The news published on May 13th, reported several tens of thousands of pirated computers. This attack on ransomware (ransom software family), called “WannaCry”, has affected both individuals and multitudes of large companies and national administrations.
This software a controversial origin, makes it impossible to access data from infected computers using simple cryptology.
To learn more about this class of attack, we invite you to see our previous article on our blog: http://www.neurones-it.asia/ransomware/
We will use examples not only to demonstrate the key importance of security issues in the digital economy, but also how to secure your company to prevent or mitigate risks for branding image. Which reliable security solutions are applicable to protect your platform?
In the broadest sense, a platform is an architecture of computer components that gives the company the ability to trade goods or services via the Internet. In the case of IoT, platforms manage objects connected to their users to offer them a service. Let’s take the example of a connected car rental platform: to get around, we can identify the nearest available car with an application on the smartphone and thus enjoy a very accessible mobility service, thanks to a multitude of devices running on the platform (smartphone, back-office computer, servers, network provider etc)
Through our new entity called Neurones Cybersecurity, not only can we help you redefine your protection strategy, but also re-evaluate your infrastructure and assist you in your efforts after an intrusion.
3 essential aspects of security
As with any technology intermediary, the platforms ask questions about its security and the data transiting in. The problem would obviously not be similar if you are in a control tower or if you download a book on Amazon Kindle … There are virtually as many security issues as there are platforms! However, three fundamental elements of security can be applied to the diversity of platforms.
-The first element is data governance which represents the management of identities and roles: are the access rights of each user well defined? Can another user have access to services or sensitive files?
A young Helvetian company called Dathéna (Neurones IT‘s partner for solutions integration) has developed extremely powerful algorithms capable of reporting usage and access rights of your entire company database to the top managers. Through this audit, you can ensure your confidential data remains on premise, your access rights are up-to-date and properly defined and that you are compliant with complex regulations.
-The second fundamental element is “insurance”: to ensure that the platform only proposes the interactions imagined by the manufacturer, that it does not allow other unforeseen interactions by a User who has stolen data from another user. Some platforms run on services that are sensitive territories: for example, administration, health establishments, banks, or airplane ground-based communication for an airline. It is essential to ensure that the platform does what it is designed to do…
-The third element is the robustness of technologies, in light of cybersecurity issues: malicious actors enter the systems not because they create unplanned interactions, but because they are of pure technical characteristics that make it possible to take control of the system. For example, a website is written in different languages: during control sequences, one can leave the user interface, enter into the language of the site itself and modify the latter. The same process is possible on a platform to “rewrite” it. Cyberpatients enter through such flaws. If one of them succeeds in penetrating the technology of the platform of a company, it can take control of the system, preventing it from functioning, damaging its reputation … and all that you can imagine.
Risk Anticipation Scenarios
Service providers on the platforms will not be sustainable, unless they can guarantee security on these 3 domains. At present this is still rarely the case. Security seems natural and obvious …but not for some. User experience and security bring more negative than positive connotations: we only start delving into the subject matter in the face of a crisis. The modeling of security provided for simplifications and audits rarely addresses the complex cases, leaving many loopholes in its wake.
As they create, it is crucial to consider integrating upstream safety devices in the platforms. As a matter of fact, reliable solutions have continued to exist in a long time. IT engineers are employed to manage access rights, identity management or authentication, thanks to the encryption technologies (token, biometrics …). The same applies to insurance and robustness. The problem is not in the technology invented, but rather in the management of priorities: to anticipate, invest and not wait to defuse or rectify a crisis. If a security aspect is forgotten, it is possible to remedy or restore because it is simply a code to change with expensive repercussions on the contrary to a security technology that has been integrated from the beginning.
Security must therefore be an element in a platform in its own right. They require all stakeholders to work together to bring out new shared safety standards. The future now holds for open systems that communicates through APIs (Application Programming Interface). Managing security as a priority will become more essential in the world of tomorrow with open SaaS, where data are scattered across networks.