Upload File

protecting the connected ecosystem · 520 cost avoidance (at an average cost of $520 per incident)...

  • Home
  • Documents
  • PROTECTING THE CONNECTED ECOSYSTEM · 520 Cost avoidance (at an average cost of $520 per incident) Data, devices and networks are insecure. The TPM provides embedded security including:
1
520 Cost avoidance (at an average cost of $520 per incident) Data, devices and networks are insecure. The TPM provides embedded security including: 1/2 half the cost of a smart card 1/3 one-third the cost of a token built-in authentication Root of Trust (RoT) As computing environments become more complex, more security functions will rely on Root of Trust (RoT). This will be the case not only in the original TPM target platforms of desktop and notebook deployments, but also in the mobile, virtual and cloud server environments, as well as the embedded computing space and IoT devices ranging from cars to factories to appliances and more. RoT is hardware, firmware, and/or software that is inherently trusted to perform a vital security function. Some of the TPM applications devised and endorsed by the members of TCG Cloud Computing Trusted Computing concepts allow cloud users to establish trust, exchange information about the platforms they use and assure compliance to agreed policies TPM Mobile TPM Mobile offers a hardware root of trust in the device for secure transaction, secure storage of keys and certificates and integrity assurance TNC specs enable endpoint posture assessment, intelligent access control and security automation for compliance with network/enterprise security policies Self-encrypting drive SED solutions based on TCG specifications enable integrated encryption and access control within the protected hardware of the drive Sharing a common TCG approach Sharing a common TCG specification would be more economical than fragmented solutions, reducing the cost of goods for vendors, developers, and suppliers and cost of ownership for users of technology. Federal and international legislation mandate the use of strong security measures to protect information, as shown by the 2013 FTC ruling, which imposed clear guidelines after a “failure to take reasonable steps to secure the software it developed placed sensitive information about millions of consumers at risk”. With that in mind, TCG offers a broad foundation of support for now and the future: JOIN the quest to develop and promote trusted computing technologies, and become a part of the global circle of trust. 1 2 3 4 5 Pervasive deployment of TCG technology Not just in PCs, but in a wide range of devices, including mobile and the cloud Creation of the trusted platform BIOS, TXT, operating systems, storage, secure I/O Expand trusted computing to the more complex systems Servers, virtualization, networking infrastructure Connect networks and systems Including the Internet of Things (IoT) and the Cloud Build resilient security Create a robust, standards-based ecosystem for proactive security SOURCES: Abderdeen Group, Bloomberg, Cisco Systems, ComputerWorld, Ericsson, Federal Trade Commission, Forbes, IBM, IDC, Ponemon Institute, Trusted Computing Group, Verizon, Wall Street Journal The evolution of trusted computing and TCG: Contributing significantly to the vast streams of data created today are increasing numbers and kinds of devices. According to estimates, the number of mobile phones will exceed the world population in 2014. Computers in use will reach the 2 billion mark next year. 2B WHERE TRUST BEGINS PROTECTING THE CONNECTED ECOSYSTEM The connected computing reality has changed our lifestyles while creating new needs and expectations. While constant Internet access offers many benefits, including instant access to data and connectivity among many kinds of devices, there are downsides. The world of data Total number of devices (bn) According to IDC, in 2013 there were almost as many bits of data in the Digital Universe as known stars in the physical universe, and by the year 2020 the Digital Universe is expected to reach 44 Zb (ten times the size of 2013) The Internet of Things (IoT) is growing over three times as fast as traditional IT, and by 2020 will nearly equal all other IT spending. Research conducted by Cisco Systems indicates as many as 50 billion installed connected things by 2020. 2010 12.5 2015 25 2020 50 IBM and Ponemon Institute research points to the significant increase in average total organizational cost of data breaches over the period of one year: The costs (US$ million) The big chunk of it relates to the average “lost business” cost USA 5.85 3.32 France 1.69 4.19 Germany 1.64 4.74 UK 1.59 3.68 Three specific factors can significantly reduce the average cost per lost record: 14.1 12.8 strong security posture incident response plan 6.6 CISO* appointment *Chief Information Security Officer US$ Trusted Computing: A Foundation of Trust for Devices and Transactions The Trusted Computing Group (TCG) enables a secure foundation for all types of computing; its open, vendor-neutral industry specifications include the TPM for establishing a root of trust, as well as software interface specifications across multiple platforms and operating environments that improve the security of data, devices and networks. In a 2012 report, Aberdeen Group made a case for using TPM as a hardware root of trust: Cost per endpoint (US$) Trusted Platform Module No hardware root of trust 56 71 4 8 Security-related incidents 85% 50% Most of that data (about 2/3) is created by the individual consumer, but 85% of all the content falls within the responsibility of the enterprises acting as owners/custodians of: personal data payment processing records proprietary corporate data medical records authentication credentials financial & banking data Security is mission critical About half of the data, IDC estimates, is currently UNPROTECTED. Since 2005, the Privacy Rights Clearinghouse reports that 536,508,478 records have been breached from unencrypted drives that were lost, stolen or hacked. During a period of 12 months, any IBM monitored client on a weekly basis suffered on average 42% 6% 6% 31% 15% misconfigured system or application vulnerable code end-user error targeted attack (exploited) undetermined Research from IBM identified five industries with the highest share of attacks: 26.5% Manufacturing Finance & Insurance Information & Communication Health & Social Services Retail & Wholesale 20.9% 18.7% 7.3% 6.6% 200 malicious attacks 1.7 security incidents Consider the Heartbleed vulnerability, the massive data breach at Target and the recently reported eBay phishing scams. It turns out almost half of the attacks are classified as opportunistic - an attack that takes advantage of existing vulnerabilities or weaknesses without any specific motivation. Furthermore, IBM ranks the human factor as the most prevalent element contributing to vulnerability of an average organization: Trusted Network Communications

Upload: others

Post on 13-Oct-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: PROTECTING THE CONNECTED ECOSYSTEM · 520 Cost avoidance (at an average cost of $520 per incident) Data, devices and networks are insecure. The TPM provides embedded security including:

520Cost avoidance (at an average cost of $520 per incident)

Data, devices and networks are insecure. The TPM provides embedded security including:

1/2half the cost of a smart card

1/3one-third the cost of a tokenbuilt-in authentication

Root of Trust (RoT)

As computing environments become more complex, more security functions will rely on Root of Trust (RoT). This will be the case not only in the original TPM target platforms of desktop and notebook deployments, but also in the mobile, virtual and cloud server environments, as well as the embedded computing space and IoT devices ranging from cars to factories to appliances and more.

RoT is hardware, firmware, and/or software that is inherently trusted to perform a vital security function.

Some of the TPM applications devised

and endorsed by the members of TCG

Cloud ComputingTrusted Computing concepts allow cloud users to establish trust, exchange information about the platforms they use and assure compliance to agreed policies

TPM MobileTPM Mobile offers a hardware root of trust in the device for secure transaction, secure storage of keys and certificates and integrity assurance

TNC specs enable endpointposture assessment, intelligent

access control and security automation for compliance with

network/enterprise security policies

Self-encrypting driveSED solutions based

on TCG specifications enable integrated

encryption and access control within

the protected hardware of the drive

Sharing a common TCG approach Sharing a common TCG specification would be more economical than fragmented solutions, reducing the cost of goods for vendors, developers, and suppliersand cost of ownership for users of technology. Federal and international legislation mandate the use of strong security measures to protect information, as shown by the 2013 FTC ruling, which imposed clear guidelines after a “failure to take reasonable steps to secure the software it developed placed sensitive information about millions of consumers at risk”.

With that in mind, TCG offers a broad foundation of support for now and the future:

JOIN the quest to develop and promote trusted computing technologies, and become a part of the global circle of trust.

1 2 3 4 5Pervasive deployment of TCG technologyNot just in PCs, but in a wide range of devices, including mobile and the cloud

Creation of the trusted platformBIOS, TXT, operating systems, storage, secure I/O

Expand trusted computing to the more complex systemsServers, virtualization, networking infrastructure

Connect networks and systemsIncluding the Internet of Things (IoT) and the Cloud

Build resilient securityCreate a robust, standards-based ecosystem for proactive security

SOURCES: Abderdeen Group, Bloomberg, Cisco Systems, ComputerWorld, Ericsson, Federal Trade Commission, Forbes, IBM, IDC, Ponemon Institute, Trusted Computing Group, Verizon, Wall Street Journal

The evolution of trusted computing and TCG:

Contributing significantly to the vast streams of data created today are increasing numbers and kinds of devices. According to estimates, the number of mobile phones will exceed the world population in 2014.

Computers in use will reach the 2 billion mark next year.

2B

WHERE TRUST BEGINSPROTECTING THE CONNECTED ECOSYSTEM

The connected computing reality has changed our lifestyles while creating new needs and expectations. While constant Internet access offers many benefits, including instant

access to data and connectivity among many kinds of devices, there are downsides.

The world of data

Total number of devices (bn)

According to IDC, in 2013 there were almost as many bits of data in the Digital Universe as known stars in the physical universe, and by the year 2020 the Digital Universe is expected to reach

44 Zb(ten times the size of 2013)

The Internet of Things (IoT) is growing over three times as fast as traditional IT, and by 2020 will nearly equal all other IT spending. Research conducted by Cisco Systems indicates as many as 50 billion installed connected things by 2020.

2010

12.5

2015

252020

50

IBM and Ponemon Institute research points to the significant increase in average total organizational cost of data breaches over the period of one year:

The costs (US$ million)

The big chunk of it relates to the average “lost business” cost

USA

5.85

3.32

France

1.69

4.19

Germany

1.64

4.74

UK

1.59

3.68

Three specific factors can significantly reduce the

average cost per lost record:14.1

12.8

strong security posture

incident response plan

6.6

CISO* appointment

*Chief Information Security Officer

US$

Trusted Computing: A Foundation of Trust for Devices and Transactions

The Trusted Computing Group (TCG) enablesa secure foundation for all types of computing; its open, vendor-neutral industry specifications include the TPM for establishing a root of trust, as well as software interface specifications across multiple platforms and operating environments that improve the security of data, devices and networks.

In a 2012 report, Aberdeen Group made a case for using TPM as a hardware root of trust:

Cost per endpoint (US$)

Trusted Platform ModuleNo hardware root of trust

5671

48

Security-related incidents

85%

50%

Most of that data (about 2/3) is created by the individual consumer, but 85% of all the content falls within the responsibility of the enterprises acting as owners/custodians of:

personaldata

payment processing

records

proprietary corporate

data

medical records

authentication credentials

financial& banking

data

Security is mission critical

About half of the data, IDC estimates, is currently UNPROTECTED. Since 2005, the Privacy Rights Clearinghouse reports that 536,508,478 records have been breached from unencrypted drives that were lost, stolen or hacked.

During a period of 12 months, any

IBM monitored client on a weekly basis

suffered on average

42% 6% 6%31% 15%

misconfigured system or application

vulnerable code

end-user error

targeted attack (exploited) undetermined

Research from IBM identified five industries with the highest share of attacks:

26.5%Manufacturing

Finance & Insurance

Information & Communication

Health & Social Services

Retail & Wholesale

20.9%

18.7%

7.3%

6.6%

200malicious attacks

1.7security

incidents

Consider the Heartbleed vulnerability, the massivedata breach at Target andthe recently reported eBay phishing scams. It turns out almost half of the attacks are classified as opportunistic -an attack that takes advantage of existing vulnerabilities or weaknesses without any specific motivation. Furthermore, IBM ranksthe human factor as themost prevalent element contributing to vulnerabilityof an average organization:

Trusted Network Communications

Secure (and Insecure) Messaging

Stop Being Insecure-How To Overcome Being An Insecure person

Insecure indexing

Insecure Protocol Usage - ExtraHop

Chronic Traumatization, Dissociation, and Insecure

Insecure Mag 6

Security in an Insecure World

American English Spelling Edition - Schoolkrs.school.hk/~primary/index_download/2016-01-15_bookList.pdf · 520 520 520 520 520 520 520 520 520 520 520 530 530 530 530 530 530

09 a7 insecure cryptographic storage.pptx

The insecure brand

DOCSIS Insecure by Design[Self]

Insecure work - tuc.org.uk

folder2009 - STAMPCO · telas de proteção conforme normas de segurança (PPRPS) o STAMXO EM PRENSAS 280 380 380 380 380 420 420 470 470 580 580 420 520 520 520 520 520 520 520 520

Java Security Concepts Within 'Insecure Networks'juxi.net/papers/Java.Security.Concepts.Within.Insecure.Networks.pdf · “insecure network” more secure in handling and usage. My

Insecure Mag 5

Insecure Mag 11

Women's Insecure Property Rights

Insecure Mag 30

Insecure Mag 2

Introduction to Insecure Deserialization

The Cost of Insecure Mobile Devices in the WorkplaceT Mobility Report FINAL 2.pdfThe Cost of Insecure Mobile Devices in the Workplace Ponemon Institute: March 2014 Part 1. Introduction

Ü G ber uard Insecure Storage. Ü G ber uard What is Insecure Storage? Insecure storage is the end result of improperly protecting the integrity of the

INSECURE CHEF 2 J UNE Cooking with the Insecure Cheftim/introframe/ICMay2003.pdf · Cooking with the Insecure Chef ... Answers to Real Reader Questions ... Lasagna, and Shepherd's

The Cost of Insecure Mobile Devices in the WorkplaceT Mobility Report... · Ponemon Institute© Research Report 1! The Cost of Insecure Mobile Devices in the Workplace Ponemon Institute:

Insecure email

INSECURE 2016

Insecure Mag 31

Docsis Insecure by Design

Risks of Insecure Communication

Insecure Trends in web 2.0

Meghan Cook | Rachel Kenny | Austin Richards · Did households ever intercrop? Reasons households intercropped: Severely food insecure Moderately food insecure Mildly food insecure

Insecure Mag Infosec2014

Securing the Insecure

Parenting While Food Insecure - fsnep.ucdavis.edu

Understanding Insecure Work · UNDERSTANDING INSECURE WORK HISTORY OF THE PROJECT The ‘ Understanding Insecure Work’ project began with a question from Bill Rosenberg (NZCTU)