The Truth about Hardware-based Security: Why Everyone Claims to Have It and Why Almost No One Actually Does

When you turn on your computer, a BIOS chip is fired up which tells the computer where to look for the operating system (OS). It does this by activating a boot loader which looks for something called the kernel. The kernel does all the real work. It finds all the information to run the firmware connected to the computer (keyboard, mouse, drives, etc.). It also mediates between the hardware and the software. It is important to understand this vital role of the kernel to understand the difference between true and pseudo hardware separation and its relation to cyber security.

The idea that important data should be kept safe by separating it somehow from normal data forms the basis for all cyber security architectures. The best you can do is to have important data stored on a separate computer, physically and electronically isolated from all other computers and devices. This, however, doesn’t meet today’s standards of practicality. The ubiquity of mobile devices and their importance in facilitating efficient enterprise operations means that access to important data must be allowed but controlled at the same time. Data must be protected from irresponsible employee browsing and other behavior but, at the same time, must not overly restrict an employee’s private activity.  To this end, a variety of solutions have been developed. These include use of ‘The Cloud’, containerization, virtualization, and sandboxing. All of these can be considered as software solutions to data separation, and therein lies the problem. Because these are software solutions to security, cyber criminals have had no problems in finding flaws in the software code to compromise networks. Flawed software solutions to cyber security include such highly touted security architectures as Samsung’s Knox and Blackberry’s Secure Work Space.

slide 1

This weakness in software can be seen in the following diagram which shows where even the best separation architectures break down. The diagram graphically displays the importance of the role of the kernel in contributing to vulnerabilities in data separation solutions. As such, these solutions can, at best, be considered as only partial solutions. They do not exhibit the necessary traits of hardware separation.

slide 2

The obvious question is: Does a true hardware solution to cyber security exist? Thankfully, the answer is, yes. It has been developed by Virginia-based InZero Systems. Their WorkPlay Technology® architecture is the only solution that does not compromise the kernel. Any device that has this security architecture, be it tablet, smartphone, or computer, has two separate kernels. In short, the architecture divides one device into two – actually putting two separate operating systems on the same device without partitioning the hard drive.

slide 3

However, there is still one more question that needs to be answered: Is this a practical solution? In other words, can employees be free to use their devices in whatever ways they want while, at the same time, be able to access corporate information via their devices? After all, this is the ultimate goal of all BYOD (Bring Your Own Device) networks. The following chart shows how having two separate operating systems on one device can answer these questions.

slide 4

Here is the breakdown of how WorkPlay Technology® differs from other separation methods.

slide 5

But how convenient can such a security architecture be? Wouldn’t it require a complete reboot every time you change from the work side to the play side and visa versa? The answer is, no. This is not just disk partitioning. The change from work to play and play to work can be accomplished at the touch of an icon. In fact, the switch can be made in seconds. The diagram below show how one side ‘sleeps’ while the other side is activated.

slide 7

It doesn’t take much imagination to see the advantage of architecture that can, in effect, make one smartphone, tablet, or computer into two. Sure, a company could give out special smartphones and tablets for employees to use exclusively for accessing corporate data, but how secure would they really be? Besides, for larger companies, the expense of such a move may prove prohibitive.

An important point to note is that WorkPlay architecture is not industry-specific. Its very plasticity is one of its key advantages. It can be deployed in a variety of creative ways depending on how a particular enterprise wants to use it.

slide 8

For the government, for example, it could be used as follows.

slide 10

Given the power of hardware separation in security, it is really no surprise that mobile device manufacturers claim their products possess it. It is the security industry’s ‘gold standard’. However, few, if any, have security architecture that can allow for the existence of two completely different operating systems on one device. In other words, with WorkPlay Technology®, one could have an Android phone for the Play Zone and a Windows platform for the Work Zone.  In fact, any combination of operating systems is possible only because each system has a separate kernel.

The final question one must ask is this: If this security is so good, why hasn’t it already been widely adopted? There could be a number of answers to this question. First of all, the solution is relatively new and not widely known. Secondly, enterprises develop a certain inertia when it comes to security. They often stick with whatever software security they have, no matter how flawed, in the hope that upgrades will somehow make it better. The bigger the company or organization, the more likely they are to develop security inertia. The thought of redoing their security architecture from the ground up is just too daunting. In short, they compromise themselves through their own lethargy.

However, the U.S. Court of Appeals for the Third Circuit recently concluded that lethargy is no excuse for a security breach. The FTC now has the power to prosecute companies that don’t meet reasonable security standards. As agency Chairwoman Edith Ramirez commented, “the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.” Presently, those “reasonable steps” are not clearly defined, but companies will be under pressure to adopt the highest standards available or risk the consequences. It seems reasonable to expect hardware-based security solutions, like the WorkPlay solution, to become an industry and FTC standard in the years to come. Thus, despite whatever reluctance companies may have in updating their security, they may eventually be expected to do so or suffer the financial consequences.

2 thoughts on “The Truth about Hardware-based Security: Why Everyone Claims to Have It and Why Almost No One Actually Does

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s