For the average consumer, hopping online to shop is as commonplace as physically going to the mall. No one thinks for a moment about how relatively unsafe it is to conduct business on the web. But in spite of our years’ long dependence on the web for commerce, it’s still astonishingly easy for cybercriminals to hack web-based transactions.
The reason? Web browsers. The fundamental insecurity of web browsers is arguably the weakest link in cyber security today.
We live in a very different world today than we did 10-20 years ago. We’ve never been more connected. So, it’s surprising that software security practices remain in the realm of “We’ve always done it this way before”. Can they really expect to solve today’s security problems with an old way of thinking?
Traditional thinking typically starts with the premise that honest parties control the computer devices and any cryptographic operations are performed free from interference from would-be attackers. Given this, it’s probably understandable
Cryptography is no longer limited to the military and spies. This ancient art underpins modern life. It’s about encoding intelligible data, e.g. numbers, text and transforming them into something unreadable to anyone other than who the information is meant for. The question is, does it need an upgrade for today’s always connected world?
How secure is your house?
Hundreds of times a day we use cryptography in our everyday life. From the lock on the website that you’re browsing, remotely unlocking your car with the key fob to using all kinds of devices.
On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?
Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then
Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.
In Star Wars: The Force Awakens, the sinister First Order dominates the galaxy, with only a small band of trusted resistance fighters left. What’s the link to today’s software world you may ask? It all comes down to the power of cryptography to defeat the dark side.
In this software controlled world the need for software protection is unavoidable. This protection extends to all aspects of day-to-day life. It could be securing your credit card details when shopping on line or a business safeguarding a remote network connection to even protecting premium content such as a blockbuster movie.
Let’s face it; if consumers don’t get what they want, they look elsewhere. Gone are the days of loyalty due to limited choice. For pay-media operators this can be like walking a tightrope: protecting their content investment without the security negatively impacting the consumer experience. What can be done to make this easier?
To find out, let’s check in again with Bob. Unsurprisingly, after being identified as the cause of the corporate disaster Bob is now unemployed. He spends most of his day catching up on the movies and TV series he missed.
Many of us work for organizations with an established corporate IT department. IT determines the security policies; sets the protocols, permissions and instructs employees on the best practice. Given the cyber risks that organizations now face is ‘egg-shell’ security enough?
Some of you may remember Bob from my previous post. Let’s continue to see what Bob is doing to explore how safe corporate IT really is.
Pay-TV operators are used to thinking in terms of winning the largest share of a consumer’s disposable income: their wallet. In today’s digital world, is that still the most important battleground? With only so many minutes in the day, should operators really be fighting for people’s time?
What’s the fuss all about?
Watching TV typically comes out top in any survey related to leisure activities or media consumption.
As Netflix continues its global expansion, so too do the debates whether its service accelerates cord-cutting from traditional pay-TV services. But are we looking at this from the wrong perspective? Is the rising OTT tide, in fact, floating all boats including the pay-TV operator’s?
In a recent report, Digital TV Research forecasted that North American OTT revenues will reach USD 20.39bn in 2020, up from USD 6.85bn last year. And I believe this growth trend is true globally.