BlackBerry licenses security tech to IoT device makers
When asked about future purchases, respondents said they were more likely to choose a product or do business with a company that had a strong reputation for data security and privacy.
To address this concern, BlackBerry announced at the Consumer Electronics Show (CES) in Las Vegas that it is to license its trusted software framework to enable device makers to build smart products securely without having to develop their own technology and cyber security expertise.
Once developed, BlackBerry’s team of cyber security experts will review each device, awarding BlackBerry Secure certification to show that the required level of data security and trust has been met.
“2019 will be the year consumers will begin to vote with their wallets and seek out products that promise a higher level of security and data privacy,” said Alex Thurber, senior vice-president and general manager of mobility solutions at BlackBerry.
“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers and enterprises want to buy and use,” he said.
Thurber described the initiative as “a pivotal point” in BlackBerry’s software licensing strategy. “It underscores BlackBerry’s evolution from providing the most secure smartphones to delivering the trusted security for all smart ‘things’,” he said.
From today, device makers will have the choice of three “feature packs” which build on each other and provide various levels of management and control.
The BlackBerry Secure Enablement Feature Pack offers secure manufacturing and product lifecycle management features.
This means BlackBerry will provide a manufacturing station that provides a hardware root of trust and is connected to the company’s Network Operation Centre that is monitored 24/7 for uptime and reliability. During manufacturing, a BlackBerry identity key is injected into the hardware and recorded on a secure server. At launch and periodically throughout the product’s lifecycle, checks will be performed to verify that the two keys match. If they do not, the device no longer boots.
The BlackBerry Secure Foundations Feature Pack is aimed at enabling product suppliers to harden the operating system kernel and lock down software being executed.
This includes secure boot and ARM Trustzone technology to generate, use and store encryption keys used for various software operations. It also includes the BlackBerry Integrity Detection service which generates real-time “health” reports that can be accessed by users and trusted third-party applications.
The BlackBerry Secure Enterprise Feature Pack is aimed at devices that will be used in regulated or restricted environments as it enables deeper management and control beyond what is standard in Android Enterprise.
Through extended device management policies deployed on the device, BlackBerry said enterprises could protect their data by controlling what can be accessed via device debug interfaces, communication protocols such as Bluetooth, and cellular, Wi-Fi and GPS communication channels.
In 2018, IoT technology firms began signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard.
In October, the UK published a voluntary code of practice (CoP) to help manufacturers boost the security of internet-connected devices that make up the internet of things (IoT).
Tech companies HP and Centrica Hive were the first to commit to implement the CoP by 2021. The code is aimed at encouraging innovation while ensuring tech consumers are safe by addressing potential security vulnerabilities at the design stage.
Although the CoP is aimed at consumer products, the UK government hopes it will establish standards and principles that will filter through to the industrial, enterprise and other IoT markets. Also, government departments plan to engage with individual sectors about industry-specific IoT security issues.
In view of the risk posed by IoT devices, the UK is leading global efforts to improve the security of internet-connected devices by encouraging device makers to embed security into the design of new technology rather than bolt it on afterwards.
Industry: Cyber Security News
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.