Month: March 2020

Security Token Offerings Find a New Dawn with Blockchain Compatible Programmable HSMs

 

With the explosion of distributed ledger technology (DLT) as a safe and secure solution for the transparent handling and sharing of information across organizations, many are quick to jump on the DLT bandwagon. With blockchain’s industry value estimated to hit $23B by 2023, it’s hard to keep track of the blockchain-based financial solutions taking off left and right, such as ICOs and STOs.

Proponents of the distributed ledger technology known as blockchain consider it to be one of the best ways to secure transactions. But while blockchains have many desirable features –– such as transaction efficiency –– there are still other conditions to consider when it comes to leveraging its technology.

The publication of DTCC’s most recent paper on the matter outlines key risks associated with the use of the DLT technology, and an acknowledgment of the many security risks still associated with its use for both small businesses and enterprises alike. As the industry grows though, so do its risks.

As security concerns related to the use of blockchain have continued to raise alarm bells across the nascent industry, the growing consensus among blockchain security experts highlights the need for blockchain-compatible security KMS solutions that will directly address the threat of data theft and exploitation.

The excitement surrounding the use of Initial Coin Offerings (ICOs) over the past few years has been tainted by an onslaught of hacks, scams, and pivotal mistakes committed by investors. As it turns out, one of crypto’s biggest appeals — limited oversight and government regulation — also proves to be its greatest vulnerability.

But crypto assets are a new dawn. With the inception of the Security Token Offering (STO), the cryptosphere is beginning to reach true legitimacy in the financial world. Today, services such as Tokensoft’s offer a full suite of technology and consulting services for investors –– helping them maintain, trade and manage the entire lifecycle of a digital security.

Earlier this month TokenSoft announced its partnership with Tel Aviv-based cybersecurity firm Hub Security to provide clients of its transfer agent access to military-grade HSM protection. The military-grade hardware update ensures investor’s tokens and assets are safe and secure with Hub Security’s next-gen flexible HSM and independent OS for the encryption, management and distribution of keys.

“TokenSoft’s new partnership with Hub Security allows us to provide members with top-tier, military-grade protection for their tokens, keys and assets –– accessible from anywhere in the world,” said Mason Borda, TokenSoft’s CEO.

Hub Security’s miniHSM device is the first of its kind to attempt to address the threat of data theft and exploitation head on. Built uniquely for the use of tokens, cryptocurrencies and other blockchain-based products, the device offers scalable, air-tight security that can support any blockchain-based digital asset.

HUB Security’s combination of hardware and software KMS solutions includes ultra-secure internal signing authorization flow with a multi-signature vault, hardware firewall, access control, and a deep neural network learning system designed to anticipate and prevent cyberattacks.

Join Hub Security and TokenSoft online on Thursday, April 2nd for a free webinar with TokenSoft CEO, Mason Borda, to discuss the regulatory and security concerns surrounding the use and management of STOs.

Tokensoft Partners with Hub Security for Programmable HSM

Covid-19 prevents people from coming to work and operating the on-premise security systems that controls large amounts of assets. Hub security enables to do that remotely with the same security standard

EY Launches Baseline Protocol for the Public Ethereum Blockchain

 

EY announced in early March the launch of its Baseline protocol project. The new initiative is a an open-sourced paackage of blockchain tools that will allow enterprises to build and deploy blockchain-based products securely and privately on the public Ethereum blockchain. The project is part of a joint effort between EY, ConsenSys and Microsoft.

The Baseline protocol leverages several technologies, including zero knowledge proofs, off-chain storage and distributed identity management so that enterprises can define and synchronize processes and agreements using common standards, with full privacy, and without storing sensitive business information on the blockchain itself.

“This initiative builds on that groundwork and starts filling in gaps such as enterprise directories and private business logic so enterprises will be able to run end-to-end processes like procurement with strong privacy,” said Paul Brody, EY Global Blockchain Leader.

The Baseline protocol will also support smart contracts and industry-wide tokenization standards. In doing so, they will enable an ecosystem of interoperable business services. Key process outputs like purchase orders and receivables are tokenized and integrated into the decentralized finance (DeFi) ecosystem.

The initial release of the Baseline protocol includes the process design and key components to enable volume purchase agreements and lays the groundwork for blockchain applications that link supply chain traceability with commerce and financial services.

“With the Baseline protocol, we are developing enterprise processes that are ecosystem ready because they are being built in a truly blockchain-native manner. When delivered on the public Ethereum network, this will drive adoption and the whole ecosystem,” said Yorke Rhodes, Principal Program Manager of Blockchain at Microsoft.

By supporting smart contracts and tokenization, as well as integrating into a DeFi ecosystem, enterprises will have access to an extensive toolbox of resources with which to research and develop blockchain solutions. The protocol enables confidential and complex collaboration between companies and enterprises without leaving sensitive data on-chain.

Heightened Coronavirus Travel Ban Raises Cybersecurity Risks & Threats

While the World Health Organization (WHO) hasn’t declared the novel coronavirus a global pandemic yet, the infectious disease continues to spread at a rapid pace, affecting both the global economy and global health. The virus has been detected inover 85 countries as of Money and data from Johns Hopkins University confirms more than 110,000 cases of the virus attributed to the COVID-19 disease.

In an attempt to control the spread of the virus, we’ve seen an increase in restrictions on travel. Last week the US announced that travelers coming into the US on direct flights from Italy and South Korea will be screened for symptoms, while travelers from China are already being screened. One sector of the tech economy already feeling the immediate impact of the changing policies is industry events. From travel bans to bans of large gatherings, officials are canceling industry conferences left and right; leaving conference organizers, attendees, exhibitors, and sponsors scrambling to make new plans.

But now, due to the coronavirus outbreak and an increase in travel restrictions, the way we work may be undergoing a radical shift. Now more remote workers are working from home than ever as the global workforce shifts to mitigate the spread of COVID-19. Soon the cohorts working from home will grow into armies as the Chinese Lunar New Year comes to an end and Chinese companies begin restarting operations. Now because of the heightened pace of coronavirus’s spread, the return to work is likely to usher in the world’s largest work-from-home experiment. In 2020, working from home is no longer a privilege –– it’s a necessity.

While we won’t know the coronavirus’s effects on the overall nature of work for some time, we do know that working from home lends serious questions to the heightened cybersecurity risk for many InfoSec and IT security employees. Unlike working from the office, working from home often means working in an unsecured environment. This shift’s effect on many working specifically in banking and cloud enterprise should cause alarm. Employees with high-access management permissions should be on high alert as they self-quarantine, especially if they are responsible for accessing highly sensitive financial, business or consumer data without proper endpoint security measures in place.

In another risk, outlined in a December 2019 weekly tech advice column, the FBI’s Portland office released an ominous warning to US homeowners, “Your fridge and your laptop should not be on the same network.” That’s because your most vulnerable IoT devices –– think wireless cameras, baby monitors, smart thermostats and smart locks, all hold unique vulnerabilities that can be easily exploited. It’s no secret in the cybersecurity world that today’s hackers specifically target home IoT devices to gain entry to your home’s wireless network.

The FBI’s best advice for keeping your devices secure and safe? “Keep your most private, sensitive data on a separate system from your other IoT devices.” According to the FBI’s recommendation, you should have two routers at home: one for your IoT devices and another one for your more private devices.

Whatever the future of work may look like, the cybersecurity implications of a home-based workforce cannot be denied. Companies and cybersecurity professionals must mobilize to provide their organization’s workforce with proper cybersec and threat prevention training. In order to mitigate the cyber risks of a home workforce, heightened education and training is needed for the cyber risks associated with the post-corona economy.

Learn more about Hub Security’s miniHSm device and military-grade key management solutions and how they can help you stay secure and protected –– no matter where you’re working from.

DTCC Paper Outlines New Approach to DLT Implementation

 

A paper published February by the Depository Trust & Clearing Corporation (DTCC) calls for a more coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. With the adoption of distributed ledger technology (DLT) expected to grow in financial services, the DTCC’s white paper, Security of DLT Networks, outlines recommendations for establishing a comprehensive industry-wide DLT Security Framework.

Established in 1999, the DTCC is a holding company that consists of five clearing corporations and one depository, making it the world’s largest financial services corporation dealing in post-trade transactions. In 2011, the DTCC settled the vast majority of securities transactions in the United States and close to $1.7 quadrillion in value worldwide, making it by far the highest financial value processor in the world.

The paper outlines the need for today’s organizations to review existing security guidelines, gaps in their approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an Industry Consortium to spearhead this topic.

“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC. “DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”

According to the paper, the establishment of a DLT Security Framework would:

  • Assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management.
  • Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information.
  • Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.

Many enterprises are beginning to pilot and deploy DLT technology. While many of these blockchain-based solutions are generally considered secure, as DTCC notes, they are not immune to security risks or regulatory constraints. Companies must begin to consider the security implications associated with the use of DLT as early on in the project as possible. If there’s one take away from the paper’s release, it’s a crude warning to organizations: take careful consideration of your DLT solution’s security before writing a single line of code.

Scroll to top

JOIN OUR NEWSLETTER

Keep up with cyber security news!