Panelists at the technology showcase agreed security problems will be around for a while and suggested different ways for reducing the risk.
Computer security specialists, gathering at this week's Demo conference in Phoenix to examine the escalating threat scene, said the sheer number of devices linked to the Internet will continue to exacerbate security issues.
During a panel discussion, all agreed that hackers, identity thieves and writers of malicious code are on the upswing and not going away, but there are some solutions. John Patrick, president at Attitude LLC, led the discussion on security with panelists Partha Dasgupta, an associate professor at Arizona State University specializing in cryptography; Hillarie Orman, chief technology officer and vice president of engineering at Shinkuro Inc.; and Charles Palmer, who runs the security unit at IBM Research.
Panelists agreed security problems will be around for awhile. "Computers weren't built with security in mind, and we are paying for it with band-aids and patches," Palmer said. "Instead of having graffitists and drive-by hackers" those attempting to steal information "realize the money is in the Internet."
Dasgupta suggested the security industry needs to head toward Public Key Infrastructure (PKI) and smart cards. Social security numbers and bank numbers will leak regardless of how secure banking and commerce sites are, and people can't depend on shared authentication.
"It (PKIs) will not obliterate crime -- someone could steal your card or put a gun to you-- but makes it incredibly difficult to do identity theft," Dasgupta said. Financial institutions are resisting the move because they don't want to admit a mistake, PKIs are difficult to deploy, and many have spread out the risk as part of the cost of doing business, Dasgupta said. Rather, they installed intrusion software to detect fraud.
Orman worries that smart cards are physically vulnerable to hackers and are not the correct tool for high-value transactions. Timing and radiation attacks on the physical devices can be used to extract data.
Securing operating systems is challenging because they are complicated and huge, panelists said. "A secure OS strategy doesn't solve the problem because you've got applications that misbehave," Dasgupta said. "I can install a bot on top of a secure operating system."
Coming soon is a set of hardware enhancements for computers that independently verify the delivery of content to the machine, checking for rootkits, viruses and corruption inside operating systems.
Dasgupta said these secure approaches, such as Trusted Platform Module from Trusted Computing Platform. Virtual machines are considered far more secure than operating systems. Universities also need to teach students how to write safe code. Unsafe code is contributing to the problem.
Companies also are developing technology that can analyze voices for stress and patterns, Orman said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.