Security Workplace Habits: In Device We Trust

Security Workplace Habits: In Device We Trust

It’s clear from this year’s RSA Conference in Singapore that mobility is one of the key battlefronts in the cybersecurity fight. According to RSA’s senior director of technology Kayvan Alikhani, one of the biggest steps forward has been the establishment of a hardware route of trust.

[credit provider=”Getty Images” url=”″]

“The availability of a hardware route of trust on a large population of devices, more secure enclaves, trusted execution environments, secure elements and TPMs [Trusted Platform Modules] – before that there was nowhere to anchor hardware route of trust,” Alikhani explained.

“If you wanted to run crypto operations or wanted to do something with users’ confidential information or credentials, you had to run it on the same sandbox environment the application was running.”

This new layer of execution makes it easier to run secure operations on devices. He says many companies such as Qualcomm, Intel and ARM have made this a reality for mobile devices.

“This is a big shift on where we were two or three years ago. In device we trust is the way I phrase this,” says Alikhani.

It means the device is no longer a dumb device that provides browsing capability. It provides the hardware route of trust for carrying out secure operations and can also be used as an authentication device.

Alikhani says this isn’t just theoretical with the likes of Google, Microsoft, Samsung, Qualcomm, ARM as well as payment providers such as MasterCard, PayPal and Discover releasing products that use this. Apple does this with TouchID where only a tokenised version of your authentication is exchanged with a service rather than your actual identity data.

Aside from hardware, Alikhani is also an advocate for creating a dashboard that lists all of the accounts and permissions you have created and given so it’s possible to understand where your data is so that the personal impact of a hack is understood and individuals can understand the value of their data.

The author of this article travelled to Singapore to attend the RSA Conference as a guest of RSA.