Some people frequently ask us about cyber security access control and while we think about it a lot behind the scenes we realized our experiences and knowledge could be of interest for many of our readers. This is why we are kicking off this new series called “Security Sunday” – a collection of everything revolving around security topics.
This week, we’ve been exhibiting at Columbia University’s Cyber Security event which was one of the best security events around in a while. The combination of panelists consisting of Benjamin Fried (CIO of Google), Salvatore Stolfo (Professor of Computer Science at Columbia University), and David Aronoff (General Partner at Flybridge Capital Partners) was not only informative but managed to get different angles on the same topic which is quite interesting when it comes to cyber security.
Some Highlights That We’ve Taken Away From The Event:
Ben Fried argued open source software can be more secure than closed source as it is subjected to peer review where even the most hidden and unusual bugs can be found. However to expose the software initially or once a vulnerability suddenly becomes public might make it more vulnerable at first. Be as it may, all of the panelists agreed that having an extremely up to speed emergency response procedure in place is still the key to cyber security.
When we asked Fried about the Google keycard he wore on his jeans, he said he is pretty neutral when it comes to keycards. Even so, he continues to use his keycard because he likes the aspect of visibility it offers. Anyone walking around in the office with a keycard can be immediately identified as ‘authorized’. Maybe that can be a good use case for wearables who can identify on sight if someone has access or not, so you don’t have to pull out your phone.
David Aronoff said the safest computer is the one that is shut down and that no wires go in or out as well as being in a locked room with no keys. We think that there are a lot of options in securing and monitoring computers and network access but there aren’t really many options for out-of-the-box SaaS access control solutions for physical spaces. Being one of the two key features of a safe computer, this is quite astonishing. Maybe future CIOs also have to think about the security of their space as part of the risk management for cloud security systems.
Salvatore Stolfo – one of our heroes in the anomaly and intrusion detection space – had a really great remark about how to approach cyber security:
MOST COMPANIES TRY TO PROTECT THEIR DATA AS PERFECT AS POSSIBLE. HOWEVER IT ONLY REQUIRES ONE SINGLE GLITCH FOR AN ATTACKER TO GET FULL ACCESS.
He proposed a potential solution for it,
“What if the attacker had to be perfect? What if my database is not simply exposed but there are hundreds of databases – and while just one of them is the real one, the attacker doesn’t know what to do with all the data he finds
— Salvator Stolfo
Also, just how cool is his website? We totally dig it.
During the event where we were exhibiting our access control technology, a CTO of a very large New York based technology company stopped by. He told us that he manufactures their own keycards using biometrics. We argued that this could also be done on the phone in the future but he responded (and we think this is true indeed) that “the smartphone providers do not give you the depth of access to all security relevant settings in the phone”.
To make it clear: Not even banks can have that level of access to the operating system of a phone which they would need. This is why developments like the Samsung Knox are great, but they are not yet at the level where cyber security should be on mobile phones. Until vendors are able to control the security on the phone, it is largely up to the smartphone vendors to find ways on how they protect the user.