2016 / 28 October

Human Nature vs. Cyber Security, A Losing Battle

evolution

Let’s face it! Humans are hardwired to be lazy. It’s also one the reasons current approaches to cyber security often fail with disastrous consequences.

Now, don’t get your back up against the wall just yet – I’m just speaking a biological truth. People, critters, and even well designed machines will naturally choose the path of least resistance or effort. So, when we impose rules, policies, or processes that make our daily lives more difficult, don’t be surprised when they are prone to frequent failure.

Unfortunately, many cyber security best practices do anything but make our lives easier. One in particular, is the use of usernames, passwords, and pin numbers to control and protect access to corporate networks, bank accounts, personal documents, and just about anything valuable in our increasingly digital world.

If you read my blog post, Cybercrime: Handing The Keys To The Criminals?, you already know that usernames and passwords are one of the weakest links in the digital security chain. Virtually every cyber security incident, at some point, involves the compromise of user credentials. In the old days — yes, before the days before web browsers — if you were smart enough to use a relatively cryptic password you were generally pretty safe. However, it quickly became apparent that to keep the bad guys out of your data it was necessary to change passwords on a regular basis; enforce rules to ensure passwords weren’t easy to guess; prevent the reuse of passwords; add two-factor authentication (often a second password); and the list goes on. It’s no wonder that people have taken to writing down passwords or storing them in a digital notepad – no matter how silly and dangerous that sounds! If you think this isn’t happening in your organization, you’d better go take a long look in the mirror.

So, what’s the problem? The problem is we’ve made people’s lives more difficult, not easier. The “user experience” associated with the continuous onslaught of changing passwords and related security policies are simply horrendous. Fortunately, the technology has finally caught up with the need for a better solution – biometrics!

 

It’s time to get rid of usernames, passwords, and pin numbers – forever!

Already we are seeing companies such as Apple, Samsung, and others leveraging fingerprints to grant access to smart phones or even making in-store credit card purchases. I would call these a “good start” but they are far from sufficient in terms of what is needed to really secure our digital world.

There are four key elements to providing a truly robust biometric solution that can effectively replace the use of usernames, passwords, and pin numbers:

  • Multi-factor Biometrics – solutions that rely solely on fingerprints are prone to frustrating accuracy issues and, in many cases, simply don’t provide a sufficient level of security. It is essential to support a combination of facial, voice, iris, fingerprint, and other matching algorithms that allow the user to tailor the security to their specific need.
  • Segregated Data – while appealing, storing all of our most sensitive data along with everything else on a smart phone is simply a bad idea. You’ve heard the expression, “don’t put all your eggs in one basket”, right? Smart phones are high-theft items, less durable than other solutions, and bring with them a slew of inherent vulnerabilities. A more secure approach is to selectively determine what data we keep on our phones and place sensitive information in more secure digital storage designed for that purpose – more on that in a moment.
  • It Must Work in a Connected and Unconnected Environment – the solution cannot rely on always being connected to the Internet or any other network. There are simply too many circumstances where connectivity is not an option either due to security concerns or limitations of your physical environment (e.g. at 35,000 feet over the Atlantic Ocean). That means traditional cloud-based solutions simply don’t work or may be undesirable.
  • Seamless Usage – last and probably the most critical requirement is that the solution needs to operate nearly seamlessly. It must make people’s lives easier and not harder – don’t fight human nature!

 

So what about that better solution?

In the fairness of full discloser, let me say that I work for a technology company that is shipping a powerful cyber security solution, which we believe helps solve many of the above problems along with other critical cyber security issues facing the mobile world. If you want to hang-up your browser now, I completely understand but I promise you this is not a sales pitch. Stick around for a few more paragraphs and I think you’ll find it very interesting.

Think of the guts and computing power of a smartphone squeezed into the guts of a of something the size of a typical credit card:

  • A high-performance processor
  • Hardware encryption
  • Support for multi-factor biometrics
  • Large amounts of flash memory
  • Long lasting rechargeable battery
  • Bluetooth, Bluetooth Low-Energy, USB and NFC interfaces

Whew! That’s a lot of technology and a lot of capability packed into a thin piece of plastic that fits in your wallet. The BluStor CyberGate card, it’s designed to address a variety of secure computing needs tied to authentication, authorization, and secure data storage.

So, how does it specifically address the problem discussed above?

CyberGate is designed to be an ultra secure companion to your smart phone or other similarly capable devices like laptops, tablets, etc. In fact, it can communicate with any device that supports NFC, Bluetooth, Bluetooth Low-Energy or USB. That means it can integrate with the vast majority of mobile devices, laptops, tablets, Point-of-Sale systems, or even many employee badge readers. Using on-card multi-factor biometric authentication, it is capable of protecting sensitive data using any combination of fingerprints, voice, facial, iris, and more. On-card biometric verification is no easy task and was only recently made possible by advances in chip technology that has allowed us to squeeze the computing power and storage required into the thin guts of something the size of a credit card.

Leveraging the capabilities of your smart phone to capture your biometrics, the CyberGate card seamlessly validates your identity directly on the card without ever being removed from your wallet. Your phone is simply used as the input device. CyberGate performs this function without ever needing to be connected to the Internet, so it’s fully operational even in a non-connected environment. Perhaps your at 35,000 feet over the Atlantic or perhaps you’re in a location where you simply don’t trust who might be eavesdropping on your data connection. Sensitive data is encrypted and safely stored directly on the CyberGate card, keeping it separate from your smart phone.

Thinking more broadly, CyberGate can integrate with any external application using our public API, making it a truly open platform. For example:

  • Want to write a plugin that integrates with your corporate e-mail system and provide a private encrypted email solution? No problem.
  • Want to build a plugin to seamlessly encrypt and decrypt Microsoft Office documents using biometrics. No problem.

CyberGate is designed to be a flexible and adaptable platform and we’ve designed it to be “future proof” because we know we can’t possibly think of every potential application.

Let’s step outside the box a bit and think about some of the possibilities. Imagine a world where smart phones function more like generic appliances. That line of thinking isn’t going to make me popular with Apple, but hey, we’re just dreaming, right? With the brains and muscle in the phone, all my important data is stored on the CyberGate card, including my software SIM, favorite applications, contacts, email, etc. You can think of it as your own private mobile cloud. That means I can quickly change phones (perhaps borrow my friends phone) and it effectively becomes my device while it’s paired to my CyberGate card. A similar paradigm could be applied to the use of laptop and desktop computers.

Ok, back the word of today and the security of the data on my smart phone. The bottom line is that CyberGate enables you to maintain a level of secure separation between your most sensitive data and the digital world that you simply don’t get by using your phone alone. Supporting a multitude of biometrics, your data is protected in a way that is far more secure yet easier to access — forget passwords and say hello to biometrics! You get the incredible convenience of your smart phone plus the additional security of a solution specifically designed to protect your digital life.

If you want to know more, you can check the BluStor website.

If you valued this article and want more, please hit the ‘like’ button and also share via your Twitter, LinkedIn, Google+ and Facebook social media platforms. I encourage you to join the conversation or ask questions so feel free to add a comment on this post.

You can also find me on twitter at @NewFrontierCIO for more commentary on the frontiers of technology, leadership, space exploration, and science.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

No comments so far.

Leave a Reply

No comments so far.

Leave a Reply