physical Security •  We can use a range of measures to keep people out, and/or away from sensitive data files and servers •  Why do all files need to be in one place (eggs & baskets!)? •  Why do individuals need access to ALL the information… ever? © 2014 KlugTech
  15. 15. © 2014 KlugTech Security Example Would you leave your car… •  On the highway •  With the keys •  Unlocked •  With the registration documents Datacentres are often know, or signposted Physical access can be overcome – in datacentres, physical access needed be on site, it can also be via the internet Data is often in unencrypted files – encryption is only involved in the transfer process Data is often stored together – so usernames, passwords, personal data, etc., are all grouped together, so even a minor breach could provide a complete view of a customer or group of customers
  16. 16. © 2014 KlugTech What’s Stopping You? •  Take security seriously •  Split up your databases •  Use encrypted, multi-point security •  Limit data access •  Keep parts of your system clean & free from all outside influences •  Work with your customers © 2014 KlugTech
  17. 17. © 2014 KlugTech KlugTech •  KlugTech was created to address the usability and security of the Internet of Things •  We have created a modular approach to securing your systems, but a single, safe interface •  Domestic Solutions •  Enterprise Solutions •  Transport Solutions •  Healthcare Solutions •  Public Sector Solutions •  Smart Power Solutions •  Retail Solutions •  Delivery/Logistic Solutions •  Education Solutions •  Smart City Solutions •  Agricultural Solutions •  Security Solutions