[apss_share networks=’linkedin, twitter, google-plus, email, print’]
Brad Chisum is the CEO of Chronodyne. Previously, he was Product Manager of TDS MEMS Inertial Sensors at Google and co-founded and served as CEO for TDS MEMS Inertial Sensor firm Lumedyne Technologies, Inc. prior to its acquisition. Chisum has also held engineering and management positions at the U.S. Space and Naval Warfare Defense Systems Command (SPAWAR), and with semiconductor manufacturer STMicroelectronics. He is a member of the FHOOSH Board of Advisors.
“The problem is that every system can be hacked, so data needs to be secured in such a way that hackers can’t make use of it if they get it. At the same time, user experience is also a critically important item on the minds of executives—the security system used needs to not compromise the user experience. This is why FHOOSH is so exciting.”
Q: Given your background with endpoint sensors, what’s your take on security and IoT?
A: We are just entering a new era in the way that information is stored and processed. The Internet is pretty far along in moving information that was once stored on physical paper into electronic format in the cloud. With Internet of Things (IoT) entering the picture, measured data that was stored locally to the measurement (if it was stored at all) will now be moved to the cloud as well. Take a security system with a motion detector, for example. In most implementations today the motion information is not stored; there is simply a threshold for which a security alarm is triggered. But now, we can store that information in the cloud where we can analyze and process the data. What was previously a simplistic security system can now also be used to monitor foot traffic flow and create heat maps for retail stores to use to see how the foot traffic through their stores progresses through time. This could be used to optimize staffing loads and store hours.
But there are also new security concerns that go with this new information. For example, smart locks for the home are starting to become popular. With your phone, you can log in and see if your front door is locked or not; you can even unlock your door. This also means a time history of when your door was locked and unlocked can be made. Certainly this is the kind of information that needs to be kept secure. The IoT will quickly put all kinds of information in the cloud that people never had to think about protecting before.
Think about this example: Your location and your location history will be tracked by your cell phone. This can enable wonderful services, like telling you where you parked your car, or detect when you’re heading home and then adjust the thermostat in your house. But, just using location information, it would be possible for somebody else to learn if you recently stopped by an ATM or see if you are sufficiently far away from your house or car to commit burglary. Of course, IoT will bring better surveillance systems to protect us from the bad guys, but all that new data needs to be secured.
Q: What data security issues are capturing the most mindshare for C-level executives right now, and how does that differ from board-level top concerns?
A: For executives involved with enabling the IoT, security confidence is one of the biggest concerns. For customers to open their wallets and adopt these new technologies, they need to feel safe in doing so. And the media has been doing a pretty good job lately in giving us plenty of reasons to be concerned (think of all the credit card database hacks in the news lately… Now imagine stories where data gathered by IoT technology experienced the same thing).
It is critical that data security keeps up, or customers will be too nervous to adopt or use IoT technology. Even worse, there could be push-back from people and even governments to limit IoT technologies due to security concerns (think of the current issues with government regulations surrounding self-driving cars). The problem is that every system can be hacked, so data needs to be secured in such a way that hackers can’t make use of it if they get it.
At the same time, user experience is also a critically important item on the minds of executives—the security system used needs to not compromise the user experience. This is why FHOOSH is so exciting: they have built an elegant solution that simultaneously secures the data and speeds up the data transmission, both giving us data protection and improving the user experience at the same time.
Board-level folks will generally share the same concerns, although many boards can be more focused on “what could go wrong” than “what could go right.” As a result, they will be a little more conservative and worry about things like lawsuits and other financial obligations that could arise if security was compromised. They will also worry about a large drop in customers if a major data security violation event was reported in the news. So, they will constantly be looking to make sure that data security is strong and will want to see that the right security is in place before the rollout of a new product or service.
Q: What do you see as the top security concern commonalities and differences between corporate and military organizations?
A: At the end of the day, both are interested in protecting their data and both will be concerned with the speed of data transmission, although military organizations will be more tolerant of slower speeds if it means better security. Where they differ is that corporations interface with customers and those customers will not reliably support their side of data security. Military organizations can keep their data systems closed with few access points, but corporations need to interface with customers, suppliers and others, which means a more open system with many more access points.
Further, customers want multiple ways to access their data even as they put the responsibility of keeping that data secure on the company. As an example, I can check my bank account balance with my cell phone, desktop computer, landline phone or ATM, or I can visit a branch office in person. This all translates to a lot of access points for hackers. So companies need to work hard to prevent data from being hacked and they also need to work hard to make the data unusable if it is hacked. FHOOSH addresses this with the way its solutions break up, encrypt and disperse the data. When a hacker gets into an organizations’ enterprise, it will be as if the breached data was put through a paper shredder.
Q: What are the biggest security challenges facing companies you’ve been involved with, and how do they differ in larger vs. smaller organizations?
A: Large companies have the budgets and the knowledge to implement security properly, but their internal bureaucracy paired with the large number of people involved make them slow to act and prone to gaps in their security measures. Small companies often underestimate the challenge or simply do not know what their vulnerabilities are. In both cases, the simpler the solution, the more likely it is to be implemented and used. This is another area of strength for FHOOSH: the system they have built is very simple and flexible to implement and use.
Q: What do you see as the biggest opportunity for FHOOSH?
A: What makes FHOOSH so exciting is the large number of extremely big opportunities in front of them. But I think one of the biggest will be with data transferred by mobile devices. It is already possible to make purchases, access your bank account, unlock your house and start your car with your cell phone. In the not-too-distant future, the majority of people will adopt these uses and your cell phone will replace your credit cards, driver’s license and keys. That adds up to a lot of data that needs to be highly secure and transmitted quickly.