What entertainment gets right and wrong about security

What entertainment gets right and wrong about security

Cindy Provin | SVP Entrust Datacard and General Manager, nCipher Security More About This Author >

The 2019-2020 TV season has begun. And fans of the most hotly anticipated tech-related programs are gearing up to enjoy new episodes.

As you may already know, USA Network’s Mr. Robot premieres Oct. 6. And HBO’s Silicon Valley begins its sixth and final season Oct. 27.

Such tech-focused shows have recently captured our imaginations with what technology can do and where it might be going. Movies have, too.

The big picture

Tech plays a starring role even in movies in which IT is not the focus, such as Ocean’s 8, with an all-star cast featuring Cate Blanchett, Sandra Bullock, Anne Hathaway and Rihanna, and The Hunger Games trilogy with Jennifer Lawrence.

answering the need

People at tech conferences still regularly reference the 2002 Tom Cruise movie Minority Report. Other Hollywood actors, like Harrison Ford, Robert Redford and Will Smith, starred in the respective tech movies Firewall, Sneakers and I, Robot several years ago.

Back in 1983, a young Matthew Broderick played a high school student who unwittingly accesses a NORAD computer and nearly launches World War III. That movie, War Games, is a family favorite. For many of us, it’s one of the earliest tech movies we can remember.

But, in fact, IT has been a popular theme in Hollywood for even longer than that. Back in 1969, Kurt Russell starred in The Computer Wore Tennis Shoes.

This movie tells the story of a young man who gets shocked while fixing a computer during an electrical storm. His brain fuses with that of the computer, and he becomes a genius.

What a difference 50 years makes.

Virtual reality

The entertainment industry has gotten much better at getting us to suspend our disbelief when it comes to tech tales.

PC Mag notes that the show Mr. Robot “goes out of its way to use real-life hacking tools like Kali Linux and a lot of legit command prompt action.”

Even the goofy show Silicon Valley has lots of real-life references. For example, one episode has Pied Piper presenting at the real-life event TechCrunch Disrupt. The Weissman Score compression metric that the makers of HBO’s Silicon Valley introduced to TV viewers has even made its way into the real world.

But not actual reality

While many shows and movies employ technology to tell their stories, it’s important to remember that these are tales, not fact. They’re fiction.

I mention this not to spoil the fun. I enjoy a lot of these shows and movies myself.

However, in TV and film, the heroes frequently manage to fix everything. That’s not how it works in the real world – particularly when we’re talking about cybersecurity.

Rather than the star of the show managing to fix everything, cybersecurity is a team effort. It requires the buy-in, collaboration and participation of a variety of stakeholders. That includes the CEO, CIO, CISO, CTO and other business leaders, managers and players through the organization and business ecosystem.

If there were an Academy Awards category for the best cybersecurity approach, it wouldn’t be a single actor or actress running onstage to collect the little gold man. Instead, it would be one of those situations in which a large group gathers at the podium and gets played off before everybody has a chance to thank the Academy, their parents and their kids watching at home.

Please click here to learn more about nCipher. You can also follow us on Twitter, LinkedIn, and Facebook.

Answering the need for secure cloud key management

Answering the need for secure cloud key management

According to Gartner, “Cloud computing has become the new normal for modern IT environments — cloud adoption rates among organizations are projected to jump from 68% in 2017 to 85% in 2019.”1 However, data in the cloud is not necessarily safe. In fact, Dropbox, LinkedIn, Home Depot, Apple iCloud, Yahoo, and many others 2 have had their data breached in the cloud.

Our customers at nCipher know this. They also know that best practice for data security in the cloud is to obfuscate the data through a cryptographic process and to maintain control of the encryption keys. In this model cloud service providers are repositories for the securely encrypted data, but the organization that owns the data and hires the cloud service holds the cryptographic keys.

So in September 2019, nCipher is announcing its new, powerful nShield as a Service.

nShield as a Service

nShield as a Service is a cloud-based hardware security module (HSM). The service is a subscription-based solution for generating, accessing and protecting cryptographic key material. These functions are separated from sensitive data in the cloud, using FIPS 140-2-certified nShield Connect HSMs. This cloud-hosted model gives organizations the option to either supplement or replace HSMs in their data centers while retaining the same benefits as owning the nShield appliances.

nShield as a Service is ideal for cloud-first strategies, selective cloud migration, or supplementing existing HSM capacity to handle workload spikes. It enables users to:

  • Extend cloud-based cryptography and key management across multiple clouds
  • Align crypto-security requirements with organizational cloud strategy
  • Simplify budgeting for business-critical security
  • Decrease time spent on maintenance and monitoring

Subscribed customers interact with the cloud-based nShield HSMs in the same way that they would with appliances in their own dark data centers, but they do not need to receive, install and maintain physical hardware. This can result in faster deployment of secured applications.

Thinking outside (or inside) the box:

nShield as a Service customers can choose to run application code either within or outside an HSM—unprecedented dual functionality.

For cloud-hosted applications, nShield as a Service allows the user to maintain full control of the key material regardless of the location of the hosting infrastructure.

To run applications inside an HSM, nShield as a Service provides CodeSafe, secure execution for crucial portions of cloud-based applications within a trusted runtime environment. The exclusive CodeSafe capability gives users on-demand access to expanded secure computing capacity. Customers can seamlessly migrate their secure code execution from an on-premises HSM to the cloud.

This dynamic and powerful pair of options allows each customer to tailor a secure configuration for its sensitive data in a way unavailable elsewhere.

answering the need

Security World

nShield as a Service uses the same unique Security World architecture as on-premises nShield deployments so customers can use a hybrid approach that mixes nShield as a Service and on-premises HSMs. Security World is a scalable key management framework that spans the customer’s nShield estate. It provides a unified administrator and user experience and guaranteed interoperability across all devices, whether subscription-based or company-owned. This allows organizations to easily and efficiently scale their HSM operations with their specific environment, operational approaches and security needs.

The power of nShield—now in the cloud

For more than two decades, nShield HSMs have provided state-of-the art key protection, access control enforcement, and secure code execution. Now nShield as a Service provides the same protections paired with remote management and flexible access control both in the cloud and within onsite data centers.

Customers seeking cloud-first solutions can work with market-leading cybersecurity and infrastructure vendors in nCipher’s nFinity Strategic Technology Partner program, including F5, IBM, Micro Focus Voltage, Red Hat, Venafi, and Citrix. These partners can provide additional functionality including SSL, code signing, and database encryption.

Click here to learn more about nShield as a Service. If you’d like to learn more about nCipher, please follow the company on Twitter, LinkedIn, and Facebook

Protect the key – or don’t bother encrypting your data

Protect the key – or don’t bother encrypting your data

Brad Beutlich More About This Author >

Encryption has seen quite the evolution. The technology, which can be traced back to BC Mesopotamia, is on the cusp of entering into a quantum era. The one constant? While encryption solutions will change with time, the importance of protecting the key will never change. In fact, the more effective the encryption technology, the more the key needs protecting.

Throughout history, one side in a conflict would encrypt their messages and the other side would employ people who would try to either break the encryption or steal the key. Nothing is different today. Except today, because of the strength of our encryption technologies, the other side doesn’t even try to break the encryption. Rather, they steal the key by any means possible.

Protect the Key

All of us have seen the movies where the bad guy puts a gun to the head of the good guy and says something like “decrypt the data or you’ll eat a bullet.” Following a feverish and typically nonsensical typing on a keyboard, the encryption is broken and the good guy (covered in sweat) pushes back from the table and says he’s done it.

Hollywood doesn’t do us security folks any service with this fiction. With our existing computing power, the time required to decrypt data protected by a 256 Bit AES encryption key is measured in millions of years. This is why no one tries to “brute force” attack an encryption key. As we attempt the transition to quantum encryption, this statement will be even more true.

If you’ve been wise enough to assume that your perimeter will be breached and you are enlightened enough to assume your uninvited hacker guest will try to steal your data and you’re smart enough to encrypt the data...you still can’t rest on your laurels. Based on a number of studies, the time between a hacker’s penetration and detection is between 160 and 260 days. Even at the low end, that’s a long time for a hacker to find your keys if you’ve stored them in software.

Since most hackers aren’t your regular 8 am to 5 pm crowd and sometimes work in teams, those 160 days might end up being thousands of hours if the hacker is working with his buds. How hard is it to find an encryption key that’s stored in software? Unfortunately for you, not very hard. Cryptographic keys use something called a Random Number Generator in their creation. As such, the resulting key, as you expect, is itself quite random.

A crypto key represented in a binary data scan will look very much like ‘snow’ in that it has a varied pattern. All a hacker has to do is search through data using a relatively unsophisticated program that looks for randomness in a binary data scan. Once the random data is found, it’s highly likely it will be some type of crypto key. Seeing that a company may have a few thousand crypto keys, it doesn’t take long to try these keys against the encrypted data. To put this into perspective, a 256 Bit AES key has 1.15x1077 possible combinations. That’s 115 with 75 zeros behind it. This is a truly unfathomable number of combinations. Even if a hacker finds a few thousands keys, it won’t take them 160 days to try each of them on the encrypted data in order to unlock the data. Trying four keys per minute, a single hacker, in a 16-hour period could test over 3,840 keys. In 160 days, that’s over 614,000 keys.

To illustrate this another way; Most people lock the doors of their houses. Most houses have breakable glass windows within a few feet of the door. Smart burglars don’t like to make noise so breaking glass isn’t the best option. A burglar, however, will always check under the mat for an extra key. Storing keys in software is the physical world equivalent of leaving your front door keys under your doormat.

nCipher Hardware Security Modules (or HSMs to those in the know) are specifically designed to stop a hacker from finding crypto keys. An HSM takes the keys from ‘under the mat’ and puts them into a secure location that a hacker cannot see. If you’ve encrypted your data, the hacker will immediately go on their secondary search for those random bits of data. They cannot see the HSM and therefore they cannot see where the keys are stored. An HSM is designed using strict standards imposed by the National Institute of Standards and Technology (NIST). The protection of software stored keys aren’t certified by anyone.

The process of encryption has been around for thousands of years and there’s every indication that encryption will become even more important in the future. From a security perspective, the encryption process is important – but the security of the key is paramount. If you’re going through the trouble of encrypting your data or any other solution that requires a cryptographic component, you must make an equal effort to protect those keys. Otherwise, you’re in for a rude awakening.

Please click here to learn more about nCipher’s products. You can also follow us on Twitter, LinkedIn, and Facebook.

“Yolanda be Cool!”

“Yolanda be Cool!”

Dr. Pali Surdhar | Chief Security Officer More About This Author >

On June 5 2019, security researchers Gabriel Campana and Jean-Baptiste Bédrune first presented a paper entitled ‘Everybody be cool, this is a robbery!’ In their paper, the researchers described attacking and extracting keys from a well-known vendor’s Hardware Security Module (HSM).

Yolanda be cool

Blackhat 2019 sees the paper presented to a much larger international audience. This will no doubt renew interest in the subject area and raise further eyebrows.

The eye-catching title was adopted from the iconic opening scene in the movie Pulp Fiction. A frenzied Tim Roth (Pumpkin), utters the colorful phrase when robbing a diner. The situation does not end well for the Pumpkin and his partner largely due to the cool head of protagonist Samuel L. Jackson (Jules) who manages to gun the robbers down after a very tense dialogue that opens with the phrase ‘Yolanda be Cool!’ indicating that Jules is indeed an adversary to be reckoned with (the urban dictionary has a slightly more glorified view of the use of the phrase and describes him as ‘badass’).

Now what has all this got to do with HSMs and who is robbing whom and is this a ‘Yolanda be Cool!’ moment?

The research presented was significant and exciting in that it demonstrates an attack on a Hardware Security Module. HSM devices secure storage of secrets and keys and are used widely in the industry as ‘the’ ultimate root of trust for a wide variety of applications and systems that need assurance and accreditation that their cryptographic keys are secure.

The fallout from the well-received presentation was that industry was left with a lot of questions and suspicions around the use and development of HSMs. Scanning comments from customers and social media, including blogs, tweets and expert reports on the subject we found that the prevalent mood of HSM users and security experts was one of alarm, concern, suspicion, and more strongly, mistrust.

This is not quite a ‘Yolanda be Cool!’ moment as it does not end in such a dramatic fashion, but it does raise some important questions. We attempt to answer some of these from an nCipher Security perspective, specifically discussing the nShield HSM product set.

What is a HSM?

  • A HSM is a specialized hardware system that performs cryptographic operations including key generation, key management, signing and encryption.
  • HSMs allow for the separation of security as a concern from other application and business logic and provides a tightly controlled interface to the underlying functionality. This enables customers to concentrate on activities that are core to their business without having to run the gauntlet of building and assuring their own cryptographic modules.
  • HSMs are focused on getting the implementation of cryptographic primitives right including the generation of high entropy random numbers and algorithm correctness. They are also focused on actively protecting cryptographic material and are designed to defend against a variety of attacks including attacks to the algorithms themselves, attacks to the physical system and the Operating System itself.

What is the value of having a HSM?

  • HSMs are specialized systems that are created by experienced engineers in the field. nCipher Security engineers have over 700 man years of experience in developing such systems where security is of utmost importance. Customers benefit directly from this extensive experience when they use nCipher HSMs.
  • HSMs meet with compliance requirements where the system implementations and their development environments are required to undergo extensive independent review and rigorous security testing. nShield HSMs are FIPS and Common Criteria certified.

Can still I trust a HSM?

  • HSMs vendors’ best interests are served by making their systems secure and compliant with the standards that are required of them otherwise they would soon be out of business.
  • However, there is a definite need to evolve into the 21st Century with regards to their design and implementation practices. Attackers are becoming more capable and there are more resources readily available for both casual and dedicated hackers. nCipher Security actively pursues improvement of security and capability of its products. The goal is to ultimately reduce risk to customers by making secure products with compliance being a byproduct.

How do we know that the nShield product is not vulnerable?

If the researchers fuzzed their code, they would have found the issues themselves.

What is fuzzing?

  • Fuzzing is an automated way to send large amounts of data (possibly malformed mutated random data, hence the name 'fuzzing') to test if a program crashes because it mishandled malformed or malicious data. There are various types of fuzzers, some are smart enough to prioritize code coverage rather than simple random input, in order to test more of the program functionality. The idea is to monitor the program as it processes the input and watch for exceptions. These exceptions can potentially identify vulnerabilities in a program.

Do you fuzz test your code?

  • Yes, this is a growing capability within nCipher Security. Fuzzing is currently carried out in an ad-hoc manner on new interfaces. nCipher Security first started fuzzing nShield interfaces in June 2015. The priority has been to test externally accessible interfaces such as the serial interface, file parsers, and unmarshalling structures, ASN decoders and cryptographic primitives such as multiplication of Elliptical Curve points using fuzzed keys. We are increasing coverage and are driving to incorporate fuzzing as standard continuous testing in the near future.

What other development practices do you follow that are important for making secure products?

  • Common Criteria compliance requires review of the development lifecycle for the system. The entire product lifecycle is put under review, including the provenance of hardware and software components, the security of the development and manufacturing environments and specifically whether any of the product inventory can be maliciously tainted en route to release.
  • All nCipher products are subjected to routine security analysis, penetration testing and security code reviews as part of their Secure Development Lifecycle.
  • In addition to following best practices, nCipher places great emphasis on developing security-aware development teams and has a dedicated Security Office that puts product security first and foremost.

Will these kinds of attacks evolve and what does the future hold?

  • The research carried out by Campana and Bédrune involved dedicated work and meticulous analysis to identify issues and flaws within a specific hardware system. The vulnerabilities they identified are applicable to any system especially those that are susceptible to memory safety issues and code integrity problems.
  • In all likelihood more dedicated systematic testing will uncover further issues on HSMs (or any software system for that matter) agnostic of vendor. Attackers are becoming more sophisticated, capable and resourceful; toolkits and exploits are more readily available to explore and attack systems.
  • We must accept the position that systems will be broken but the important questions are whether we can fail safely and are resilient enough to recover and how we continue to operate. Reducing the attack surface through careful design, secure architecture and following best secure development practices also helps significantly on the security journey.
  • Demand for performance and scalability is pushing us to a service-oriented world and as such requires deployment environments to change. It gets more difficult to manage security in virtual environments and the cloud. Architectures must change and traditional security practices need to evolve.
  • And what of compliance? Delays due to compliance will be even less tolerated in a world where Continuous Delivery may become the norm.

Attending Black Hat? Please visit nCipher at booth 1316. You can also follow us on Twitter, LinkedIn, and Facebook.

People want more control of their personal data And the organizations that help Americans gain that control stand to benefit

People want more control of their personal data And the organizations that help Americans gain that control stand to benefit

Cindy Provin | SVP Entrust Datacard and General Manager, nCipher Security More About This Author >

Control is a loaded term, and can be perceived as a negative, but almost everyone wants to have some measure of control and considers control a good thing.

People want more control of their personal data

American Customer Satisfaction Index founder Claes Fornell said consumers are more satisfied when they have a greater sense of control. Yet in our data-driven world, in which people seem to have more power than ever, Americans often feel they lack control over their data privacy.

Most people are protective of their private information and uncertain about just exactly which online sites are storing their personal data. But the majority of them would prefer that the organizations that do have their information keep it to themselves. Many are unsure how they can take control of their data – or whether that’s even possible. And most would like an easy way to understand and track which online entities are storing their personal data.

Americans continue to be protective of their private information

A recent nCipher Security survey indicates that the majority of Americans (62%) are not comfortable with organizations sharing their private information. Only about a fourth (26%) of the 1,000-person nationwide survey group said it is ok for organizations to share their personal data.

Americans revealed that they do not want organizations to share their personal information due to concerns about privacy and trust. Half of the survey group said that data privacy is important to them. The other half expressed distrust that companies will keep their private data secure.

A significant share – 44% – of Americans said under no circumstances would they want an organization to share their personal information. But some said they would make an exception in special circumstances. For example:

  • 25% said data sharing would be ok if their personal safety was at risk
  • 17% said they would be comfortable with the sharing of their personal information to benefit the efforts of Homeland Security
  • 17% said they would be happy to share their personal data in return for $1 million

Despite business efforts to communicate privacy commitment, Americans remain skeptical

Most of us are aware that there’s a consumer trust issue when it comes to personal data privacy. Many organizations have responded by trying to convince customers and prospects about their commitment to safeguarding personal data. In fact, a majority of Americans (55%) said they have noticed a recent uptick in notifications – in the form of emails, letters and pop-up windows – about data privacy protection efforts.

Here’s more good news: the message seems to be getting through to most Americans. According to the nCipher survey, 58% of Americans said they understand the data privacy protection notifications they receive.

Here’s the not-so-good news:

  • 35% said they do not read such notifications, which can be overwhelming
  • 28% said it takes too much time and effort to read such notifications
  • 27% said they understand such notifications only some of the time
  • 24% said they believe such notifications are an effort to protect the organizations that send them rather than their own personal privacy
  • 18% said notifications are immaterial because their data is at risk regardless

Most Americans think they have some control of their data – but doubt, fear loom

More than half of Americans (56%) believe they have the right to delete their personal data from online sources whenever they want. But a good share of Americans said they are uncertain about just exactly what their rights are relative to personal data privacy and control.

A quarter of the survey respondents said they are unsure whether they have the right to request and expect online sources to delete the personal data they have captured. And nearly a fifth (19%) said they do not believe they have the right to delete their private information.

Nearly half (45%) of Americans said it would not be easy to have their personal information removed from online entities even if they wanted that to happen. And the majority of Americans (61%) said even if they put in a request to have their private data deleted, they wouldn’t trust that the organization to which they made that request would never again have access to that information.

The bottom line: Americans don’t know where their private data is, but they want to know

Clearly, there’s a lot of mistrust and mystery about how organizations are handling Americans’ personal data and which entities are storing and sharing what information.

Over half (52%) of the nCipher survey respondents said they do not know which online sites currently have their personal information. That probably doesn’t come as a surprise, as it can be difficult to remember every entity with which we interact. And data sharing means we don’t necessarily have to have a relationship with the entities that have our personal data.

Whether or not people believe they know who has access to their personal data – and whether and to what extent those entities are guarding the privacy and security of that information – many Americans would like to take control of their personal data privacy. The fact that 50% of the survey group said they would take advantage of a way to keep track of all the online sites that store their personal information illustrates that point.

But mass adoption of such an approach would hinge on its ease of use, affordability and effectiveness. Only 17% of the survey group said they would be interested in tracking the online sites that store their personal information if that process was easy. Thirteen percent said whether they would take advantage of such a capability would depend on the cost. And 8% apparently have completely given up the idea of taking control of their personal data privacy – saying hackers can get their information anyway.

It’s up to businesses to convince them otherwise and demonstrate how advanced cryptographic solutions can secure their data and their personal privacy. When we as businesses take control of personal data privacy, we give customers a greater sense of control. That lowers risks for both our own businesses and our customers. And as Mr. Fornell would probably tell you, that can go a long way toward building customer loyalty and satisfaction.

Follow nCipher on Twitter, LinkedIn, and Facebook.

Much like Amazon Prime Day, digital assistant and IoT device security is an epic deal

Much like Amazon Prime Day, digital assistant and IoT device security is an epic deal

John Grimm | Senior Director of Strategy and Business Development More About This Author >

Amazon Prime Day – which is actually “a two-day parade of epic deals” – is just around the corner. And more than half of Americans – and nearly 60% of U.K. residents – are planning on or considering buying a digital assistant during this global online shopping event July 15 and 16.

Last year, nCipher research indicated that fewer than half of U.K. residents who did not yet own a digital assistant planned to get one on Amazon Prime Day. So, interest in digital assistants is clearly on the rise. But security concerns related to digital assistants could prevent some shoppers – who are increasingly paying attention to cybersecurity and moving to secure themselves, their applications and devices – from taking advantage of Amazon Prime Day deals.

Most shoppers express concern about cybersecurity related to digital assistants

As nCipher research shows, more than half (59%) of Americans have privacy concerns regarding the use of digital assistants. More than half (51%) fear their digital assistant is listening to them at all times, and close to half (45%) believe their information is being shared.

Much like Amazon Prime Day, digital assistant and IoT device security is an epic deal

More than a third (40%) worry that their personal bank or credit card information may be compromised. And close to a third (28%) think digital assistants will inform hackers of their whereabouts. Only about a fifth (22%) of Americans do not have any privacy concerns with digital assistants.

A third of Americans don’t use a digital assistant. Of that group, more than half (55%) said they won’t use a digital assistant, and more than a quarter of that group (28%) said they are worried about security related to a digital assistant.

Many Americans who do use digital assistants believe the technology is eavesdropping on them. More than a third (35%) think that their digital assistant listens and records them at all times.

They are spending more on connected devices but some fail to secure them

Despite such concerns, IDC forecasts that IoT spending will reach $745 billion this year, with the consumer sector among those leading the way. And nCipher’s own research indicates that digital assistant users aren’t always vigilant when it comes to their use of digital assistants.
More than a third (37%) of American consumers leave the default settings in place when setting up their digital assistants. (The share of the U.K. survey group that does so is even higher, at 41%.) Nearly a quarter (24%) of Americans leave their assistant in listening mode at all times, and nearly a fifth (19%) of Americans leave the default password in place.

Lack of security can open consumers and their employers to threats

Last year just 9% of the nCipher U.K. survey group said they were aware of digital assistants being used at work. That has increased significantly in the year since. Today nearly a quarter (23%) of U.K. survey participants said digital assistants are used in their workplace. Meanwhile, 26% of Americans said they are using digital assistants in the workplace today.

The stage is set for an even greater share of people to use digital assistants for work purposes. The majority of U.K. survey participants who said digital assistants are used in their workplace were between the ages of 18 and 34. And real estate firm JLL recently partnered with Google to create a conversational AI assistant specifically designed for office workers.

Cybersecurity uncertainty continues, but more people are paying attention, taking action

Nearly a quarter of Americans are unsure about whether their digital assistant receives security updates automatically. Results for the U.K. survey group were nearly identical.
But most people from both the U.S. and U.K. groups in the nCipher survey, which included a total of more than 2,000 respondents, indicated that they actively take steps to secure their digital assistants and want assurance that connected devices come with security features.

Of the American group:

  • 81% said they create a stronger password when setting up their digital assistant
  • 63% said they apply advanced security settings when setting up their digital assistant
  • 60% said they are more likely to buy connected devices if the security features are labeled better

The same share of the U.K. survey group said they would be more likely to a buy a connected device if the basic features were labeled better. There’s good news here, because the U.K. is gearing up to require IoT device makers to tell consumers how secure their products are.

Another positive development is that the share of U.K. residents who leave their device default settings in place dropped from 57% last year to 41% this year. That may be a result of the increase in data breaches, heightened consumer awareness in light of the European Union’s new GDPR regulation, and Amazon being the subject of an inquiry due to privacy concerns related to Alexa, Amazon’s personal assistant.

Basic best practices

While I’ve shared tips on digital assistant personal security hygiene before, they’re worth repeating – especially now that these devices are becoming more common in the workplace:

  • Above all, take the time to really understand how these devices work, and the type of data they’re recording and saving
  • Get your desired level of security and privacy by personalizing your device security settings, and employing other security measures to complement them as necessary
  • Digital assistants should only be used in an environment where you are comfortable with the fact that they are listening to every single word that is said

Interested in learning more? Check out nCipher’s dedicated IoT security page. You can also follow the company on Twitter, LinkedIn, and Facebook, or find me @johnrgrimm.

Subscribe to
Want to be part of our team? Explore
Get in contact with a specialist Contact Us