TBW ADVISORS LLC

Tag: Confidential Computing

  • Whisper Report: How can we enhance our cybersecurity measures to protect against emerging Cyber Physical threats? 

    Whisper Report: How can we enhance our cybersecurity measures to protect against emerging Cyber Physical threats? 

    Published to clients: May 20, 2025                                               ID: 2073

    Published to Readers: May 21, 2025

    Email Whispers: June 13, 2025  

    Video Edition: June 13, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    As cyber and physical security continue to merge, proactive, multi-layered strategies are essential to safeguard critical assets in interconnected environments. Secure data practices, including encryption for data in transit and at rest, during compute, and ensure compliance with high security standards. Architectural resilience is crucial, integrating cybersecurity from the outset rather than retrofitting outdated systems. Correlating physical and cyber events provides valuable context. Finaly, digitizing workflows streamlines response efficiency, minimizing the window of vulnerability during attacks.

    Target Audience Titles:

    • Chief Technology Officer, Chief Security Officer
    • Chief Information and Security Officer, VP of Cybersecurity
    • Director Cyber Physical Security, Security Analyst
    • Cybersecurity Engineer, Incident Response Analyst

    Key Takeaways

    • Data must be encrypted at rest, in transit, and during execution.
    • Cyber Physical security requires a securely designed architecture from the start.
    • Cyber and physical threats must be correlated.
    • Only a digitized workflow can respond with the required speed to cyber physical threats.

    Secure data

    As with all security, cyber physical security must also be concerned with, “ data security and encryption … that’s data in the device, data in transit, data in rest at the servers, and so all of those things we have the highest level standards and we also meet more advanced requirements, “ Bioconnect’s Edsel Shreve. The solution should be flexible enough to enable any data protection requirements that come into play. Edsel Shreve went on to further explain, “for example you need to do certificate rotation for things like TLS encryption So we can do those things not every customer wants them but those are the things that we’ve actually got in our system for the folks that have those higher level requirements so it really is the combination of how do we make sure that they’re cyber secure sitting on the network and then how do we make sure that they’re  physically and the data is secure on the on the readers and devices themselves.” In addition, TBW Advisors LLC recommends confidential computing architectures for protection and privacy during computations. For additional information see Industry Whispers: Public is Private – Confidential Computing in the Cloud.

    Secure Architecture

    Taking a 1968 mustang and updating it to 2025 safety standards would be quite the challenge and likely land up with an ugly beast that is neither safe nor resembling of a mustang. Cyber physical security is no different than safety. It must be thought of and integrated from the very beginning. As LVT’s Steve Lindsey explained, “it starts with architecture if we can rethink our architectures and we can start building for cyber security in mind.” The challenge of physical cyber security is that, “for the longest time in the physical security space we’ve been using on premise systems and as we’ve lifted and shifted those into the cloud ..  what complicates that is as we’re deploying these systems it’ not just cloud to end User, it’s Cloud to IoT (Internet of Things) device which is going through usually public cellular or satellite infrastructure itself and there’s other things that need to be done to address that” Steve Lindsey.


    Correlate Physical Cyber Events

    The real power of cyber physical security is the two areas working together to correlate events. Through correlation, context and a greater understanding is realized. An example shared by Advancis’ Paul Shanks demonstrates this best. “Someone loses their badge and falls out of their pocket and they’re logged into the network from home and their badge is used at the building. Those two  events by themselves are benign but we take that together and create a an alert for the operator to look into whether is it a Cyber attack or is it a physical attack.”

    Digitize Workflow

    As early as 2019 TBW Advisors LLC has been advising clients to automate security responses when possible for the simple fact you must. Ransomware attacks were already taking place within a 35-minute window. In 2025 the cyber physical attack vector also calls for automation or a digitized workflow at the very least. As Advancis’ Paul Shanks communicated, “we can take that and make that workflow digitized so that all they have to do is read click and go. Simple as that.”

    Related playlists

    1. Industry Whispers: Public is Private – Confidential Computing in the Cloud | TBW ADVISO RS
    2. Conference Whispers: Black Hat USA 2019
    3. Whisper Report: How can we enhance our cybersecurity measures to protect against emerging Cyber Physical threats? 
    4. Conference Whispers: ISC West 2025
    TBW Advisors LLC logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Industry Whispers: Public is Private – Confidential Computing in the Cloud

    Industry Whispers: Public is Private – Confidential Computing in the Cloud

    Join us for “Public is Private – Confidential Computing in the Cloud,” featuring Mike Bursell from the Confidential Computing Consortium and Manu Fontaine, founder of Hushmesh. This event will delve into the transformative potential of confidential computing for cloud environments. Aimed at CIOs, CTOs, enterprise architects, solution architects, and technical product managers, the discussion will cover how confidential computing enhances data security and privacy, even during processing. Learn about real-world applications, challenges, and future trends in this critical technology. Don’t miss this opportunity to gain insights from industry leaders and explore how to leverage confidential computing for your organization’s success.

    Research Code TBW2071

    Moderator: Dr. Doreen Galli, TBW Advisors

    Doreen Galli

    Chief of ResearchTBW Advisors LLC

    Dr. Doreen Galli is the Chief of Research at TBW Advisors LLC. She’s led significant and measurable changes as an executive at IBM, DPWN, Dell, ATT, and most recently Microsoft. Dr Galli was Chief Technology and Chief Privacy Officer in Azure’s MCIGET. Gartner recognized Dr. Galli as an expert in data ingestion, quality, governance, integration, management, and all forms and analytics including sensor data.

    Mike Bursell

    Executive DirectorConfidential Computing Consortium

    Mike Bursell is the Executive Director of the Confidential Computing Consortium, having been involved since its foundation in 2019, and Co- chair of the OpenSSF’s Global Cyber Policy working group. He is one of the co-founders of the open source Enarx project and was CEO and co- founder of the start-up Profian. He has previously served on the Governing Boards of the CCC and the Bytecode Alliance and currently holds advisory board roles with various start-ups. Previous companies include Red Hat, Intel and Citrix, with roles in security, virtualisation and networking. He regularly speaks at industry events in Europe, North America and APAC and has a YouTube channel dedicated to cybersecurity education. Professional interests include: Confidential Computing, Cyber Policy, the EU Cybersecurity Resilience Act (CRA), Linux, trust, open source software and community, security, decentralised and distributed systems, Web3, blockchain. Mike has an MA from the University of Cambridge and an MBA from the Open University, and is author of “Trust in Computer Systems and the Cloud”, published by Wiley. He holds over 100 patents and previously served on the Red Hat patent review committee.

    Speaker Profile

    Manu Fontaine

    CEOHushmesh Inc

    Manu Fontaine is the Founder and CEO of Hushmesh, a dual-use Public Benefit cybersecurity startup in the Washington DC area. The company believes that people need safe code and authentic data, just like they need clean water and stable electricity. To deliver this, Hushmesh leverages Confidential Computing to develop and operate “the Mesh”: a global information space, like the Web, but with universal zero trust and global information security built in. Secured by the Universal Name System (UNS) and the Universal Certificate Authority (UCA), the Mesh provides global assurance of provenance, integrity, authenticity, reputation, confidentiality, and privacy for all information within it, at internet scale. Hushmesh is a NATO DIANA Innovator startup.

    Dr. Roy Fune

    Cannot make it live? Register and submit your question. The answer will be in the video on TBW Advisors’ YouTube Channel.

    NO AI note takers allowed. Event copyrighted by TBW Advisors LLC.

  • Conference Whispers: Identiverse 2024

    Conference Whispers: Identiverse 2024

    Analyst: Dr. Doreen Galli

    Photographer: Dr. Doreen Galli

    ABSTRACT

    After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Identiverse was at Aria Hostel in Las Vegas from May 28-31. It is the premier event for identity professionals. It spans 4 days, 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. Attendees witnessed endless examples of identity and privacy solutions including many jokes about SAML (it is NOT dead), examples of passwordless as well as talks about the value of identity.

    Conference Vibe

    After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Registration for the four-day event kicked off after the long holiday weekend. The event featured 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. There was so much packed in it was impossible to catch all of the exhibits. They had sessions in the Joshua rooms as well as Marisopa rooms. Opening day was then capped by  a mighty keynote featuring John Whelan, President of the Cyber Risk Alliance and Andre Durand, CEO of Ping Identity and Founder of the Identiverse Conference. The event provided food for the attendees. We were able to capture breakfast Wednesday. The attendees did explicitly find me to let me know they were disappointed with the breakfast due to the lack of protein. I do understand the Microsoft Breakfast did feature sufficient protein.  Many attendees complimented the lunch which was served Wednesday as well as on Thursday. The exhibits* were open on Wednesday after the opening keynote. They were spread between two large rooms across from each other.

    Our entire playlist of video research at Identiverse is available at our YouTube Channel. Save the list to capture related shorts when they are released.

    Digital Identities

    As one might expect, Identiverse is all about identity. Much to my delight, an entire panel was presented on confidential computing. Confidential computing strength lies in multiparty computations among untrusted parties – something that occurs in the identity space quite often. The session immediately following was on digital identity where they pondered how one could achieve such an exchange – unfortunately those panelists did not attend the Confidential session. On the digital ID panel, it was exciting to see that California is live with a digital driver’s license. Many are still trying to get their real id into their wallet! Australian Bank was on stage for a keynote making the case for the Bank ID. Admittedly this talk created a bit of déjà vu to the days in the bid to become primary certificate authorities. There is no shortage of information to make the business case to adopt passwordless for your organization.

    More than Passwords

    Thursday morning’s keynote concluded with the Power of Passwordless sign-on. This session includes a number of guest speakers from the FIDO Alliance, Clarkson University, Bank of America and Amazon. The net result is that companies love it, their customers are more engaged, and the security posture is improved. Numerous examples of passwordless solutions were shown in the exhibits. AllAUthenticate shared their passwordless solution. Bringing blue collar workers who need to punch in and out into this century, Bio-Key displayed their product leveraging MFA Mellon RFID. If you would prefer your identity solution to eliminate any and all standing privileges, SGNL can get you there and help you stay in that security posture. Zluri is available to handle access control for all SaaS solutions. Aserto is an identity service that considers policy and relationship-based access control. If your service accounts are your pain point or you don’t even know how many you have of what – a start-up just out of stealth mode called Anetac may be someone you want to evaluate. If your organization’s problem is more about non-human identity issue, Natoma can assist in provisioning, deprovisioning and maintenance of non-human IDs. The word of the conference was service and non-human IDs is an area exploding with a reported over a dozen just announced at RSA.

    Google hosted an entire detailed workshop on Google Sign-On, Passkey and the use of FedFCM to deal with 3rd party cookies. It was exciting to see they are working to push privacy forward with browser.

    Identity in Practice

    An attention-grabbing keynote Thursday morning alerted to the Darkside of identity. Reminding all that identity is the most common entrance point for the uninvited. Another keynote reminded all attempting to forge a path in identity, that the most important thing is to just get going! Furthermore, pay attention to the point of no return. Identity and security are all about depth of defense, spend the effort when there is a big payout. Do not insist on 100% for each program as the last percentages take resources without improving security posture. It is far better to find a new program that will affect the remaining identities with the remaining resources.

    One often too difficult aspect of identity is customer onboarding. To that end, Strivacity specializes in the end user aspect of identity. If you challenge is too many identity services and you are having difficulty getting a complete picture, TenableOne provides a unified dashboard to see the entire threat attack surface. If your difficulty is all about connecting identity platforms to other sources and targets, Aquera Platform provides identity connector along with automation and governance in their solution. Saviynt provided a demonstration of their identity cloud with a visual display. RSA Shared their Unified Identity platform that is available on prem or in cloud for SAS saps as well as supporting SAML. Radiant Logic also provides an identity middleware heavily focusing on the data and metadata of identity. This point was also shared during John Pritchard of Radiant Logic’s keynote.

    There were options if one is seeking assistance with their identity solutions. AOH offers identity consulting spanning assessment, architecture, execution and maintenance. ProofID offers global managed identity services and are key partners with many of the top identity technology providers such as PING Identity.

    Cisco provided an in-depth workshop on defining and building an identity graph. It was very insightful, and the audience was glued to the screen. What caught our eye was the end when they said, “look at that picture – you know what that means. You know what that means you are supposed to do” Even in 2019 when I was at Gartner, augmented intelligence was present so hearing, “look at the picture” was surprising. More commonly is generative AI incorporated so it suggested actions based upon what is seen. Fortunately, Microsoft was there to bring it all back to 2024. There was an Microsoft Entra deep-dive by Nichole Peterson as well as a Microsoft Entra with Co-pilot demo that allowed attendees to zoom back to 2024.

    Next Year’s Conference

    Next year’s Identiverse is held June 3-6, 205. Furthermore, next year’s conference will be at Mandalay Bay.

     *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.                                

    ©2019-2024 TBW Advisors LLC. All rights reserved. TBW, Conference Whispers, Industry Whispers, Vendor Whispers, Technical Business Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and Fact-based Research and Advisory are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness, or adequacy of such information. TBW does not provide legal, or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.