Q. IoTsecurity seems to be in prime focus now. In a brief, what is being done here?
A. IoT is a point of interest. We are preparing ourselves for the Internet of Things. From a research angle RSA is doing a whole lot of activities, making sure that the user and his devices are synonymously authenticated. With respect to security and authentication there is work being done on biometrics or some form of wearables which should not get compromised. The things that we use daily are in focushere. Health monitoring, appliances, transportation are all the traditional data points which IoT is following.
Q. What are the evolving techniques of authentication surrounding smart devices?
A. We are building tools to identify threats by leveraging technology to monitor these smart devices. There are multifactor and risk based authentication techniques so that every device can go ahead and authenticate based upon their unique characteristics that they have. That unique system of authentication becomes the token for authentication.
Q. Should enterprises look out for external help/ assistance especially from open source communities for tackling security issues; given most of the electronic devices in the world are vulnerable?
A. Two things, attackers are becoming more and more powerful and attackers are collaborating way better than we are. Enterprises have a commercial angle to develop and deploy the protocols. There should be involvement of Open source community so that unified protocolcould be developed. This would help develop business and collaborative consensus.
There cannot be a system which is connected and hundred percent secure; theoretically. There can be venues of compromise and that is where RSA has effective expertise in place.
Q. Can attacks on a connected environment be routed through a friendly using an unusually friendly behaviour? Can artificial intelligence beat that?
A. Primarily artificial intelligence could be used here to understand what good behaviour is. The behaviour patterns are not just about people. It is also about systems that are interacting with themselvestheoretically. There is entity behaviour, Software process behaviour, communication behaviour and various levels of behaviour and analytical process could help benchmark. At those granular levels the patterns have to belooked at and learnt. To learn those, we have to use machine learning technologies etc. RSA’s User-entity behavioural analysis is a module which is built on Artificial Intelligence (AI) algorithms with machine learning capabilities to overcome this level of complexity.
Q. “Using biometric scans for ensuring security”- the next stage in authentication?
A. I strongly believe that there will be human health aspects that at some point of time will become authenticators by themselves.But a word of caution still looms. There are certain constantlyevolving bots simulating physical world characteristics; that can make it indistinguishableto real world entities to identify and blacklist/ quarantine. Suchnon-human entities are generating data by themselves too. The fraudsters can use such technology to imitate human behaviour. Most of this is virtualisation but flip side is today you cannot; but tomorrow you most probably will.