Go to content Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

My first visit to New Orleans and first CIS (Cloud Identity Summit) was exceptional and many thanks to the organisers for inviting me to talk about trust technology in IoT devices. My talk paled in comparison to Frank Abagnale’s recounting of his life story (which was somewhat less glamorous than portrayed in Catch Me If You Can), an interview with General Petraeus and a very authentic and heartfelt keynote by Andre Durand having just sold Ping Identity to Vista Equity Partners. The toughest part of CIS was choosing which sessions to attend, particularly when so many other talks ran concurrently with mine.

As an outsider to the industry (a non-Identerati), I sensed a lot of past focus on users interacting with apps served through websites, but this is where things are changing. Mobile devices with native apps now outnumber accesses by traditional browser. In the IoT world, apps can live anywhere – on small edge nodes, mobile apps, gateway devices (eg VMWare Liota) and in the cloud. The good news is that many of these devices are built to be more secure than untrusted browsers. They need to be if they are going to interact with the real world. We need to Identify All the Things.

A talk from Ian Glazer of Salesforce was revealing – The Identerati covet their InfoSec peers’ professional qualifications, and lament having none to reflect their own accomplishments. This is strange because many of the talks delivered hammer blows to yesterday’s Infosec technology – VPNs, firewalls, anti-virus, passwords – they are all proclaimed dead. The perimeter no longer exists; the new security model should assume that attackers are already inside an organization. If that’s the case, then why covet those InfoSec qualifications? Many InfoSec problems start with poor identification and enrolment, compromised authentication and over-permissioned authorizations. The Identerati don’t need to look backward; they need to keep forging ahead for Identity is the new Infosec – Forrester shows where the money is going.  We need to Identify all the Users.

Related content

The Benefits of Trusted User Interface (TUI)

Trusted User Interfaces (TUIs) are the next big thing for securing critical mobile apps. The Trusted User Interface feature allows a Trusted Application to interact directly with the user via a common display and touch screen, completely isolated from the main device OS.


What is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment (TEE) is an environment for executing code, in which those executing the code can have high levels of trust in that surrounding environment, because it can ignore threats from the rest of the device.


What is TrustZone?

Arm® TrustZone® technology provides a cost-effective methodology to isolate security critical components in a system, by hardware separating a rich operating system, from a much smaller, secure operating system.



All Internet of Things posts
Back to top