Web service providers encourage end users to create an account when they come to browse and shop that requires providing personal information: date of birth, address, credit card information and more. For convenience sake, many users will use the same account username and password they use for other services when they create a new account. This potentially exposes them to the theft of information that could be sold.
Designing products and services to be frictionless will lead to more compelling user experiences and greater affinity with the customer. For example, biometric chip in Apple iPhone helps establish seamless user identity & trust to unlock screen, make one-step secure payment to buy apps from app store etc. In this case, there is a 1:1 relationship between user-device and manufacturer of a device enabling frictionless experience for user. But it is not the same in the case of an upscale hotel that has IoT devices (smart bulbs, digital key locks, smart thermostat, connected vending machines etc.) to enhance guest experience i.e., hotel first needs to secure different manufacturer’s IoT devices procured & installed in its premises and rooms. Then establish a temporary trust relationship between guest checking into the hotel & devices in room and when guest checks out remove the temporary trust established at the time of check-in to avoid misuse of devices by guests etc.
An eventful week
There has been a lot of security news in the couple of weeks between the RSA Conference in San Francisco and Mobile World Congress in Barcelona. First, Google Security revealed a practical approach for generating collisions for the hashing algorithm SHA-1. While long considered vulnerable, SHA-1 has now been rendered all but useless. Second, security vulnerabilities reportedly cost Super Micro Computer to lose Apple as a client, leading to an 8% drop in the company’s market value. And third, the disclosure of a bug in CloudFlare’s services rendered consumers of web-based services from Uber, OkCupid and other companies potentially vulnerable.
The advent of hyper-connected endpoints via heterogeneous, unconventional means and rise of cloud-based virtualization economies demand a digital business model capable of combatting increasingly-sophisticated cyberattacks, and navigating a complex, rapidly-evolving threat landscape. Today’s network security products - which are the building blocks for establishing secure device-to-cloud connectivity, and maintaining data confidentiality and integrity - are challenged by emerging threats and more frequent attacks. Being at an inflection point, they must evolve to adapt to cloud-based, virtualized environments to protect against emerging cyber threats.
An increasing number of Software-as-a-Service (SaaS) applications have enabled enterprises to undergo digital transformation. Web services or multi-tenant enable micro-services based choreography is typically adopted by business applications to leverage SaaS offerings. For example, an enterprise providing a partner portal for Internet of Things (IoT) hardware kits it offers, may utilize Magento-based e-commerce functionality to manage the product catalog and order fulfilment functionality, Atlassian cloud-hosted JIRA for trouble ticketing, and a Confluence-based Content Management System (CMS).
Internet of Things (IoT) describes an emerging trend where a large number of embedded devices (things) are connected to the Internet to participate in automating activities that create compounded value for the end consumers as well as for the enterprises. Many organizations are hesitant to tap into the power of the IoT due to the vulnerabilities and evolving threat while working with and managing such diverse and constantly evolving devices and the network environment that they operate in.