Tag Archives: cybersecurity

CAMSS: Security – Thomas Cope

And so you’re back from outer space, I just walked in to find you here at my Blog Post. Hmmm doesn’t really work does it? Anyway Hello, it’s me Tom.C back with another blog. Firstly congrats for reading this far. I’m sure you saw “CAMSS” and thought “What on earth is that?” Well CAMSS is IBM’s strategy. It stands for Cloud, Analytics, Mobile, Social and Security. In this post I am going to cover the Security aspect of the CAMSS agenda as it is a sector I currently work in and one I am trying to move more into.

So what is security? Now that’s a big question and some might say it includes confidentiality, integrity and availability. However, others would say authentication, authorization and audit or even “it’s to make sure my bank transfer gets to the other end safely”. They would all be right. Security is making sure the “data”, whether that be physical assets, banking information or personal files, are safe. It is an extremely problematic area where billions of pounds are invested.

So what does this mean for you? Well, if you’ve been reading the news recently all sorts of different attacks and data breaches are happening every day. At any point down the wire your data could be exposed, altered or stolen. Let’s take an example. You are at home on your banking app and you’ve just sent £100 pounds to your friend to pay them back for the steak dinner you had. What could go wrong? Well firstly you’re using a phone. Are you sure there’s no malware on it? Is it your phone or has someone cloned it after you took it in for repair? You are most likely using the WIFI but how do you know you are connected to your access point or an attackers with the same name? They could even be on your home network having cracked the password long ago because you didn’t change the default one, giving them opportunity to intercept traffic and divert money to their bank account. OK then, say the transfer got to the bank fine, how do you know they aren’t hidden away on a server? You may thank this a bit blown out of the water but all of the examples I have given have happened in real life and I’ve done one of them!!

So what do I do in the Security sector? It’s a massive area and I’ve only been exposed to a small portion of it. I work primarily on Identity and Access Management (I&AM) which grants or denies access to certain resources. That could be access to run a command on a Linux server or allowing someone to access the server room. I work with different IBM technologies to achieve this; TDS (LDAP), TAM, Webseal etc. I also work on Security Gateways such as IBM’s Datapower which act as customisable firewalls which follow business rules such as “You’re only allowed to transfer £1,000,000 in one transaction”. Finally I also work in Public Key Infrastructure (PKI) which is a system where Keys and Certificates are managed and created (which can get very complicated very quickly).

Why is it an emerging technology and why is IBM focusing on it? Security is huge and everyday thousands of attacks are taking place to gain access to critical data. Over the years attacks have gotten more and more complicated leading to sophisticated attacks and recently the “secure” software like SSL has proven to be not so secure after all, leading to a large need for good security measures.

In my opinion there is a big “Security explosion” on the horizon. That could be a virus, network attack, malicious APP or something completely new: a turning point where everyone sits down and completely rebuilds information security from the ground up.  Before security was an afterthought but next it will be the first thought that crosses your mind whether you’re a developer manager or consumer. No one wants their data stolen or manipulated so lets put a stop to it!

So I hope that explains IBM’s CAMSS Security in a Nutshell. It’s me Tom.C signing off till next time.