Would you consider giving up personal data in exchange for a third-party app to show you what your ninety-year-old self will look like? The rise of social media brought lots of joy to consumers’ lives, allowing users to get glimpses of their future selves, to find out their horoscopes, and to communicate with others across the globe. Read more
When looking at technology adoption, I am frequently reminded of Pandora’s Box from Greek mythology. This metaphor rings true when considering the Internet of Things (IoT). Whereas Pandora released a host of evils into the world, with IoT we have released new concerns associated with multiple technologies, multiple standards, scale, and security (or as I like to say, resiliency). When considering the information that flows from the edge, through the cloud, and ultimately to the data center, the lowest common denominator for protecting information is trust created by cryptography (as noted by nCipher’s Juan Asenjo in the other half of this blog series). In this blog, we are going to start by acknowledging the pitfalls of our particular Pandora and then discuss how we find hope in the solution provided by nCipher and Fornetix.
Key encryption managers have very clear differences from Hardware Security Modules (HSMs.) The main differences reside in how the HSM encryption keys can be used by a Key Manager or HSM. There are other more important differentiators, however, let’s start with how encryption key managers leverage open standards, like the Key Management Interoperability Protocol (KMIP), and what exactly an HSM is.
When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?
How Auto Makers Are Working to Secure Connected Cars
Last week, Fornetix attended the inaugural Auto-ISAC summit. “ISAC” stands for Information Sharing and Analysis Center. There are several long-standing ISACs for other industries including aviation, electricity, natural gas, and financial services. You can find the full list here if you are curious.