Subscribe to our Newsletter | To Post On IoT Central, Click here


fraud management (2)

Can the Public Internet Secure Our Digital Assets?

There is a lot of talk, and, indeed, hype, these days about the internet of things. But what is often overlooked is that the internet of things is also an internet of shared services and shared data. What’s more, we are becoming too heavily reliant on public internet connectivity to underpin innovative new services.

Take this as an example. Back in April, Ford Motor Company, Starbucks and Amazon announced and demonstrated an alliance that would allow a consumer to use Alexa to order and pay for their usual coffee selection from their car. Simply saying, “Alexa: ask Starbucks to start my order,” would trigger the sequence of events required to enable you to drive to the pickup point and collect your already-paid-for coffee with no waiting in line.

Making that transaction happen behind the scenes involves a complex integration of the business processes of all the companies involved. Let’s be clear: this is about data protection. For this series of transactions to be successfully handled, they must be able to share customer payment data, manage identity and authentication, and match personal accounts to customer profiles.

Because all of that critical data can be manipulated, changed or stolen, cyberattacks pose significant data protection risks for nearly any entity anywhere. The ambition of some of these consumer innovations makes an assumption that the “secure” network underpinning this ecosystem for the transfer of all that valuable personal data is the public internet. And that’s the point – it’s not secure.

As we’ve talked about previously on Syniverse's blog Synergy, the public internet poses a systemic risk to businesses and to confidential data. In short, when we are dealing on a large scale with highly sensitive data, the level of protection available today for data that, at any point, touches the public internet is substantially inadequate.

And this alliance between Ford and Starbucks is just one example of the type of innovation, across many different industry and consumer sectors, that we can expect to see a lot of in the very near future. These services will connect organizations that are sharing data and information about businesses and about consumers – about their purchase history, their preferences and requirements, and also about their likely future needs. This is potentially a very convenient and desired service from a consumer’s point of view, but at what cost?

We need security of connectivity, security from outside interference and the security of encrypted transfer and protection for our personal and financial data. And we need to be able to verify the protection of that data at all times by ensuring attribution and identity – both concepts we’ll explore more deeply in an upcoming blog post. And that’s a level of security that the public internet simply cannot provide.

Last month, an internet-based global ransomware attack took down systems and services all over the world – affecting sensitive personal healthcare data in the U.K. in particular.

Whether it is personal health records, financial records, data about the movement of freight in a supply chain, or variations in energy production and consumption, these are digital assets. Businesses, institutions and government bodies all over the world have billions of digital assets that must be constantly sent to and from different parties. And those assets require the type of high-level data protection that is not currently possible because of the systemic risk posed by the insecure public internet.

As mentioned in my last blog post on Synergy, there is an alternative. Some companies using private IP networks were able to carry on regardless throughout the high-profile cyberattacks that have been capturing headlines in the last year. That’s because those companies were not reliant on the public internet. Instead, they were all using what we are beginning to term “Triple-A” networks on which you can specify the speed and capacity of your Access to the network while guaranteeing the Availability of your connection. What’s more, on a Triple-A network, Attribution is securely controlled, so you know who and what is accessing your network and the level of authority granted both to the device accessing the network and to its user.

The public internet cannot provide or compete with a Triple-A level of security, and nor should we expect it to. It cannot live up to the stringent data protection requirements necessary for today’s critical digital assets. We cannot remain content that so much infrastructure, from banking, to transport and to power supplies, relies on a network with so many known vulnerabilities. And we must consider whether we want to carry on developing an industrial internet of things and consumer services on a public network.

We will continue to explore these issues on this blog, to highlight different approaches, and examine the requirements of the secure networks of the future. And in the process, we’ll take a look at the work being done to build more networks with a Triple-A approach.

Read more…

An Open and Dangerous Place

Let’s just say it: The public internet is great, but it’s an unfit, wide-open place to try to conduct confidential business.

More and more, the public nature of the internet is causing business and government leaders to lose sleep. The global ransomware attacks this year that crippled infrastructure and businesses across Europe clearly shows the concern is not only justified but also growing.

As a result, internet and privacy regulations, like GDPR and PSD2, are front and center as governments around the world increasingly look at the web and how it’s being used. This is creating competing and contradictory objectives.

On the one hand, governments want to protect consumer privacy and data; on the other, they want to be able to monitor what certain folks are up to on the internet. And in both cases, they can at least claim to be looking to protect people.

Regardless of the difficulty of the task, there is no doubt the big governments are circling and considering their options.

Speaking in Mexico in June, Germany Chancellor Angela Merkel touted the need for global digital rules, like those that exist for financial markets, and that those rules need to be enforceable through bodies like the World Trade Organization.

From a business perspective, I can applaud the ambition, but it does seem a little like trying to control the uncontrollable. The truth is that the public internet has come to resemble the old Wild West. It is an increasingly dangerous place to do business, with more than its fair share of rustlers, hustlers, and bandits to keep at bay.

The public internet connects the world and nearly all its citizens. When it comes to connecting businesses, national infrastructures, and governments themselves, trying to regulate the Wild West of the public internet simply isn’t an option. Instead, it’s time to take a step back and look for something different.

We believe organizations that want to conduct business, transfer data, monitor equipment and control operations globally – with certainty, security and privacy – should not be relying on the public internet. The sheer number of access points and endpoints creates an attack surface that is simply too wide to protect, especially with the increased trending of fog and edge networks that we’ve discussed on previous Syniverse blog posts.

Just last week, the online gaming store CEX was hacked. In an instant, around two million customers found their personal information and financial data had been exposed. Consumers in America, the U.K. and Australia are among those affected. As I said, the public internet presents an ever-widening attack surface.

Recently on the Syniverse blog, we’ve been talking about the need to develop private, closed networks where businesses, national utilities and governments can truly control not just access, but activity. Networks that are always on and ones where the owners always know who is on them and what they are doing. Networks that are private and built for an exact purpose, not public and adaptable.

Trying to apply or bolt on rules, regulations and security processes after the fact is never the best approach.  Especially if you are trying to apply them to a service that is omnipresent and open to anybody 24/7.

When we look at the public internet, we see fake actors, state actors, hackers and fraudsters roaming relatively freely. We see an environment where the efforts to police that state might raise as many issues as they solve.

Instead, it’s time for global businesses to build a new world. It’s time to leave the old Wild West and settle somewhere safer. It’s time to circle the wagons around a network built for purpose. That is the future.

Read more…

Upcoming IoT Events

More IoT News

Tech Talk: Apple's home speaker, HomePod, arrives

It's about the sound, not the smart. Apple's new home speaker, HomePod, integrates its Apple Music subscription by voice. It carries a hefty price tag of $349.99. The panelists call the move late and half-baked.

IoT Career Opportunities