Ericsson has debuted a range of security solutions aimed at making the networked society a safe place for individuals, businesses and societies to connect.
Jonathan Olsson, security specialist, Group Function Technology at Ericsson, points out that connectivity is already revolutionising areas like medicine and education but that new security approaches need to be adopted.
“As more services migrate to the cloud, and more information is held in the cloud, it is clear we need data-centric security solutions,” he says.
Ericsson holds a number of perspectives relating to the networked society:
* Services should always be available;
* Security should require minimum effort from users;
* Communications should be protected;
* All access to information and data should be authorised;
* Manipulation of data in the networks should be possible to detect; and
* The right to privacy should be protected.
Ericsson focuses on large scale security, mainly on large telecoms networks servicing millions of users.
“We believe security and governance needs to be a part of all networks,” says Olsson. “The way to secure the networked society we need to build security in from the start.”
Pedro Calderon, product management, product line authentication and digital ID business unit support solutions at Ericsson, points out that the company has a particular focus on authentication and identity.
“We build on the perspective that security is available everywhere with little effort and with user privacy,” he says.
Among the solutions available from Ericsson are trusted proxy, IMS and Volte, media delivery, IoT/M2m, and mobile identity.
“All these solutions are cloud ready, and ready to be deployed in networks,” Calderon says. “The networked society for Ericsson consists of billions – or tens of billions – of physical objects and they need to be simple, scalable, cost effective, secure and with end to end solutions.”
For the Internet of Things (IoT) environment, Ericsson has launched the first network-based authentication (GBA) implementation over LTE/WiFi for IOT/M2M in the world. This is a scalable, certificate independent E2E solution for IoT capillary networks, future-proofed with AKA-based 5G security.
These solutions can be used in a diversity of applications within industry, agriculture and smart buildings, Calderon adds.
Stefan Jung, head of product line security business unit, cloud and IP at Ericsson points out that the traditional approach to cyber-security is to build a fence around the data.
But this approach, he says has some fundamental flaws: there is no guarantee the fence is working; supervisors, courts and the public have no transparency; cloud computing means the perimeter blurs; and over 50% of electronic fraud is conducted by insiders.
“Data-centric security, on the other hand, ensures that the data within the organisation is not compromised,” Jung says. “We turn the paradigm upside down, bring the protection to the data itself.
“We cannot only secure the data, also look at the data that builds the system – so the configuration, execution files, firmware, implementation environment, event logs etc. All of these assets can be protected and verify their authenticity. So we instrument the assets ,which instruments that state of the system.”
To this end, Ericsson has launched four new solutions, supported by different products. They are:
* Ericsson Cybersecurity – prevent the environment from being compromised; give you situational awareness of the network and assets;
* Ericsson Big Data Regulatory Compliance – apply technology to solve the challenge of regulatory compliance; can mathematically prove that the information is protected from the data lake through processing and to storage according to regulations;
* Ericsson Industrial Infrastructure Assurance – applies to any industrial control loop that is automated, securing the infrastructure and monitoring it; and
* Ericsson Internet-of-Things Security – secure the integrity of any IoT environment; could be smart metering, connected vehicle. The essence is to secure the machine or device to ensure it maintains its integrity and the data that it produces is correct.
The products to support these solutions are Ericsson Security Operations Centre Manager, Ericsson Security Appliance; Ericsson Global Signing as-a-Service and Ericsson Global Identity as-a-Service.
“The solutions focus on the integrity part of the security triad,” says Jung. “It’s not as much about the confidentiality or privacy, but securing the integrity of the underlying data assets. We believe this is the area currently most poorly served.”
He adds that integrity matters, and cites the example of a car. “An integrity breach of your car could mean the brakes stop working, whereas a confidentiality breach would expose your braking pattern.”
In other news, Ericsson has concluded an exclusive partnership with Guardtime, which has a global infrastructure that allows the signing and verification of large data sets.
Keyless Signature Infrastructure (KSI) is a blockchain technology invented by Guardtime, and acts as a public ledger that provides proof of time, integrity and identity of electronic data.
It has been used by governments since 2007, and will be made available for global enterprises by Ericsson in 2015.
The company has also signed an agreement with Intel to secure the billions of devices that will soon be networked.
The ecosystem has changed and perimeter protection is no longer sufficient,” Olsson says.
“Traditionally what has been connected to the mobile network was the mobile phone. As we look ahead, it is no longer just the handset: there are sensors, cars, appliances and more. How can we ensure these devices meet the same levels of security as the mobile phone? Some of these devices will be very cheap and cost-sensitive.
“Once there are 50-billion connected devices, they will all be targets for attack and can be used to leverage attacks against other devices and the networked infrastructure,” Olsson adds.
“Together with Intel we aim to leverage on our domain competence: understanding how the networks work, how devices connect; and couple that with Intel’s competence to provide useful insights to let the operate get insights into the network what devices are compromised and how, get situational awareness and provide early response capabilities to the operator.
“There will be numerous benefits for the operator: protection for customers, value added services, let them protect network assets as well as benefits like reducing operational expense and protecting their own brand image as a trusted provider.”
Ericsson and Intel are currently working on a proof of concept for these insights.