CertainSafe, which has been offering security solutions since 2009, holds promise of becoming a leader in IoT (Internet of Things) security. Based on its micro-tokenization technology, the company has recently won U.S. military contracts that should mushroom its revenues over the next several years.
We recently spoke with CertainSafe CIO, David Schoenberger, a long-time acquaintance, about the recent award from DOD, the company’s strategy evolution and the developing IoT security market.
Background in Transaction Security
We’ve been familiar with the company since its early days as TransCertain. Originally its tokenization technology was directed primarily at the transaction processing industry. (Tokenization substitutes random data or symbols, a “non-sensitive equivalent,” for data that is being protected. Only the meaningless “token” gets transmitted, rather than any of the underlying information. It is different from encryption systems that use a key based on a mathematical formula. See, e.g., “Next Generation Tokenization for Compliance and Cloud Data Protection” U. Mattsson
The company still offers services to the transaction processing segment, stating: “CertainSafe is a certified Payment Card Industry Data Secure Standard (PCI DSS) service provider and we have broad experience across ACH and Credit Card processing applications.” In addition, it offers a secure storage vault service, its Digital Vault. This is available to enterprises and as a consumer product.
Big Strategy Move – IoT Security
However, Schoenberger states that it is their entrance into the IoT security market that is driving CertainSafe’s future development. He judges that the earlier areas dealing with payment processing, document security and “data at rest” have “largely accepted tokenization” and have become increasingly competitive.
The IoT, however, deals with data in motion, being communicated from one device, or machine, to another. Schoenberger emphasizes a number of features of their system. As the company states, “MicroTokenization enables thousands of tokens to be generated per second…Every token and data packet is encrypted…Tokens are configured to execute only on a specific pair of devices, and only tokens unique to the pair can execute a command…Obfuscation is practiced through sending false tokens…Tokens are instantly obsolete and expire after each command and new tokens are generated…”
Major Success with Military IoT
CertainSafe, (which also does business under the name of its parent, Secure Cloud Systems) was named as a sub-contractor on the TACOM TS3 (US Army Tank and Automotive Command Strategic Service Solutions) program. Schoenberger told us that their micro-tokenization technology will be used to communicate between load system supply vehicles and command centers in combat areas.
The palletized load system, according to manufacturer Oshkosh, “is built to carry ammunition and other critical supplies” in frontline combat environments. These are monster vehicles.
Schoenberger explains that the objective is to turn them into autonomous vehicles that can be used at the battlefront, reducing or eliminating risks to troops and drivers. The contract could ultimately involve 5,000 vehicles and a nine-figure revenue opportunity for the company, which currently has under 30 employees.
The company has announced another contract under the Air Force Network-Centric Solutions-2 (NETCENTS-2) program, which covers netcentric and IT products, services, and solutions.
Security & the IoT – Big Issues
Security has been a matter of exceptional concern for the IoT. The GSA/McKinsey study, which was probably the most thorough and objective study of the IoT, made a point with which we strongly agree: “The highly vertical character of the IoT (many small niches) requires a new approach on how to address the market.” The study pointed out issues in a number of verticals, with security/privacy ranking as the number one constraint in general. Security was considered an especially severe issue for the connected vehicle segment.
A single connected vehicle can be a part of a number of interconnected sub-networks. IoT appears to us to present unusual challenges because it demands not only standards for items such as security, but also interoperability.
CertainSafe’s Schoenberger explained that these concerns motivated the company to turn its attention to the IoT. He described the current state of IT security as a series of breaches and patches, and noted a talk he had attended by Vint Cerf that pointed out the risks of compromised devices spreading viruses and malware throughout broad systems.
An academic paper that we have previously cited, (Carnegie Mellon/Peking University paper) explained many of the overriding concerns about security in the IoT:
“Today’s IT security ecosystem, which relies on a combination of static perimeter network defenses (e.g., firewalls and intrusion detection/prevention systems), ubiquitous use of end-host based defenses (e.g, antivirus), and software patches from vendors (e.g., Patch Tuesday), is fundamentally ill-equipped to handle IoT deployments.”- “Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things”
Schoenberger also pointed out to us the risks arising from the ability of one infected device to communicate to others, causing an expanding infestation of corrupted devices that can spread throughout systems. Again, the academic paper reinforced this, pointing to “implicit or indirect cross-device dependencies” that can compromise IoT networks, beyond merely the sub-network that the specific devices are attached to.
Our Take
It appears to us that CertainSafe has an approach that addresses key issues in the IoT security area.
The CertainSafe approach requires that sensors be able to transmit tokens, so the question is how does the tokenization capability get into the sensors. Schoenberger explained that the company planned to work broadly with sensor chip makers to pre-load their technology into the devices. (In the case of the military loaders they are overlaying their tokenization technology on the existing communications bus of the vehicles, which is provided by the manufacturer, OshKosh.)
They will require a very substantial marketing and partnering effort and major increase in size of the company. Based on its early success with the military, it appears to us that CertainSafe (Secure Cloud Systems) is likely to be able to attract significant financing for this growth and will be an interesting company to watch in the IoT security space.
NOTE: The company also states: “For highly mission critical applications, like autonomous vehicles, we embed our MicroTokenization and MicroEncryption (MT&E) engine in chip firmware, and create unique, ultra-secure hardware pairs. For IoT networks with very large numbers of devices, we offer software-only solutions agnostic to communications protocols and networks that can scale to any size.”
Visit their website: www.certainsafe.com
Photo by Oshkosh Defense [CC0], via Wikimedia Commons