Gopi Sirineni serves as President & CEO of Axiado, a cybersecurity processor company securing end-to-end digital infrastructure.
getty
Cyberattacks have evolved to the point where they are among the greatest threats to personal, private and national security. This problem has its roots in profound decisions made about device architecture decades ago. It’s safe to say that when the earliest data servers were being introduced, no one could have imagined how rapidly societies would migrate to digital environments and cloud computing. Brick-and-mortar businesses have been supplemented by or even outright replaced by 24/7 online storefronts, and access to them has expanded from desktop PCs to mobile devices, driving convenience for customers, profit for businesses and efficiency for both.
The Struggle To Keep Up With Cyber Threats
Driven by the ever-increasing demand for bigger and better data centers, server designers and engineers focused on features and performance above all else, effectively treating security as an afterthought. This oversight created inherent security holes in the architecture that later needed to be addressed. Patching these holes with third-party software was often counted on as the most viable security solution, and it remains the go-to tool for many organizations. But professionals in the cybersecurity industry feel that software isn’t the answer, as solving its shortcomings appears insurmountable.
The cybersecurity industry has spent billions of dollars seeking dependable tools to lock out criminals. Whether it’s security companies, chip manufacturers, in-house cybersecurity units or government agencies, experts have failed to consistently address cybercrime. The evidence is undeniable: thousands of data breaches each day, billions of dollars lost every year, more-frightening ransomware attacks with greater frequency and deepening threats as bad actors increasingly ramp up cybercrime into the realm of cyberwarfare.
For years, cybersecurity has deployed software patches and hardware fixes that have turned out to be far from adequate. In many ways, these band-aid solutions have driven the industry to search more intensely for an ironclad option.
Chain-Of-Trust Solutions Enter The Market
Research and development efforts resulted in the creation of a promising protocol called chain of trust. Anchored by a concept named the root of trust (RoT), the chain of trust is a series of links between components in a system, in which the latest link to run checks the validity of the one prior before proceeding with its function. It is similar to blockchain in that it relies on encryption to authenticate data and verify authorized users, leaving a trace of searchable actions. In addition, chain of trust heavily relies on hardware cryptographic keys to prevent corrupted components like malware from running.
Newer platforms advanced to authenticate the RoT itself, enacting a smart policy of zero-trust security. This bottoms-up redesign of the security architecture has provided the strongest security for networks yet, but it hasn’t proven clever enough to thwart hackers. Nefarious entities, often funded by wealthy crime syndicates, probed for vulnerabilities, believing that if they could break the RoT, they could compromise the entire chain of trust and steal more data. (See Cyber Security in a Volatile World for an overview of the impact of cybercrime.)
Alas, some RoT implementations proved to be vulnerable. Encrypted keys were stolen, either through direct means—such as theft of access credentials—or indirect means like differential power analysis attacks. Voltage glitch attacks could bypass the RoT and falsify the advanced firmware, leading to corruption of the network that could go far beyond a single device. Business leaders would be wise to ensure that their infosec teams are aware of such vulnerabilities—that not all zero-trust solutions are created equal—and consider this when auditing their existing and future security infrastructures.
Over time, it also became apparent that the RoT had practical limitations. Its performance was constrained by slower legacy interfaces, which delayed boot time and cost money. Another hurdle was the lack of a single, overarching platform. RoT solutions varied from one vendor to another, and data centers procured hardware from multiple vendors. This complicated environment created new issues of incompatibility and inefficient integration.
As use of the chain of trust grew, multiple resources were allocated across distant servers and a variety of processing units. This created a large and distributed attack surface that hackers sought to infiltrate. Such distributed computing added layers of complexity to managing maintenance and security resources.
Next-Generation Security Arrives With AI
As the thought leaders were searching for a failsafe cybersecurity standard, they began to realize that a hard shift away from software and toward a hardware solution was critical, and applications of artificial intelligence (AI) gained momentum.
As noted by IEEE Computer Society, security solutions that employ both hardware and AI improve threat detection, vulnerability management, network security and data center monitoring. The goal is to achieve the protection of end-to-end digital infrastructure with AI-assisted preemptive threat mitigation and to advance RoT technology to the point where there is immunity to power glitch attacks and physical tampering.
At the same time, however, cybercriminals are using AI to improve their chances of infiltrating protected systems, working to increase the resistance of malware against AI-based security tools. Challenges remain for AI-rich hardware solutions, but manufacturers are working diligently to address this demand. Innovations that promise to stop cyberhackers before they can attack are starting to enter the market, and a new breed of security processors is predicted to safeguard servers and networks through preemptive threat detection, robust RoT protection and always-on monitoring, operating in secure isolation from the main CPUs and other processors.
For an industry that has sought for years to achieve the highest level of trust, AI may have delivered the most promising achievement yet. And it’s doing so as the world adapts to 5G, the next-generation cellular wireless network that will drive more connectivity and necessitate greater security. We’re already seeing the advantages of AI for business leaders in the areas of customer relationship management, internet and data research, and digital personal assistants, just to name a few. These advantages in efficiency and performance are translating to improvements in cybersecurity measures that will make businesses in our digital age more secure than ever.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
