By Aaron McIntosh, Director of Product Marketing, WinMagic & Marketing Work Group Co- Chair of the Trusted Computing Group (TCG)

As society becomes more and more connected with the development of technologies like the Internet of Things (IoT), it becomes crucial that every device on a network is protected and trusted to ensure there are no weak links or easy routes for hackers to get in.

The ways that hackers are gaining access to large corporate networks is often a consequence of the rise of IoT, but the methods of access are becoming slightly unorthodox. There have been several instances of air-conditioning and CCTV systems being targeted as an entry method into a wider network, and in 2018 a thermometer in a fish tank was used to hack into a large casino. With IoT bringing more connected devices, the possibilities are endless, and businesses need to reduce the likelihood of an attack by having sufficient protection on every single device.

The rise of IoT

If there are multiple devices that are connected to the same network, the required level of security must be provided for each device to ensure ultimate protection. A cheap CCTV camera must have adequate protection, as should an expensive server to ensure there is no point of access for cybercriminals. The level of security itself may vary between devices, but the secured embedded protection must meet the individual needs of each device.

A customized security approach is required by businesses to manage the individual needs of each device, but this can be easily achieved using technologies that are widely available. TCG’s security standards are based on the concept of Trusted Computing, where a Root of Trust forms the foundation of the device and meets the specific requirements of the device itself or its deployment.

Top Tips

Device security shouldn’t start at the device level.  Businesses need to make security a corporate priority at the data level first. And by ‘priority’, this means data security needs to be a part of everyday operational activities. It needs to be backed by sensible policy, and those policies need to be tested, audited and enforced with rigor.

Among the solutions available to ensure data and device protection is the Trusted Platform Model (TPM). The TPM has driven the work that TCG does for over a decade and is a go-to solution for those looking to protect their embedded systems. It provides integrity measurements, health checks and authentication services and crucially, can be implemented at different security levels depending on the requirements.

Encryption forms the foundation of any data security strategy.  It should be the first line of defense, not the last line, which is what we see on too many occasions. Every single device with a disk or drive needs to have encryption, so even if the physical device falls into the wrong hands, the subsequent fall-out is limited.

There have been many high-profile cases where a disgruntled employee or third-party contractor has stolen data. To prevent this, businesses need a suitable and customized security approach in place that can clearly indicate the security status of every single device within their IT ecosystem. If there was a breach of privacy, data privacy regulations, like GDPR, insist that a business must react correctly and in a timely manner. If a business isn’t aware of every device on the network, the protection status or whereabouts of customer data, or even how a hacker gained access, could take a long time – resulting in additional fines.

As physical systems and devices become more and more networked, they are going to become a prime target for attackers. But as IoT technology advances, so do the security solutions that protect against hacks. TCG believes that the next stage of protection will be adding a cyber resiliency system that behaves like the human immune system. It will be able to recognize when it has been infected, locate an intruder, actively deploy countermeasures and then become stronger. TCG has formed the TCG Cyber Resilient Technology (CyRes) Work Group that intends to improve the resilience of future platforms by applying trusted computing technologies. The workgroup is working to develop new technologies, promote existing best-practices and co-ordinate efforts in other groups inside and outside of TCG.

To find out more about TCG and its role in enabling secure computing, visit https://trustedcomputinggroup.org/.