Preventing Automation Woes

Businesses may incorrectly think that consumer products are good enough. If it works at home, then why not the office as well? There is a reason such products are targeted at consumers: standards-wise, they are simply not up to the task in an enterprise setting, and this is non-more so evident than it terms of security; consumer products simply cannot compare to enterprise-grade devices. They are just not designed to offer the same level of defense as enterprise-grade equipment and software.

Knowing Your Supplier

When investing in both commercial and enterprise-grade devices, knowing the source of the hardware is important as well. Design, component manufacturing and product assembly often take place in a variety of locations, so determining the history of a device can be difficult.

Consider, for example, when in 2015 Amazon was considering acquiring a company called Elemental Technologies. Elemental Technologies produced software for compressing video files and formatting them for different devices. The proposed acquisition would have fit in with Amazon’s government contracts, including the highly secure cloud infrastructure that Amazon Web Services (AWS) was building for the CIA.

As part of its due diligence, Amazon hired a third-party company to examine Elemental’s computer servers for potential security issues. During the process, examiners found a tiny microchip on the servers that they determined allowed attackers to access any network that included the machines. According to a Bloomberg report on the investigation, the microchips had been inserted at factories run by manufacturing subcontractors in China.

The takeaway: Security is not just a matter of individuals or small groups with the focus of extortion. Espionage is now often sanctioned by hostile foreign governments.