IIoT, Mobile and Cloud Security Take Center Stage at RSAC 2017
The RSA Conference (RSAC) is a regular highlight in the IT security calendar.
To judge from the record attendance of 43,000 professionals, this year was no exception.
The RSA Conference has succeeded in expanding well beyond its modest beginnings in the early 1990s as a small cryptography trade show, to become the undisputed leader among international IT security conventions that it is today.
By consistently devoting specific sessions and tracks to the major developing trends in cybersecurity the event has become the must-attend event for anyone who is anyone in IT security.
High on the agenda for this year’s show, which took place from February 13-17 in San Francisco, were perennial favorites like phishing and ransomware threats. However, it was the newer themes such as Industrial Internet of Things (IIoT)/machine-to-machine (M2M) security along with mobile client and cloud threats/vulnerabilities that caught everyone’s eye. All three are themes that are central to NCP.
RSA 2017 featured the very latest developments in all of these fields. Some of the key highlights were as follows:
The Internet of Things/Industrial Internet of Things this year had its own dedicated conference track for the first time.
A number of vendors and industry bodies warned of vulnerabilities with IIoT and performed live demonstrations of exploits on industrial devices such as medical devices and solar panels.
One of the most notable of these came from IBM’s penetration testing team. Following on from last year’s demonstration of how IIoT can be hijacked to force a car off the road, the IBM group decided to take things a stage further.
They showed the IoT devices inside cars could be controlled remotely by their original owners long after they may have sold them on.
To date, no enterprise has reported a major security breach caused by a smartphone. But the consensus among experts at RSA 2017 was that the threat level from mobile is building and that CISOs should be braced for the inevitable.
Android's vulnerabilities are well documented. In fact, Google is taking the threat so seriously they sent the director of Android security, Adrian Ludwig, out on stage to play down the seriousness of bugs like Stagefright hole, the Masterkey vulnerability and Fake ID.
Apple is not immune from vulnerabilities either. The first commercial malware to be discovered in the App Store occurred in 2015. This was followed by the discovery of a zero-day exploit in iOS in 2016.
One report issued during the show asserted that enterprise use of the cloud has hit an all-time high with the use of custom apps growing rapidly.
The study showed enterprises typically run 464 custom applications. However, IT departments are aware of just 38.4% of them.
Elsewhere, opinion about cloud was divided. Former U.S. National Security Agency (NSA) Chief Gen. Keith Alexander talked about how the cloud can help enable a common defense for organizations of all sizes while analyst Torsten Volk of Enterprise Management Associates warned of "the four horsemen" of hybrid cloud failure: making a mistake, being stuck with the mistake, not noticing the impact of the mistake and not understanding what the mistake means to your business.
Elements of good cloud security include flexibility, on-demand scalability and visibility.
Other features are simplicity in making all of the different cloud components mesh well and work together; ease of use, plug-and-play capabilities and automation of non-essential tasks.
VPNs secure data where it is most vulnerable. They protect connection points with the internet, integrating seamlessly with internal systems and encrypting traffic passing between them and remote destinations or individual devices.
- IIoT - Installing a VPN at a remote IIoT gateway allows organizations to have on-demand or always on access to smart devices. Remote devices can be also managed using either command line or API controls for more in-depth control.
- Mobile - A secure VPN client keeps mobile data protected by encrypting it and routing the information via a secure VPN head-end or gateway. This ensures mobile data stays private even when connecting to the internet at an unsecured public Wi-Fi hotspot such as a coffee shop or airport.
- Cloud - A VPN is an effective way to protect data being transferred to and from the cloud. The VPN forms an encrypted tunnel to protect and centrally manage data in motion as it moves constantly between internal systems and remote applications hosted in the cloud.
In summary, the key takeaway from RSAC 2017 is that NCP is experienced in supporting customers wanting to find ways to protect themselves against vulnerabilities arising from leading technology trends like cloud, IIoT and mobile endpoint security.
NCP’s long-established relationships with leading U.S. technology partners, along with the German reputation for great engineering, and coming from a security culture where vendors are not asked to open up their source code to their government, all made for a winning formula at RSA!