Secure the Internet of Things
The IoT relies on crypto for its security. Everything from sensors that capture personal data, driverless vehicles and critical national infrastructure all have the need to authenticate, validate commands and protect data. IoT devices need random numbers but are often poorly equipped to generate them. IoT devices and embedded systems often have limited processing power and few sources of true entropy. IoT devices critically need a supply of truly random seeds and should reseed and rekey to stay secure over their long operational lifetimes. Whitewood netRandom addresses this need by supplying true random seeds to devices as a background network service hosted by the system operator. Whitewood has partnered with leaders in the field of embedded crypto toolkits and supply chain security to accelerate and simplify the development and security certification of IoT devices and embedded systems.
Differentiate Security Products
For many product and SaaS vendors security is an afterthought, a price of doing business. For others it is a differentiator that shows leadership and a security certification that can open up markets. Almost all IT products incorporate encryption and increasingly digital signing and strong authentication. Many products handle such huge volumes of traffic that a breach would be catastrophic to the end user and the vendor’s brand. Random number generation is now in the spotlight. The arrival of new standards such as NIST SP800-90B for true entropy sources and random number generation is expected to be rapidly incorporated into existing certification schemes such as FIPS 140 and Common Criteria. Whitewood netRandom helps product vendors by enabling a high quality entropy capability scheme to be embedded within product portfolios and used as prominent messaging in marketing campaigns.
Enhance Hosted Services
Providers of hosting, colocation and cloud services are constantly looking to enhance their services portfolio. Security capabilities not only add value and drive revenue but also reduce the barriers that all too often prevent sensitive applications from migrating from the corporate data center to external service environments. The delivery of high quality entropy and true random numbers to tenant applications presents an opportunity for service innovation and enhanced customer relationships and trust. By deploying a netRandom Server within the service provider’s data center it is easy to deliver true random numbers on-demand to tenants as a premium networked service. Tenants would simply download the netRandom Client from the service provider’s ‘market place’ or service portal to access this new service utility to take advantage of networked entropy without changing a single application.
Complement Enterprise Key Management
Organizations handle regulated data and valuable intellectual property. They are subject to data protection mandates such as PCI DSS and HIPAA and data breach disclosure obligations. They adopt encryption for data in motion and data at rest along with public key infrastructure (PKI). Key management rapidly becomes an operational and security challenge. Tools such as hardware security modules (HSMs) and dedicated key and certificate managers have an important role but can only address a subset of the overall crypto landscape. Random number generation is a universal issue and requires a broader approach spanning corporate data centers, external services, mobile and embedded devices. netRandom by Whitewood brings a complementary capability to enterprise key management initiatives by providing a baseline security for all cryptosystems, especially those that don’t justify or can’t use a HSM.