Corporate espionage, government hacking, cyber warfare and the growth of Big Data that comprise today’s internet is fueling the need for security and encryption. The challenge of encrypting everything can be crushing to a CIO/CTO’s budget. The impetus to encrypt and double encrypt every bit and byte of data to ensure the data integrity and IP is making it harder to bring product to market and creating complexities that stifle innovation in the valley.
Steve Bennett, chief executive of Symantec, said even western companies were using cyber attacks to steal intellectual property, with potentially dangerous consequences for the global economy if innovation cannot be protected. http://www.ft.com/intl/cms/s/0/0b305ece-53d7-11e3-b425-00144feabdc0.html
The ‘Internet of Things’ is expanding not unlike the cosmos; industry analysts, mathematicians and statisticians are coming up with ways of guesstimating the size and shape of tomorrow’s Internet. In lock step with the internet’s growth is the rise of a kind of backroom war between nation states. On the line are the IP and citizen created/curated data that is quickly filling the Internet. It should come as no surprise when I say “the internet needs to be secured.” To protect consumer privacy, enable internet security organizations will require massive systems automation and data integrity as a schema moving forward.
Infrastructure, processes, and engineers are caught between competing demands. On one hand they need to get products to market quickly, on the other hand they face the expansion of platforms and devices, and the shifting nature of consumer habits that drive the entire economy. Mobile, cloud computing, M2M, smart devices, smart cars and homes wired directly into the web are massive volumes of data and new, complex challenges. How can organizations and developers manage their systems in this complex environment and plan for growth?
Automation allows engineers to manage tens of thousands of computer instances around the world–this is the “infrastructure as code” paradigm. Systems Automation enables robust, repeatable platforms and processes, significantly reducing time to market. However, automation without the ability to guarantee ‘state’ leaves organizations open to serious internal and external threats. The problem is, the current method of systems automation creates a significant hole in the security of the infrastructure. Once deployed the future state of that infrastructure is unknown.
Addressing the ‘state’ of things
There is a unique methodology to sign deployments, guaranteeing state, by combining OpsCode Chef recipes with Guardtime’s Keyless Signature Infrastructure (KSI). Adding data integrity strengthens the implementation of systems automation, and ensures a guaranteed state for the deployed frameworks and environments. KSI allows engineers to stamp their data which in turn guarantees the state of their deployment. With state guaranteed developers can continuously monitor that state in their environment and take action against anything that may alter it. These tools and methodologies are a software engineer’s first line of defense in the battle to keep IP and consumer data secure..
Using KSI to sign the frameworks allows engineers to mitigate the risk to these environments by creating a chain of custody for the deployment cycle. By signing and timestamping each touch point in the release framework, and then monitoring it, they in essence create a ‘secure state’. State is vital to control when you have so many devices and potential entry points where bad actors can compromise the environment. Once you have a stateful environment, and an unbiased signing technology, such as KSI, you can lock out hundreds of potential attacks such as: malware, intrusion, internal threats, configuration changes, binary file replacement, transaction tampering, backdating and more.
Rainer Gerhards has a handle on how Guardtime is critical to handling log intgrity “Any secrets-based crypto system (even PKI) is only secure as long as the secrets have not been compromised” http://blog.gerhards.net/2013/05/rsyslogs-first-signature-provider-why.html
All organizations today need protection from nation states’ hacking (Stuxnet), internal rogue employees (Snowden), and breach of certificate authorities (DigiNotar and Comodo). Software, network and systems engineers need a common framework for security and automation. Security isn’t only threat prevention, it is the means by which products get to market rapidly, sustainably and organizations remain competitive. The pairing of Systems Automation and KSI are the most sustainable methods to manage and secure the blooming infrastructure, as thousands of devices are brought online each day.
See original post at http://newcontext.com/2013/11/27/weapons-grade-integrity