After an extensive audit process, the Digital Trust Label has been awarded to Kudelski IoT keySTREAM™ – a system that provides functions to identify, secure, manage, authorise IoT devices, protect data, control access and actively secure and update devices over time. The Digital Trust Label indicates the trustworthiness of this digital system according to four dimensions in a clear, visual and non-technical language everyone can understand.
In this conversation with Kudelski IoT’s Christopher Schouten, Marketing Director, we talk about the difference between trust and security, security by design and Kudelski IoT’s role as a key actor in creating digital trust on a global scale.
Congratulations, you received the Digital Trust Label for Kudelski IoT keySTREAM™. Having undergone the audit process and been awarded the label, we count you among the pioneers in the digital trust sphere. Why was it important to you to have the service audited?
Kudelski has been creating digital trust for over 30 years – trust is at the heart of everything we do. We’re constantly telling the customers of our IoT Security Labs that an independent third-party analysis of their connected products is critical for their success. So we asked ourselves: Why should this be different for us? That’s why we chose to start the audit process with the Digital Trust Label.
Auditing plays a very important role at all Kudelski companies in general. It’s common practice here to have systems audited internally, too. We bring in development and testing teams who are trained to find the flaws in products so we can make them better. Having an independent view is critical to the quality and integrity of what you’ve built. Sometimes an independent audit validates what you already knew to be true – you built a safe, trustworthy product. And other times it highlights weak spots. Finding those flaws during testing is actually a good thing: This allows you to take targeted action to create a stronger product.
With 35 criteria in the four areas of security, data protection, reliability and fair user interaction our criteria catalogue is quite long. How did you ensure that keySTREAM™ was developed as a trustworthy digital service?
At Kudelski IoT, creating trustworthy digital services is not anyone’s job – it’s everyone’s job. We don’t think of it as a checklist and it’s not an afterthought either, it’s in our organisation’s DNA. Trust is what we sell and we have been doing so for over 30 years. We started our journey focusing on pay TV security and grew from there. A lot of what we learned there is applicable to the connected devices we use today. The only difference is that today there are more connected devices than ever before. They’re everywhere: From our water filters to doorbells, vacuum cleaners and refrigerators – everything in our lives is connected. That of course raises questions about privacy and even safety and highlights the need for a new way of looking at digital trust.
As Kudelski IoT, you are not only part of but also a leader in the field of cybersecurity. As you said, digital security is your business. How would you define the difference between security and trust?
In short: Trust is the goal; security is how we get there.
Developing trust is not a “one and done” project, it’s an everyday process. Circumstances and threat landscapes are constantly changing, which in turn means that we have to constantly evolve too. And that’s precisely why we created keySTREAM™. It provides you with functions to identify, authorise, secure, manage and update your IoT devices and ecosystems, protect your data, control access and actively secure and update them over time.
How, if at all, has the global discourse around digital trust and security changed?
Security companies like Kudelski have long predicted that there will be a point in history where there will be major consequences due to security breaches. And while we hear some of these stories every day, they have not yet reached a critical mass that is motivating companies to take security as seriously as they should. Companies are under incredible pressure to innovate and stay ahead of the competition, and they often sacrifice consideration of security in the process. But the question isn’t if this will change but when. We are starting to see a growing demand from consumers as well as increasing regulation from government and industry bodies to structurally improve security, safety and trust across all types of IoT devices and services. This will require more companies to address the security of their products, and Kudelski IoT is here to help them do that.
What is one aspect of building trust that is not yet talked about enough?
Security by design: Creating safe and secure systems that mitigate all relevant threats and create robust defenses against attack before they ever hit the marketplace. Trust might be able to be built between human beings over time, but with IoT devices it has to be built in from the start using smart threat and risk assessments, security architectures that address those risks, independent testing, and management of the entire security lifecyle throughout the lifetime of the device. In an IBM study, they estimated that for every USD you spend developing something that is bug-free and secure from the beginning, you’ll have to spend 60 to 80 times as much fixing it after it’s already released. So, in essence: “Getting it right the first time” is not just the ethical choice but ultimately an economical one.