Thursday, July 29, 2010

Wireless Technology Risks and Enterprise Security interview S. Garrett

Introduction

I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.

Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.

Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.

Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.

SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.

The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.
Analysis

Q: What do you feel is single greatest threat to enterprise mobility systems today?

Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.

Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.

The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.

That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.

It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.

Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?

Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.

Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?

I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.

The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.

We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).

We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.

Q: How is SecurVoice© unique when compared with other commercial solutions?

SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.

Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?

We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.

We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.

Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?

Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.

Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?

The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.

In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.

Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.

Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?

SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.

Q: Anything else you would like to add.

SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.

I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.

In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.

Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!

Conclusion

The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!