BlackBerry licenses security tech to IoT device makers
When asked about future purchases, respondents said they were more likely to choose a product or do business with a company that had a strong reputation for data security and privacy.
To address this concern, BlackBerry announced at the Consumer Electronics Show (CES) in Las Vegas that it is to license its trusted software framework to enable device makers to build smart products securely without having to develop their own technology and cyber security expertise.
Once developed, BlackBerry’s team of cyber security experts will review each device, awarding BlackBerry Secure certification to show that the required level of data security and trust has been met.
“2019 will be the year consumers will begin to vote with their wallets and seek out products that promise a higher level of security and data privacy,” said Alex Thurber, senior vice-president and general manager of mobility solutions at BlackBerry.
“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers and enterprises want to buy and use,” he said.
Thurber described the initiative as “a pivotal point” in BlackBerry’s software licensing strategy. “It underscores BlackBerry’s evolution from providing the most secure smartphones to delivering the trusted security for all smart ‘things’,” he said.
From today, device makers will have the choice of three “feature packs” which build on each other and provide various levels of management and control.
The BlackBerry Secure Enablement Feature Pack offers secure manufacturing and product lifecycle management features.
This means BlackBerry will provide a manufacturing station that provides a hardware root of trust and is connected to the company’s Network Operation Centre that is monitored 24/7 for uptime and reliability. During manufacturing, a BlackBerry identity key is injected into the hardware and recorded on a secure server. At launch and periodically throughout the product’s lifecycle, checks will be performed to verify that the two keys match. If they do not, the device no longer boots.
The BlackBerry Secure Foundations Feature Pack is aimed at enabling product suppliers to harden the operating system kernel and lock down software being executed.
This includes secure boot and ARM Trustzone technology to generate, use and store encryption keys used for various software operations. It also includes the BlackBerry Integrity Detection service which generates real-time “health” reports that can be accessed by users and trusted third-party applications.
The BlackBerry Secure Enterprise Feature Pack is aimed at devices that will be used in regulated or restricted environments as it enables deeper management and control beyond what is standard in Android Enterprise.
Through extended device management policies deployed on the device, BlackBerry said enterprises could protect their data by controlling what can be accessed via device debug interfaces, communication protocols such as Bluetooth, and cellular, Wi-Fi and GPS communication channels.
In 2018, IoT technology firms began signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard.
In October, the UK published a voluntary code of practice (CoP) to help manufacturers boost the security of internet-connected devices that make up the internet of things (IoT).
Tech companies HP and Centrica Hive were the first to commit to implement the CoP by 2021. The code is aimed at encouraging innovation while ensuring tech consumers are safe by addressing potential security vulnerabilities at the design stage.
Although the CoP is aimed at consumer products, the UK government hopes it will establish standards and principles that will filter through to the industrial, enterprise and other IoT markets. Also, government departments plan to engage with individual sectors about industry-specific IoT security issues.
In view of the risk posed by IoT devices, the UK is leading global efforts to improve the security of internet-connected devices by encouraging device makers to embed security into the design of new technology rather than bolt it on afterwards.
Industry: Cyber Security News
- Senior Cyber Security Analyst / Engineer. Exclusive role
- United Kingdom
Senior Cyber Security Analyst / Engineer. Exclusive role Hybrid role- Travel to London once a month. ROLE Day to day operations, management and scalability of existing cyber security systems. Advanced triaging and troubleshooting security alerts. Improve tooling, reducing false positives. Improve processes and documentation Reviewing, approving, escalating security change management requests. Implementing new cyber security systems. Managing of and maturing security tooling such as; SIEM Vulnerability management Firewalls Patch management CASB Ideal technical experience Vulnerability Management: Qualys Forcepoint: CASB, DLP, web security, email security Microsoft Defender for Endpoint SIEM (Splunk) Firewalls: Cisco, Palo Alto, Juniper, Sonicwall IDS: Alert Logic Microsoft Cloud App Security Microsoft Azure ManageEngine ADAudit Plus Darktrace, Cloudflare, Cisco Umbrella, Imperva WAF Appreciation of ISO27001, GDPR, PCI, etc
- Security Operations Senior Technical Analyst, Financial Services. Exclusive to DCL Search
- 75000 + benefits
Exclusive Security Operations - Senior Technical Analyst (x2) needed within a forward thinking financial services business head quartered in London. DCL Search have been engaged on an Identifier Project to attract the very best cyber talent to this business. Influence the cyber security capability and direction within the business. Learn new skills working within a collaborative team. Grow as a security professional. ROLE Triaging and troubleshooting security alerts. Improve tooling, reducing false positives. Improve processes and documentation Reviewing, approving, escalating security change management requests. Day to day operations, management and scalability of existing cyber security systems. Implementing new cyber security systems. Managing of and maturing security tooling such as; SIEM Vulnerability management Firewalls Patch management CASB Ideal technical experience Vulnerability Management: Qualys Forcepoint: CASB, DLP, web security, email security Microsoft Defender for Endpoint SIEM (Splunk) Firewalls: Cisco, Palo Alto, Juniper, Sonicwall IDS: Alert Logic Microsoft Cloud App Security Microsoft Azure ManageEngine ADAudit Plus Darktrace, Cloudflare, Cisco Umbrella, Imperva WAF Appreciation of ISO27001, GDPR, PCI, etc 2 days a fortnight in London- or more if you want.. Hybrid reworking.
- It's Pen Testing Chris, but not as we’ve know it.
- United Kingdom
5 reasons, as long as you are a skilled penetration tester (and a nice person) this may be different enough for you. Healthy package for the right talents- before you ask up to 95k+ (depending on skillset). Yes permanent only. Remotely based with the occasional time to meet up- unless you enjoy retiring from society. BUT UK based but not UK client focused. Research and training time- A dedicated trainer with budget for you to sharpen / develop skills. You can make your stamp. It’s a new role for someone technical to deliver, lead and shape a testing capability. No political shenanigans etc Exclusive to DCL Search and not one of the usual names. So you can dramatically increase your chances of securing it. Infrastructure pen testing and Web app / Manual penetration testing experience highly valued. Someone that can scope, deliver pen testing, report and not be useless in front of clients. Apply today to find out more. Or email Chris.Holt@dclsearch.com Or call 07884666351 This is a UK based role.
- Ping Contractor-
- Depends on skills and experience
Looking for experienced PIng Consultants, Looking for consultant with Implemenation or Architect experience in the Ping product set (Ping Identity, Ping Federate, Ping Access, Ping Directory, Ping Adapter development, SDK etc) This would be for implementation projects, working across UK. You will be responsible for providing implementation services to our clients from information gathering through to implementation. Evaluating client business, process, systems, and technology requirements and advise clients on best practices to help guide and solidify proposed designs. Manage Client expectations, Stakeholder Managment, ensuring design Matches business requirements