The Internet does bear some resemblance to the much ballyhooed American Wild West, with its somewhat anarchic disposition.Fortunes are made and lost online, and robbers and con-men lurk. But like the Wild West, the Internet, too, is gradually aging, the wild oats are growing into nicely tended fields, and some semblance of order is appearing. One of the policemen on the block is Carlos Moreira. And Swiss Style caught him between trips.
It’s midnight. Do you know where your data are? Seriously? It may sound flippant, but as things are evolving in the world of information technology, there will come a time in a not-too distant future, when this little needling thought could cause a few sleepless nights and long headaches in the business community. For Carlos Moreira, CEO of Wisekey and peripatetic promoter of online security, the question is crucial to the evolution of the digital world. Especially considering the drumfire of news about banks “losing” data to tax authorities, CDs bearing names and account information of heavy-duty German tax finaglers winding up with the Finanzamt, or companies and agencies getting penetrated in cyber attacks. “We are not talking about some hacker in China trying to shut down the electrical system in New York,” says Moreira. Cloak-and-dagger type warfare has been going on since World War Two and the famous ENIGMA encrypter, he points out.
What happened in Switzerland with the private banks was low-tech stuff, individuals getting a hold of the right identity and entering the bank’s database. “Some banks are still using dBase [one of the oldest database management systems, the Editor] and systems from the 1990s, with the client name and address in one file,” says the longtime specialist in electronic and information security. “Segregating and encrypting data is the kind of stuff you have to do each day, it’s like brushing your teeth.”
Moreira, who moved from work in academe to consulting and security for various international organisations including the ILO and EFTA, bundled his knowledge and experience and founded Wisekey in 1999. ID management and security, the company service as it were, were something of a niche area in the post dot. bomb era, and so the business grew by leaps and bounds. The key in Wisekey is an X.509 standards-based certificate containing information shared publicly and used as a form of digital identification. It can help protect an individual’s PII (Personal Identifiable Information). The user is also equipped with a private key to be kept confidential. This one is used to encrypt and decrypt sensitive communications. This system is a powerful tool in maintaining privacy online, and when extended to be used for the identification of objects and data, it goes a long way to making the Internet a more trusted environment.
“People wondered why you needed that level of security and segregation,” he recalls. Today, of course, online security is becoming essential. In spite of its apparent shapelessness, the Internet is anything but some ephemeral space. It consists of real hardware stashed in a wide variety of locations that is vulnerable to attack. And what happens on the web can have very real consequences in the real world, like businesses collapsing. “I used to say the Internet was in the contact phase, that is, people made contact, through Facebook, LinkedIn, and other social media,” says Moreira. ”Now we are in the contract phase, where people are able to do major contracts through the Internet, and the ‘R’ that turns contact into contract stands for ‘regulations’, because using the Internet as a contractual tool, people will demand regulations to guarantee secure transacting online.”
The WEF, which likes to draw international attention to certain topics, made cyber-security a major issue. Not surprisingly, Carlos Moreira was up in Davos earlier this year – not his first visit to the hallowed grounds – expounding on the subject with other interested parties, including none other than Bill Gates. His company was even given the WEF blessing as one of the world’s “hottest” 25 enterprises. The WEF accolade is important, Moreira feels, because important people are beginning to take a serious look at the problem he is trying to correct 24/7. “It’s a boardroom concern,” he says. “A few years ago, cybersecurity was the domain of engineers, experts in the company, but now it’s the board that is interested, because the company valuation could be annihilated in a single day given a successful attack.” Indeed, about USD 1 trillion are lost each year to cyber criminals.
Part of the problem has been a perceptional error. In Switzerland, for example, the “fortress mentality”, as Moreira calls it, held sway until fairly recently. “The bad guys were out there, and all one had to do was load up on software, hardware, firewalls, biometric systems,” says Moreira. The problem, he tried to tell many banks, was that the enemy was actually inside the bank, with a USB stick or a cell phone camera, simple technologies to collect information and bring it beyond the massive defensive walls. Nowadays, however, banks seem to be adopting more effective measures. They maintain greater control over staff members, give them digital IDs that permit better tracking and restrictions. Computers are encrypted as well, as are email programmes and other systems used in daily work. As such, the country has become something of a hub of innovation in the world of secure Internet, though it has learned the hard way.
As for the Internet itself, it remains an unregulated environment with powerful advocates for maintaining the openness – with all its copyright issues and web pages crowded with advertising. And the next great transformation is already in the making, announced almost discreetly for some years now through the convergence of telephony and computing and by the proliferation of iPads, iPods, and other lightweight, highly mobile technologies. “The Cloud”, used by Apple to make services and other applications available ubiquitously, is another one of those somewhat odd metaphors to rename the Internet.
For Carlos Moreira, the Cloud – or cloud computing – is the future, and it is upon us, with all its bells, whistles and warts. Essentially it means that any device features a far simpler architecture for the average user, at any rate: “The new generation is the C-gen, you could say, connect, click, communicate,” he suggests. “They are in front of their computers and don’t want to worry about hard disks, or where their data is, or how to transfer the stuff from an iPod to a laptop, to a television.” Of course, the Cloud is more than just a way to have lots of digital fun or check out what some virtual friend has eaten for breakfast at the Kuala Lumpur Starbucks. It offers genuine business opportunities as a centralised system where people can buy space, set up services, provide their subscribers or users with a secure and unique ID. “You don’t have to worry about data services, maintaining servers, and so on,” says Moreira.
Whatever the interface, it will no longer need all the heavy programmes that slow down computing or have to be updated every week. In fact, the computer itself is no longer smart, it is merely a conduit.
This brave new world of computing, which puts ever greater physical distance between the owner of data and the data itself, will have important repercussions on companies and organisations – including government – particularly those having to deal with masses of highly confidential information. “The old situation with VPNs, for example, was shaky,” says Moreira, ”losing a laptop meant losing emails, documents, even entire databases! That could compromise the entire organisation.” Today, data stored in the Cloud has to be encrypted, so an account manager travelling and needing, say, to read and sign a contract, will just have to log on with a secure ID, pick up the document, do his or her business, and log out. Objects and content are also given IDs, thus enhancing security and trust for extra security. In a virtual sense, the area of attack is kept to a minimum.
Of course, the Cloud is not a misty thing that floats above the earth. It has shape and heft, just like the servers making up the Internet. Even in its relatively inchoate current form, it is beginning to evolve as users make demands on physical location. Servers and data centres are, after all, vulnerable to local laws, of course, and even encrypted data can be seized by warrant or by force. On the one hand, there is growing demand for servers and data centres to be set up in specific areas or even countries to ensure sovereignty over the data. On the other hand, many organisations are calling for so-called private clouds, areas that are only accessible to authorised people and not shared with the hoi polloi of the Internet. “It’s like being in a disco or a stadium with a VIP area,” says Moreira, “everyone is watching the same match, but some have special credentials and can access certain services and data that others cannot.” All they will need is the right key to get into the golden door.
Essentially, the Cloud is nothing new, rather, it is the continuing evolution of what Marshall McLuhan already conceived as the Global Village, with computing becoming as simple, ubiquitous and natural as switching on a light. Naturally, given human history and the tendency of power structures to want to control as much information as possible, not only will regulations be needed for security, but also to guarantee the integrity and privacy of individual users. The greenness of the Internet and by extension the Cloud is also an issue that needs addressing, since cooling thousands of whirring servers costs a great deal of energy. On the positive side, however, easier accessibility and multi-terminal services will also reduce the need to travel. Moreira himself often confers with clients and engineers in India and Vietnam, for example, and he sees no problem with larger meetings being done virtually. It’s a question of paradigm, and that is shifting ever so quickly. And to think that just a few brief decades ago, Dick Tracy’s twoway wrist TV was so cool and absurd at the same time, it had to be relegated to the funnies page.
Article by Marton Radkai