Security On The Brain

Granted, I had privacy on the brain, so perhaps I may be forgiven my gullibility. I had just returned from a pretty compelling keynote address at last week's Embedded Security Seminar in Boston, which was hosted by several of CRN's sister publications in the electronics engineering space. CRN produces a quarterly magazine called Embedded Computing Solutions (www.ecsmag.com) with one of those sister pubs, EETimes.

The theme for this keynote centered on why, as the Internet increasingly becomes a network of devices rather than PCs, servers and related network infrastructure, security will become even more critical--and more difficult to pull off.

To illustrate his point, keynote speaker Kevin Ashton, vice president at ThingMagic, a Cambridge, Mass.-based company focused on RFID and sensors, pointed out that many embedded technologies lag those of the IT world. And we'll all agree that classic IT infrastructure still has a pretty serious insecurity complex.

To make matters worse, Ashton contends, RFID by its very nature is security-challenged. It is a technology that is resource-constrained (after all, we're talking a teeny chip and an antenna here), its channel of communication is prone to eavesdropping, and it is promiscuous by nature--that is, it's the job of RFID technology to share data. It could enable corporate espionage or, worse still, cause serious privacy breaches. "Our job is to negate those threats without getting in the way of the benefits," he said.

Of course, RFID isn't exactly ubiquitous right now, so you might feel inclined to shrug off this topic altogether. But security solution providers should consider devices like this as they help customers plan their broader security strategies. After all, if the devices themselves are so insecure, the task of protecting the privacy of the data they share will fall to those with infrastructure and data-center practices.

How security-minded are you? HEATHER CLANCY, Editor at CRN, welcomes your comments at [email protected].