Upload
carlos-creus-moreira
View
445
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
28 – SwiSS Style
It’s midnight. Do you know where
your data are? Seriously? It may
sound flippant, but as things are
evolving in the world of information
technology, there will come a time in a
not-too distant future, when this little
needling thought could cause a few
sleepless nights and long headaches
in the business community. For Carlos
Moreira, CEO of Wisekey and peripa-
tetic promoter of online security, the
question is crucial to the evolution
of the digital world. Especially con-
sidering the drumfire of news about
banks “losing” data to tax authori-
ties, CDs bearing names and account
information of heavy-duty German
tax finaglers winding up with the
Finanzamt, or companies and agen-
cies getting penetrated in cyber at-
tacks. “We are not talking about
some hacker in China trying to shut
down the electrical system in New
York,” says Moreira. Cloak-and-dag-
ger type warfare has been going on
since World War Two and the famous
ENIGMA encrypter, he points out.
What happened in Switzerland
with the private banks was low-tech
stuff, individuals getting a hold of the
right identity and entering the bank’s
database. “Some banks are still using
dBase [one of the oldest database manage-
ment systems, the Editor] and systems
from the 1990s, with the client name
and address in one file,” says the long-
time specialist in electronic and infor-
mation security. “Segregating and en-
crypting data is the kind of stuff you
have to do each day, it’s like brushing
your teeth.”
Safety firstMoreira, who moved from work in
academe to consulting and security
for various international organisa-
tions including the ILO and EFTA,
bundled his knowledge and experi-
ence and founded Wisekey in 1999. ID
management and security, the com-
pany service as it were, were some-
thing of a niche area in the post dot.
bomb era, and so the business grew by
leaps and bounds. The key in Wisekey
is an X.509 standards-based certifi-
cate containing information shared
publicly and used as a form of digital
identification. It can help protect an in-
dividual’s PII (Personal Identifiable In-
formation). The user is also equipped
with a private key to be kept confiden-
tial. This one is used to encrypt and de-
crypt sensitive communications. This
system is a powerful tool in maintain-
ing privacy online, and when extend-
ed to be used for the identification of
objects and data, it goes a long way to
making the Internet a more trusted en-
vironment.
“People wondered why you needed that
level of security and segregation,” he re-
calls. Today, of course, online security is
becoming essential. In spite of its appar-
ent shapelessness, the Internet is any-
thing but some ephemeral space. It con-
sists of real hardware stashed in a wide
variety of locations that is vulnerable to
attack. And what happens on the web
can have very real consequences in the
real world, like businesses collapsing. “I
used to say the Internet was in the con-
tact phase, that is, people made contact,
through Facebook, LinkedIn, and other
social media,” says Moreira. ”Now we
are in the contract phase, where people
are able to do major contracts through
the Internet, and the ‘R’ that turns con-
tact into contract stands for ‘regula-
tions’, because using the Internet as a
contractual tool, people will demand
regulations to guarantee secure trans-
acting online.”
The WEF, which likes to draw in-
ternational attention to certain topics,
made cyber-security a major issue. Not
surprisingly, Carlos Moreira was up in
Davos earlier this year – not his first vis-
it to the hallowed grounds – expound-
ing on the subject with other interested
parties, including none other than Bill
Gates. His company was even given the
WEF blessing as one of the world’s “hot-
test” 25 enterprises. The WEF accolade
is important, Moreira feels, because im-
portant people are beginning to take a
serious look at the problem he is trying
to correct 24/7. “It’s a boardroom con-
The Internet does bear some resemblance to the much ballyhooed American Wild West, with its somewhat anarchic disposition.Fortunes are made and lost online, and robbers and con-men lurk. But like the Wild West, the Internet, too, is gradually aging, the wild oats are growing into nicely tended fields, and some semblance of order is appearing. One of the policemen on the block is Carlos Moreira. And Swiss Style caught him between trips.
Virtually present
Business style
> Marton Radkai
“Segregating and encrypting data is the kind of stuff you have to do each day, it’s like brushing your teeth.”
iSSue n° 225 – 29
cern,” he says. “A few years ago, cyber-
security was the domain of engineers,
experts in the company, but now it’s
the board that is interested, because
the company valuation could be annihi-
lated in a single day given a successful
attack.” Indeed, about USD 1 trillion are
lost each year to cyber criminals.
Part of the problem has been a
perceptional error. In Switzerland, for
example, the “fortress mentality”, as
Moreira calls it, held sway until fairly
recently. “The bad guys were out there,
and all one had to do was load up on
software, hardware, firewalls, biom-
etric systems,” says Moreira. The prob-
lem, he tried to tell many banks, was
that the enemy was actually inside the
bank, with a USB stick or a cell phone
camera, simple technologies to collect
information and bring it beyond the
massive defensive walls. Nowadays,
however, banks seem to be adopting
more effective measures. They main-
tain greater control over staff members,
give them digital IDs that permit bet-
ter tracking and restrictions. Comput-
ers are encrypted as well, as are email
programmes and other systems used in
daily work. As such, the country has be-
come something of a hub of innovation
in the world of secure Internet, though
it has learned the hard way.
Seventh heavenAs for the Internet itself, it remains an
unregulated environment with power-
ful advocates for maintaining the open-
ness – with all its copyright issues and
web pages crowded with advertising.
And the next great transformation is al-
ready in the making, announced almost
discreetly for some years now through
the convergence of telephony and com-
puting and by the proliferation of iPads,
iPods, and other lightweight, highly
mobile technologies. “The Cloud”, used
by Apple to make services and other ap-
plications available ubiquitously, is an-
other one of those somewhat odd meta-
phors to rename the Internet.
For Carlos Moreira, the Cloud – or
cloud computing – is the future, and
it is upon us, with all its bells, whistles
and warts. Essentially it means that
any device features a far simpler ar-
chitecture for the average user, at any
rate: “The new generation is the C-gen,
you could say, connect, click, commu-
nicate,” he suggests. “They are in front
of their computers and don’t want to
worry about hard disks, or where their
data is, or how to transfer the stuff from
an iPod to a laptop, to a television.” Of
course, the Cloud is more than just a
way to have lots of digital fun or check
out what some virtual friend has eaten
for breakfast at the Kuala Lumpur Star-
bucks. It offers genuine business oppor-
tunities as a centralised system where
people can buy space, set up services,
provide their subscribers or users with
a secure and unique ID. “You don’t have
to worry about data services, maintain-
ing servers, and so on,” says Moreira. »»»
Carlos Moreira, the key to Cloud security
“The new generation is the C-gen, you could say, connect, click, communicate.”
30 – SwiSS Style
Whatever the interface, it will no longer
need all the heavy programmes that
slow down computing or have to be up-
dated every week. In fact, the computer
itself is no longer smart, it is merely a
conduit.
This brave new world of comput-
ing, which puts ever greater physical
distance between the owner of data and
the data itself, will have important re-
percussions on companies and organisa-
tions – including government – particu-
larly those having to deal with masses
of highly confidential information. “The
old situation with VPNs, for example,
was shaky,” says Moreira, ”losing a lap-
top meant losing emails, documents,
even entire databases! That could com-
promise the entire organisation.” Today,
data stored in the Cloud has to be en-
crypted, so an account manager travel-
ling and needing, say, to read and sign a
contract, will just have to log on with a
secure ID, pick up the document, do his
or her business, and log out. Objects and
content are also given IDs, thus enhanc-
ing security and trust for extra security.
In a virtual sense, the area of attack is
kept to a minimum.
Ground floorOf course, the Cloud is not a misty thing
that floats above the earth. It has shape
and heft, just like the servers making
up the Internet. Even in its relatively in-
choate current form, it is beginning to
evolve as users make demands on physi-
cal location. Servers and data centres
are, after all, vulnerable to local laws,
of course, and even encrypted data can
be seized by warrant or by force. On the
one hand, there is growing demand for
servers and data centres to be set up in
specific areas or even countries to en-
sure sovereignty over the data. On the
other hand, many organisations are
calling for so-called private clouds, ar-
eas that are only accessible to author-
ised people and not shared with the hoi
polloi of the Internet. “It’s like being in
a disco or a stadium with a VIP area,”
says Moreira, “everyone is watching the
same match, but some have special cre-
dentials and can access certain services
and data that others cannot.” All they
will need is the right key to get into the
golden door. «««
Business style
Virtually present by Marton Radkai
your data
your identity
your enterprise
Secure
FUTURE CONNECT
Essentially, the Cloud is noth-ing new, rather, it is the con-tinuing evolution of what Marshall McLuhan already conceived as the Global Vil-lage, with computing becom-ing as simple, ubiquitous and natural as switching on a light. Naturally, given hu-man history and the tendency of power structures to want to control as much informa-tion as possible, not only will regulations be needed for se-curity, but also to guarantee the integrity and privacy of individual users. The greenness of the Internet and by extension the Cloud is also an issue that needs ad-dressing, since cooling thou-sands of whirring servers costs a great deal of energy. On the positive side, how-ever, easier accessibility and multi-terminal services will also reduce the need to travel. Moreira himself often confers with clients and engineers in India and Vietnam, for exam-ple, and he sees no problem with larger meetings being done virtually. It’s a ques-tion of paradigm, and that is shifting ever so quickly. And to think that just a few brief decades ago, Dick Tracy’s two-way wrist TV was so cool and absurd at the same time, it had to be relegated to the fun-nies page.