BlackBerry licenses security tech to IoT device makers
BlackBerry is to license its secure software development technology to the makers of internet-connected devices to boost IoT security
When asked about future purchases, respondents said they were more likely to choose a product or do business with a company that had a strong reputation for data security and privacy.
To address this concern, BlackBerry announced at the Consumer Electronics Show (CES) in Las Vegas that it is to license its trusted software framework to enable device makers to build smart products securely without having to develop their own technology and cyber security expertise.
Once developed, BlackBerry’s team of cyber security experts will review each device, awarding BlackBerry Secure certification to show that the required level of data security and trust has been met.
“2019 will be the year consumers will begin to vote with their wallets and seek out products that promise a higher level of security and data privacy,” said Alex Thurber, senior vice-president and general manager of mobility solutions at BlackBerry.
“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers and enterprises want to buy and use,” he said.
Thurber described the initiative as “a pivotal point” in BlackBerry’s software licensing strategy. “It underscores BlackBerry’s evolution from providing the most secure smartphones to delivering the trusted security for all smart ‘things’,” he said.
From today, device makers will have the choice of three “feature packs” which build on each other and provide various levels of management and control.
The BlackBerry Secure Enablement Feature Pack offers secure manufacturing and product lifecycle management features.
This means BlackBerry will provide a manufacturing station that provides a hardware root of trust and is connected to the company’s Network Operation Centre that is monitored 24/7 for uptime and reliability. During manufacturing, a BlackBerry identity key is injected into the hardware and recorded on a secure server. At launch and periodically throughout the product’s lifecycle, checks will be performed to verify that the two keys match. If they do not, the device no longer boots.
The BlackBerry Secure Foundations Feature Pack is aimed at enabling product suppliers to harden the operating system kernel and lock down software being executed.
This includes secure boot and ARM Trustzone technology to generate, use and store encryption keys used for various software operations. It also includes the BlackBerry Integrity Detection service which generates real-time “health” reports that can be accessed by users and trusted third-party applications.
The BlackBerry Secure Enterprise Feature Pack is aimed at devices that will be used in regulated or restricted environments as it enables deeper management and control beyond what is standard in Android Enterprise.
Through extended device management policies deployed on the device, BlackBerry said enterprises could protect their data by controlling what can be accessed via device debug interfaces, communication protocols such as Bluetooth, and cellular, Wi-Fi and GPS communication channels.
In 2018, IoT technology firms began signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard.
In October, the UK published a voluntary code of practice (CoP) to help manufacturers boost the security of internet-connected devices that make up the internet of things (IoT).
Tech companies HP and Centrica Hive were the first to commit to implement the CoP by 2021. The code is aimed at encouraging innovation while ensuring tech consumers are safe by addressing potential security vulnerabilities at the design stage.
Although the CoP is aimed at consumer products, the UK government hopes it will establish standards and principles that will filter through to the industrial, enterprise and other IoT markets. Also, government departments plan to engage with individual sectors about industry-specific IoT security issues.
In view of the risk posed by IoT devices, the UK is leading global efforts to improve the security of internet-connected devices by encouraging device makers to embed security into the design of new technology rather than bolt it on afterwards.
source computerweekly
Industry: Cyber Security News
Latest Jobs
-
- VOIP / SIP App Developer. Contract. SIP | VOIP experience needed. SC Cleared Outside IR35 Contract. London
- London
- OUTSIDE IR35
-
SIP | VOIP Developer. SC Cleared Contract. London Looking for a SC Cleared SIP / VOIP Developer to develop an application that interacts with a set of voice and video signalling API’s You will also work on developing in-house applications, browser plugins and automated tooling to support secure communication systems. Responsibilities Develop an application that will manage number mapping and associated identities using commercial SBC API’s. Develop new user-facing features using React.js or other modern JavaScript frameworks. Build reusable components and front-end libraries for future use. Collaborate with the design team to translate UI/UX design wireframes into code. Work closely with backend developers to integrate front-end code with server-side logic. Conduct code reviews and provide constructive feedback to team members. Stay up-to-date on emerging technologies and industry trends to continuously improve our front-end development practices. Troubleshoot and debug issues that arise during development and in production environments. Maintain high coding standards and practices and ensure code is well-documented. Requirement Experience of developing specialist applications using REST API’s. Good knowledge of Go, Java and Python (open to alternative combinations of languages). Proficiency in front-end languages and frameworks such as HTML, CSS, JavaScript, React.js, etc. Strong understanding of web standards, responsive design, and cross-browser compatibility. Experience with version control systems such as Git. Knowledge of RESTful APIs and asynchronous request handling. Familiarity with UI/UX design principles and tools.
-
- Senior Data Privacy Consultant. Client Facing | London
- London
- N/A
-
Senior Data Privacy Consultant. Client Facing | London Senior Data Privacy Consultant needed for a key client facing opportunity. Must be willing to undergo SC Security Clearance. Hybrid role- onsite with customer / office 2-3 days a week. London Key Responsibilities: Lead and support client facing data privacy projects. Assess compliance, define and deliver strategic projects / implement privacy solutions. Manage project teams and develop business opportunities. Required Experience: Experience in data protection and privacy standards. Background in consulting. Skills and Qualifications: Business consulting experience IAPP Privacy Manager / Privacy Technologist Location Greater London UK based role. Not able to provide VISA sponsorship.
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1