Tag: #securityposture

Creating a safe networking of linked devices

Posted on by Tushar

Creating a safe networking of linked devices

The number of connected devices is predicted to grow to 75 billion by 2025. This will create a massively connected ecosystem, and data security will be paramount.

Many of these devices will be cyber-physical systems, which closely integrate computation, networking and physical processes. The devices consist of a physical entity and its cyber twin, which can replicate the behavior of the physical machine and give insights into how the machine will react when prompted by various actions. Connect these devices to the internet, for data transfer, and the result is the internet of things. Smart grids, autonomous vehicles and medical devices are examples of cyber-physical systems.

In cyber-physical systems, digital and physical components interact with each other in a variety of ways that change with context. For example, an offshore drilling facility transmits sensor values from devices to check that machinery is functioning; the alerts from the devices will vary depending on whether it is a normal scenario or an emergency. Similarly, a connected medical device will send an alert based upon the patient’s condition.

In all contexts, it is imperative to maintain security and privacy of the data. This is particularly true in a data-sensitive field like healthcare, where there is growing concern about cybersecurity in connected medical devices.

A secure framework for cyber-physical systems

Cutting off stealthy interlopers: A framework for secure cyber-physical systems

We have created a secure framework for connecting cyber-physical systems by leveraging distributed ledger technology (DLT). DLT is a digital system for recording asset transactions in multiple places at the same time, making fraud and manipulation difficult.

Our framework addresses:

  1. Two-way tamper-proof device communication
  2. Financial transactions between devices (e.g., machine-to-machine micropayments using crypto currencies)
  3. Message transfer and data storage between devices with minimal or no transaction fees and mining (network) fees

The framework integrates edge computing components, which are industry-specific (such as medical devices), and has DLT at its core for data transfer and communication.

Edge devices communicate with a central system, the Directed Acyclic Graph distributed ledger, which powers data storage, transfer and access and ensures data security and data privacy. Click image to enlarge.

 

Inside the framework

 

We developed the framework’s components using directed acyclic graphs (DAG) — specifically IOTA — as the underlying DLT technology. DAG architecture is well suited for scalability and does not carry mining fees.

IOTA uses an invention called “The Tangle” at its core. The Tangle is a new data structure, based on DAG, that takes care of data privacy needs by providing restricted and private storage and retrieval options.

safenetworking

We describe each component with an industry example but the components can be extended to other industries:

  • Financial transactions – This component stores all transactions and automates micropayments between machines without any manual intervention. This component can be directly applied to the automobile industry for vehicle charging, toll payments, parking place payments and more. Details are available in this earlier post.
  • Tamper-proof data transfer / two-way remote communication – The underlying DLT technology of this component ensures data security and privacy in transmission, storage and usage. One direct application is remote patient monitoring in healthcare. This can be extended to any industry that needs remote device monitoring or secure data communication (e.g., offshore drilling and its machines).
  • Track and trace of a device’s location with indoor positioning – This component helps track and trace sensitive assets, when knowing the status of a device or machine is paramount. For example, use this component to optimize x-ray machine use in a trusted hospital network and reduce patient wait times.
  • Secure over-the-air firmware updates – This component addresses the exponentially growing need to push secure firmware updates to connected devices, with tamper-proof audit trails made possible by DLT. It is applicable to all connected devices in almost every industry including automotive, healthcare, technology and energy, and utilities.

The components are designed to work online, offline and in mesh networking mode (when Wi-Fi or cellular networks are not available). For example, if connectivity is lost due to an emergency or an outage, these systems can still transmit messages in up to a 65-mile radius. This is critical because it means your medical device stays connected if Wi-Fi or cellular goes down.

Crucial ways by which Continuous Delivery improves your Security posture

Posted on by Tushar

How to automate compliance and security with Kubernetes: 3 ways | The Enterprisers Project

Continuous delivery yields a host of IT and operational benefits, including proven competitive advantages like faster deployment times, responses to customer feedback, and bug fixes.  But one aspect that tends not to make it on the marquee list of benefits — and should probably be headlining it — is security.

It’s really quite simple — with continuous delivery, cruical security enhancementst, updates and fixes to applications can be pushed live in a quick and timely manner to get the enhanced security into deployment. What could be better than that?

Traditional slow and batch-oriented waterfall approach

Threat Stack Launches New Unified Application Security Monitoring Solution | Threat Stack

Typically, in the traditional ITSM approach, when a security incident happens, it is captured and consolidated with other requirements to be addressed in the next application release. Sometimes an urgent patch release can be delivered sooner, in a few weeks – if it can rapidly progress through the cycle of fix, regression testing, release preparation, release testing and maintenance. But if the fix requires a major release, it could be many months until it can be made available, and in most cases, the only thing you can do in the meantime is document the incidents.

That’s too slow.

 A better, faster way — continuous delivery and DevSecOps

DevOps Market: Novel Approaches & Products | United States Cybersecurity Magazine

A modern service management approach combining continuous delivery and DevSecOps supports the core tenets of information security: data confidentiality, integrity, and availability.  A dedicated team provides continuous delivery by making small or incremental changes every day or multiple times a day. DevSecOps secures the continuous integration and delivery pipeline, as well as the content that’s coming through that pipeline.

You gain three key advantages:

Speed. Continuous delivery and DevSecOps dramatically improve security because they allow malicious attacks and bugs to be addressed as soon as they’re identified, not just added to some logbook. And in many cases, the window for action falls from between six and eight weeks down to minutes. Thus, far fewer incidents become problems that impact IT and business operations.

Consistency. IT teams working under traditional ITSM often worry that the continuous delivery and DevSecOps approach will create more opportunity for mistakes and bugs because more changes are happening more often. In practice, the exact opposite is true.

Flexibility. A DevSecOps approach simplifies the introduction of blue/green canary releases — implementing a new release while continuing to operate the prior release — into your delivery capacity. This allows you to redirect modest amounts of traffic to your new release, facilitating the identification of potential issues without drastically impacting many users. It also lets you rapidly shift all traffic back to the current release should a problem be identified.

The modern approach offers a variety of powerful tactics for quickly countering attacks. For example, workloads can be designed to move between cloud providers using Pivotal Cloud Foundry, containers or other homogenizing technology that offers the flexibility to move systems from one cloud provider to another. If there is a big denial of service attack in one provider, you could redeploy to another provider or back to a private data center with the click of a button. If an attack is focused on a particular IP, you recreate the environment at a new IP and block the other one completely. Structuring applications in this kind of push-button deployment mode creates opportunities for all sorts of similar scenarios.

How to move forward

Realizing the security benefits that come from implementing continuous integration and DevSecOps may require a deep, cultural change in the way your company builds and delivers software. Increasingly, security will become a secondary competency of developers, with risk ownership devolving from the central security team to application owners. In this new mode of operating, we need to make sure the right guard rails are in place and that the central security team provides necessary mentorship and support.

It’s a challenge, no question. But worth the rewards.

Successfully navigating some of these changes is explored in a recent post called How to jump start your enterprise digital transformation.” A seven-page paper, DevSecOps: Why security is essential, is another good resource.

Delivering excellence, collaborating across time zones.

Take a look at our global hideouts.​

DMCA.com Protection Status

Contact

contact@anteelo.com

Twitter Instagram Dribbble Linkedin Facebook

India (HQ)

C-2073A, Sushant Lok, Phase-1, Gurgaon,
Haryana 122002

Atlanta, USA

120 West Trinity Place Decatur, GA 30030

London, UK

33 St James’s Square, London
SW1Y 4JS

Dubai, UAE

704, Saheel Tower 1 Al Nahda 1,
Dubai, UAE

Melbourne, Australia

291 -Blackburn Road, Burwood East Vic 3151

Surabaya, Indonesia

Jl. Hang Tuah 14 Sidoarjo Jawa
Timur 61212

India (HQ)

C-2073A, Sushant Lok, Phase-1,
Gurgaon, Haryana 122002

Atlanta

Atlanta, USA – 120 West Trinity Place
Decatur, GA 30030

London

33 St James’s Square,
London SW1Y 4JS

Dubai

UAE – Office # 704, Saheel Tower
1 Al Nahda 1, Dubai, UAE

Australia

Level 33, Australia Square 264
George Street, Sydney, 2000

Indonesia

Jl. Hang Tuah 14 Sidoarjo
Jawa Timur 61212

© 2018-2022 Anteelo Design Private Limited
A Quantum Oakmen Partner Venture

error: Content is protected !!