Rowland Watkins

The other week I was lucky enough to attend a seminar hosted by Cliftons on Enterprise IT Security. I’ve been to several events hosted by Cliftons so far, and I have to say that all have been very worthwhile.

There were three guest speakers, each of whom provided key insights and good business practises on range of topics: Ken Ume (Thales e-Security) – authentication, Jason Healey (Goldman Sachs) – cyber attacks, and Thomas Parenty (Parenty Consulting) – secure communication on the move.

Ken Ume | Authentication: Essential Part of Everyday Life

Ken provided a good overview of authentication schemes as used in eCommerce by consumers and business. His argument is that increasing scales of communication has meant that trust has gradually decreased, since B2C can be achieved without either party meeting face-to-face. This has been compounded by consumers having access to more information and being more informed.

Authentication is an interesting problem with a raft of solutions out there, some based strong (PKI-based), others not (OpenID-based). Accessibility is a real concern, especially when faced with the so called digital divide. If an authentication scheme (or process) is inaccessible, people and those in business will bypass the scheme, rendering it useless. As Ken rightly stated, open standards are essential to overcoming business challenges, not to mention auditing.

Jason Healey | Caught in the Middle: Asia Business and Cyber Attacks

Recent Internet activism has highlighted the increasing number of instances where businesses and other organisations are being targeted based on [primarily] political agendas. Two examples that Jason cited were previous defacement of the AIPAC website and protests (online and outside shops) against Carrefour. He argued that there appears to be a “China ceiling”, based on analysis that many of these attacks (at least against Carrefour) originate from mainland China.

The talk’s catch phrase “stuck in the middle” refered to whether these increasingly popular cyber attacks are specific (as in the case of AIPAC), or “guilty by association” in the case of Carrefour, since it is a French brand (fallout over disruption of the Paris leg of the Olympic torch relay). In the previous Web Wednesday meetup, there was a related presentation on Chinese activism and propaganda after the CNN gaff.

Thomas Parenty | Staying Connected Securely: A Guide for the Traveling Executive

Thomas presented the image of a travelling businessman, planning the next M&A or releasing the next product. During his travels, the businessman uses airport Wi-Fi, hotel networks and business centre computers. In each case, unless security is considered, emails can be read, resulting in the M&A failing to a rival or the product details being revealed to another competitor.

Roving security is obviously a big problem, but can be mitigated with cryptographic tools including SSL/TLS (as stated by Thomas). Other techniques such as two-factor authentication (let’s not worry about some of the associated issues highlighted by Bruce Schneier) could also be considered.

There was a short question and answer session, but it was unfortunately rather short – free food on the horizon! There were a few questions, but none from business leaders relating their own experience, which is a shame.