“Cybersecurity: Threats to Communications Networks and Private-Sector Responses” – Part 9

Testimony of Bill Conner, President and CEO of Entrust

Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives

Part 9

Identity-Based Security

Finally, to truly secure your environment, you need a layered, identity-based security solution. You cannot have security and trust without knowing who or what is on both ends of a transaction.

To have that trust you must understand how digital identities are changing. Today’s identities go well beyond people and how we have traditionally thought of identity. Digital identities now include kiosks, servers, routers, mobile devices, applications, ATMs and even power meters.

This next generation of digital identities, including devices and application objects, will dwarf human identities in the next five years. Identity-based security brings this all together with the right level of security, enablement, risk and compliance to any transaction — regardless of identity type.

So, what do you need to know to secure identities?

You need to control physical and logical access to your facilities, computers, networks and any other devices that house important information or have access to your networks. And, increasingly, you will need to manage the “mobile” access of smartphones and tablets. Mobility has come of age and is the next wave of innovation — for good and for bad.

Of particular interest to this Subcommittee due to its jurisdiction, security may also rely on utilizing various telecommunications networks to conduct a single transaction. Verifying an online transaction by stepping outside that band is one simple example. Specifically, one option for parties conducting a transaction that is occurring over wired Internet connect is to agree to speak over a different network, perhaps by using a cell phone, to confirm the transaction and the identity of the users. That would ensure that any connection that may have been compromised is quickly identified before a transaction is completed.

Lastly, you need to ask your financial institution how your business is protected should it become a victim of a cyber fraud. You may be surprised that current regulations leave many small businesses unprotected, as we saw with the case of Hilary Machinery. The ball is in your court.

You cannot assume business accounts are covered under the same federal protection as consumer accounts. Any business needs to ask its bank what current security measures it has in place. For the reasons I outlined earlier, the threats are constantly changing and, therefore, accounts must be protected against the latest threats. Financial institutions must invest in security platforms that provide the flexibility to implement new approaches and adapt to future challenges.

What I have outlined is a layered security approach, which is necessary to ensure that the right level of security is being applied to the access or transaction that is being requested. Identity-based security solutions, like those from Entrust, help you do just that.