Tag Archive for: obsolete

How the Modern Data Landscape Made the Traditional Cybersecurity Approach Obsolete


From the news headlines, we know that data breaches are on the rise – both in frequency and scale. While this reality is unsettling, it’s not surprising. That is because the volume of data being collected and stored by organizations continues to grow exponentially each year. Every day, the global population creates 2.5 quintillion bytes of data, and some estimates state that by the end of 2022, 97 zettabytes (one zettabyte is one trillion gigabytes) of data will be created, captured, copied, and consumed worldwide. 

This data is valuable and, therefore, attractive to cybercriminals to steal or manipulate to conduct fraud, sell on, or hold for ransom. Organizations are well aware of the threats to data and invest heavily in cybersecurity measures. However, despite this, data breaches continue to occur. To understand why we need to look at how the data landscape has changed in the last decade and how that has made traditional cybersecurity frameworks and playbooks obsolete.

The data landscape pre-2010

Before 2010 and the mass internet adoption spurred on by the invention of the smartphone, organizations had a relatively well-defined and controlled footprint of people, processes, and technology that were used to capture, process, and store data.

Pre-2010 Data Landscape

At that time, data was still largely collected using paper. This data was generally provided to a  handful of employees (i.e. Data Entry Operators) who had been strongly verified by the organization. They entered this data into monolithic and green screen applications, which stored the data in a handful of enterprise databases that were available at the time. All this was largely run within the organization’s own data centers, under the control of their IT and security teams.

The data landscape post-2010

Mass adoption of the internet and the digitization of the economy since 2010 have seen a significant shift in our data practices and processes.

Post 2010 Data Landscape

Today we have hundreds or even thousands of people (ie. customers), entering data via web and mobile apps. These users are poorly verified, often requiring as little as an email address to get access. Gone are the centralized monolithic and green screen applications, replaced by web and…

Source…

What is FIDO? How this initiative aims to make passwords obsolete


FIDO definition: What is the FIDO Alliance and what does FIDO stand for?

The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography. To achieve that goal, the FIDO Alliance has developed a series of technical specifications that websites and other service providers can use to move away from password-based security. In particular, the FIDO specs allow service providers to take advantage of biometric and other hardware-based security measures, either from specialized hardware security gadgets or the biometric features built into most new smartphones and some PCs.

The FIDO Alliance came together in 2013 as security pros working at PayPal, Lenovo, and other companies began to get fed up with various password-based security holes. The group has been plugging away at its goal for a while — “FIDO Alliance Says, Forget Passwords!”, CSO declared not long after the group started up — but with biometric readers becoming more and more prevalent and a new set of specs that are easy to integrate into standard webpages via JavaScript APIs, our passwordless future may finally be in sight. FIDO Alliance members include some of the biggest names in tech and media, so this initiative has muscle behind it. 

FIDO specifications

Before we get into the individual FIDO specifications, we need discuss the principle that they’re all based on: public key cryptography. In this form of cryptography, each communicating party uses two keys — very large numbers — to encrypt messages via an encryption algorithm. Each party shares a public key that’s used to encode a message, which can only be decoded by a private key, which is kept secret. The two keys are related by some mathematical operation that would be difficult or impossible to reverse — for instance, the private key might be two very long prime numbers and the public key would be the number you get by multiplying those two primes together. (For more on how this works, check out CSO’s explainer on cryptography.)

Public key cryptography is already the basis for most…

Source…

MIT’s new 5-atom quantum computer could make today’s encryption obsolete

Much of the encryption world today depends on the challenge of factoring large numbers, but scientists now say they’ve created the first five-atom quantum computer with the potential to crack the security of traditional encryption schemes.

In traditional computing, numbers are represented by either 0s or 1s, but quantum computing relies on atomic-scale units, or “qubits,” that can be simultaneously 0 and 1 — a state known as a superposition that’s far more efficient. It typically takes about 12 qubits to factor the number 15, but researchers at MIT and the University of Innsbruck in Austria have found a way to pare that down to five qubits, each represented by a single atom, they said this week.

To read this article in full or to leave a comment, please click here

Network World Security

‘When will IPv4 become obsolete?’

On Reddit’s forum devoted to networking – r/networking – a user asks: “I know that IPv4 is all out of addresses, and most devices are running both IPv4 and IPv6. How long is it going to take before we no longer see both addresses on a device, but only IPv6? 5 years? 10 years? 20 years? Does anyone have an estimate?”

Oh, yes, they do; in fact, 82 Redditors offer their views on the matter. Here are a few that represent the general tenor:

  • Well since I still support IPX for some legacy apps … in 100 years.
  • Right after POTS dies. And then only after another 30 years.
  • General IPv6 adoption is 18 months away. My college prof told me this in 1995, and he’s still right.
  • Not in our career lifetime.
  • IPv6 will take off during the year of the Linux desktop. You’ll pull IPv4 from my cold, dead hands…

But there were also a fair number of more nuanced replies:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara