By Claire Vishik, Director at TCG
In our digital age, computing environments are becoming more diverse and complex. This has been taken even further with the introduction of the Internet of Things (IoT) and, more recently, remote working – both of which are significantly dissolving network parameters. Such changes in the pattern of technology use creates new opportunities for risk in terms of cybersecurity and privacy. To keep up with this technological evolution, the future of trusted computing must also undergo innovation. In the latest Spotlight Podcast by The Security Ledger, TCG Director and CTO of Intel’s Governments, Markets and Trade group Claire Vishik explored the next steps for trusted computing in the face of ever-expanding digitalization.
There are many definitions of trust and trusted computing – the most popular of which are represented by TCG international standards and specifications. Ultimately, trust defines the technical foundations that ensure a computer will behave in the expected way in any given circumstance, enforced by hardware and software loaded with a unique encryption key. This plants and develop roots of trust attestation. By identifying this base line, TCG specifications secure laptop servers and networks by providing a safe environment and capturing unauthorized modifications of key components in systems before any damage is done. Trust based approaches such as this are used to unite various aspects of secure computing due to its foundational, coherent approach to security, making it widely applicable to a diverse range of contexts.
Originally, these specifications were defined for traditional computing ecosystems, such as those within enterprise networks, to create a hardware root of trust. However, in recent years, they have moved to embrace every available device across a broad and less-defined ecosystem, considering how each device is deployed, consumed and used. The IoT is included in this.
From Defined to Dynamic
The IoT is encompassing vastly different new age use cases, from entire smart cities to single use sensors – all requiring different methods of protection. Trust composition innovations are the latest approaches which are emerging to deal with this issue. By stacking the computing elements from different devices over a network, in which some are trusted and some are not, trust evidence is collected to define different trust postures depending on different situations. This creates a dynamic baseline with which to divide the stack into several areas and sort through each layer in the stack to deem them trustworthy.
Trustworthiness defines trust in terms of how likely a system is to perform according to designed behavior and typical conditions as characterized by safety, security, resilience and reliability. By specifically listing characteristics that require integration, this approach eliminates risk, protecting safety aspects within devices from failure. Considering prominent computing trends from the past two years – password blockchain, Artificial Intelligence (AI) and more – it is clear that trustworthiness, trust security and privacy have been important in making these technologies and use cases successful. Today, security technology is being developed to tackle a much more complex set of problems with multiple parameters to them. These parameters are categorized as fundamentally new technology, improvements of new technology and complex, innovative use cases. Collectively, they use a combination of current and new technology across all areas of expertise, including both human facing and component facing interfaces.
The Rise of Diversity Among Devices
The significant diversity that has developed across IoT platforms and environments stands in stark contrast to early computing made up by distinct and individual platforms. Having come a long way from isolated corporate networks connected via the Internet to more complex, cloud-based ecosystems with continuous sharing among millions of devices, TCG has had to adapt to secure this kind of heterogenous, multidomain environment. Right now, the most complex aspect of IoT network development is the level of integration between these different IT systems. To bring the same level of assurance established among traditional enterprise ecosystems to this new and dynamic age of technology, standard technologies must undergo innovation.
In a year, there will be far more to report on trustworthiness and new ways to use trusted technology. For now, the complexities of new age security are the driving force for TCG and its innovations in trusted computing specifications.
*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://trustedcomputinggroup.org/tcg-tackles-trustworthiness-for-the-internet-of-things/