Two years ago at CES – the world’s largest expo for new gadgets and consumer technology – cybersecurity was a sideshow; now if you don’t have a cybersecurity story for your device, you will be questioned.
Also, where vendors in years past may have had a passing knowledge of what their cybersecurity tech did, now there is a whole other level of sophistication, because customers now demand it.
From the tiniest wearable to the next car you’ll buy – which will at least partly try to drive itself – security is baked in … well, at least half-baked in.
That’s the problem – the rush-to-market pressures still trump security.
I asked one device manufacturing startup for specifics on their security, and the answer was a bit foggy. They bandied about some terms, but it was still pretty thin.
Some companies here build their security with an internal team, but it is much more common to partner with external-specialists. So when customers ask about security issues, it’s both more plausible and practical to point them in the direction of your security vendor.
Nowhere was this more squarely featured than in the car tech area. While super-sexy new connected cars are definitely on the drawing board, right next door to the show models are booths for vendors who do nothing but secure some aspect of the whole experience, right now.
It used to be that a low speed Controller Area Network (CAN) bus (and a high speed one that does less important things) would happily transmit all the data needed to run a car; now the giant raft of functionality customers expect requires much more capable interfaces, especially in light of all the new in-vehicle, and vehicle-to-vehicle communications. With sensors on every corner, guiding your driving experience in ways you didn’t yet know you needed, networking and processing all that data is no simple feat.
Even in the home tech area, embedded electronics abound. Not content anymore to just have a bed made of soft plushy stuff, now you can adjust everything about the bed, from electronically sitting up in bed to the lighting surrounding your nap: connected digital technology everywhere.
Whether you go with cloud or embedded security, or a combination of the two, the trend is to use outside security expertise on a consulting basis, allowing your company to focus on the core strengths without the deep pockets required to hire specialists in the security space. This is also better than ignoring security until you’ve shipped product then bolting it on afterwards.
And since partnering speeds time-to-market, heretofore less widely used tiny operating systems like QNX are oozing into a host of things that move, sound great, or sit on a shelf in your house. That’s good news because the microkernel approach taken by such OSes compartmentalizes normal operating system functionality into more secure individual servers within itself.
When it comes to securing all the whatchamacallits, focusing on the tech you know well, while working with someone else, like a partner who ‘gets’ security, is definitely a step in the right direction, even if the booth staff still doesn’t really know what a packet is, let alone a malicious packet.
Author Cameron Camp, ESET
source : WeLiveSecurity http://ift.tt/2o9cyXf January 18, 2018 at 02:03PM