How Deutsche Telekom protects customer data

Transcription

1 KEEPING THE CLOUD OF THINGS Secure How Deutsche Telekom protects customer data

2 CotetS Maximum security with the Cloud of Thigs A secure start CONTENTS 1. THE CLOUD OF THINGS IT All starts with access 1. Providig secure access TO THE INTERNET OF THINGS M2M, IoT, the Cloud ad security The Cloud of Thigs security takes top priority SECURITY AND DATA PRIVACy AT DEUTSCHE TELEKOM Secure processes usig the PSA method Security ad data privacy cocept Secure data ceters SECURITY IN THE CLOUD OF THINGS IT systems Security o the Iteret Additioal measures for icreased security TIPS FOR WORKING SECURELY on THE INTErNET OF THINGS Priciples ad guidelies Device security Ehacig your ow skills Summary Glossary...15 Cotact / publishig iformatio M2M, IOT, THE CLOUD AND SECURITY The Iteret of Thigs opes up a wealth of opportuities for compaies ad helps them to prepare for the future: Prevetive maiteace saves staffig costs ad prevets expesive machiery dowtime; automatio of processes speeds up mechaical workflows ad reduces the umber of errors; ad sesor data ca be used to develop ew busiess models. With the Cloud of Thigs, Deutsche Telekom offers the perfect maagemet platform for customers to etwork ad moitor machies ad devices, locate vehicles, or track the route ad status of cotaiers o scree. Sesor data is read i from the gateway, trasmitted to the cloud platform i ecrypted form, where it is processed ad visualized. The customer desigates which device will access their data. 1.2 THE CLOUD OF THINGS SECURITY TAKES TOP PRIORITY Despite these precautios, may compaies have cocers about whether their data is safe i the cloud. Sesitive compay data ad busiess secrets have to be protected from uauthorized access; the protectio of customer data has to be guarateed. These are requiremets that Deutsche Telekom takes very seriously, which is why security takes top priority whe it comes to the Cloud of Thigs. Security is esured by meas of a extesive list of measures: All data is stored o servers i high-security data ceters i Germay ad is subject to Germay s strict data protectio laws. Ecryptio is used to esure a secure trasport of data from the sesors. The etwork ifrastructure, iterfaces ad IT systems through which the data travels uses stadardized procedures ad protectio cocepts to esure data privacy ad security. Device Maagemet The Device Maagemet aspect of the Cloud of Thigs provides a overview of all coected devices, their curret operatig status ad the flow of data. This meas that o updates are forgotte ad security loopholes are avoided. Device maagemet also helps with the detectio of aomalies or attacks (itrusio detectio), ad automatically iforms the admiistrator i the evet of security breaches. Remote maiteace of devices from the Cloud of Thigs The Cloud of Thigs makes it possible for IoT devices to be maitaied remotely, therefore keepig all compoets icludig firmware ad operatig systems up to date. This also elimiates potetial security risks, which could arise as ew methods of attack are developed. I additio, remote maiteace allows the user to update hard-to-reach machies ad protect them agaist possible dagers without great iput i terms of labor, time or fuds. 2 3

3 Maximum security with the Cloud of Thigs SECURITY AND DATA PRIVACY Maximum security with the Cloud of Thigs SECURITY AND DATA PRIVACY 2. SECURITY AND DATA PRIVACY AT DEUTSCHE TELEKOM Two departmets of Deutsche Telekom are dedicated solely to customer security: Group IT Security (SEC) ad Group Privacy (GPR). SEC is resposible for techical security: It sets a appropriate security level ad implemets it usig suitable measures. GPR determies the Group s strategic aligmet i terms of data privacy ad defies the requiremets from a legal, techical ad orgaizatioal perspective. It also represets the Group i all data privacy matters, both iterally ad exterally. Deutsche Telekom s data privacy maagemet is certified i accordace with IDW PS CATEGORIZATION 2. IDENTIFICATION OF RELEVANT REQUIREMENTS 2.1 SECURE PROCESSES USING THE PSA METHOD The Germa Federal Office for Iformatio Security (BSI) has developed a list of measures that compaies ca use to esure the security of applicatios, etworks, IT systems ad ifrastructures. Based o this ad o the requiremets of the Europea regulatory authorities regardig risk maagemet for data privacy withi compaies Deutsche Telekom has established a stadard process for all of its products: The Privacy ad Security Assessmet ( PSA for short). The PSA method esures the itegratio of security ad data privacy ito product ad system developmet, ad is applied upo each release of the Cloud of Thigs. This stadardized Deutsche Telekom procedure icludes cosultig, testig ad documetatio, as well as risk assessmet ad approval. A project s relevace i terms of data privacy ad security is determied at the start of the process by meas of a questioaire. The categorizatio (A, B, C) is based o characteristics such as processig of particularly sesitive data, the complexity of the platforms ad systems, or strategic ad fiacial sigificace. The extet of cosultig ad support provided by Data Privacy ad Data Security icreases with the criticality ad complexity of a project. The Cloud of Thigs has bee categorized as A, ad therefore must meet the highest requiremets. 3. IMPLEMENTATION OF REQUIREMENTS 4. TESTING Ad DOCUMENTATION 5. AUTOMATIC RISK ASSESSMENT APPROVAL data privacy security A overview of the PSA procedure Our customers, shareholders, regulatory authorities ad the geeral public rightly expect that we hadle the data etrusted to us by our busiess parters, customers ad employees with the appropriate care. We make every effort ot just to satisfy these expectatios, but to ispire yet more trust i our depedability. Data protectio ad iformatio security are for us more tha just a resposibility; we cosider them a cocer of particular importace to us. You ca deped o that. Dr. Claus-Dieter Ulmer, Global Data Privacy Officer at Deutsche Telekom As part of ISO certificatio of Deutsche Telekom s cetralized security maagemet, the PSA procedure was preseted as oe of the service processes provided by Group IT Security. The procedure was rated positively i the certificatio process as a useful, sesible way of prioritizig the processig of developmet projects from a data privacy ad security perspective. Peter Rothfeld ad Igo Vase, exteral auditors from DQS GmbH, Deutsche Gesellschaft zur Zertifizierug vo Maagemetsysteme 4 5

4 Maximum security with the Cloud of Thigs SECURITY AND DATA PRIVACY Maximum security with the Cloud of Thigs SECURITY AND DATA PRIVACY 2.2 STANDARDIZED SECURITY AND DATA PRIVACY CONCEPT The PSA procedure ivolves a stadardized security ad data privacy cocept (SDSK) comprisig six modules: System descriptio Data privacy iformatio Authorizatio cocept Lists of requiremets Pla of measures System categorizatio 2.3 SECURE DATA CENTERS Access to the physical ifrastructure of a data ceter or eve the hardware would provide a attacker with a good startig poit for committig data espioage or maipulatig services. A attacker could, for example, export ad copy data via iput /output iterfaces or USB ports, import malicious codes, or discoect services. As such, safeguardig the ifrastructure is a importat aspect of basic IT protectio. This also icludes protectio agaist uforesee evets, which could lead to loss of services. Extesive buildig protectio Data ceters hostig the Cloud of Thigs are fully shielded ad top security measures protect data from uauthorized access. The grouds, buildigs ad rooms are protected agaist uauthorized etry ad break-i, ad ca oly be accessed by authorized persoel. Access is moitored ad, depedig o the security level, the persos that have access to certai rooms at certai times are stored. Protectio agaist fire ad lightig strike, as well as water ad high voltage damage, also form part of the extesive ifrastructure protectio. I additio, the power supply is fail-safe ad protected agaist fluctuatios i voltage, over-voltage ad uder-voltage. Cloud data ceters ad product developmet processes are certified i accordace with the iteratioal ISO / IEC stadard. This certificate, which is reviewed i regular itervals, attests that the compay meets the security stadards i terms of security guidelies, security requiremets ad risks. The Zero Outage priciple Deutsche Telekom s Zero Outage program was established i 2011 ad is certified by TÜV Rheilad. Eve a hour of dowtime i IT systems ca be critical to busiess operatios ad ca cost a six to seve-figure sum ot to metio the damage to the compay s reputatio. With twicore data ceters, the latest techologies ad traied staff, Deutsche Telekom esures maximum IT availability up to 99 percet, as well as rapid, competet ad efficiet troubleshootig i the evet of a outage. High-security servers i the data ceter Hoeypots I parallel with this, Deutsche Telekom has istalled what are kow as hoeypots as a core compoet of its early warig system. These are isolated server systems which are accessible from the Iteret but which are ot coected to Deutsche Telekom s real systems. The hoeypot systems are self-teachig: They record ukow attacks ad aalyze them. Deutsche Telekom s experts use these aalyses to prevet harmful attacks to the compay s real systems, ad to iform customers whose computers may have become part of a botet. The method has prove to be a success: The hoeypots have so far ot ucovered ay vulerabilities i Deutsche Telekom s systems from the Iteret. Deutsche Telekom is way above the geeral stadard with this cosolidated documetatio of data privacy ad security aspects ad the techical /orgaizatioal measures implemeted. Based o our log-stadig experiece i auditig ad certificatio, the SDSK is a extremely positive developmet. Moika Wojtowicz, Project Maager i Data Privacy Certificatio for Cloud Services at TÜV Iformatiostechik GmbH 6 7

5 Maximum security with the Cloud of Thigs Security i the Cloud of Thigs Maximum security with the Cloud of Thigs Security i the Cloud of Thigs 3. SECURITY IN THE CLOUD OF THINGS I additio to the Group-wide security strategies i place at Deutsche Telekom, there are special measures take to protect the IoT platform Cloud of Thigs agaist potetial risks. 3.1 IT SYSTEMS The kerels ad software compoets used i Deutsche Telekom s IT systems are subject to the highest requiremets i terms of the maiteace of software versios ad protectio agaist viruses ad malware. They ca oly be admiistered from the iteral etwork ad via virtual private etworkig (VPN), ad are ot accessible from the Iteret. All data is stored i ecrypted form. Costat maiteace ad moitorig All compoets, such as operatig systems, databases ad applicatio servers, are actively maaged ad subject to costat moitorig. Admiistratio rights for the IT systems are awarded o a idividual basis. Overload protectio The IT systems for the Cloud of Thigs are protected agaist overload: The platform is protected agaist attempts to block services or kock the system off balace by floodig it with requests (DDoS attacks). Approval of IT systems Before every release, idepedet experts check the IT systems to esure that the latest software versios ad patches have bee istalled. As part of this ispectio, they use peetratio tests to simulate attacks, usig a potetial hacker s procedure to attempt to get ito the systems. Secure trasfer to the Cloud of Thigs Gateway devices Mobile etwork Device maagemet User portal 3.2 SECURITY ON THE INTERNET A potetial target for cyber attacks are the etwork coectios betwee the customer s browser ad the Cloud of Thigs, as well as the radio lik betwee the devices ad the server platform. The ifiltratio of a radio or etwork lik could the be the startig poit for further espioage or attempts at sabotage: If a attacker has already ucovered usage ad positio data, recorded webcam videos or maipulated a smart home, their sabotage ca destroy etire product families or a product or provider s image or they ca blackmail maufacturers. Deutsche Telekom has a extesive list of measures to prevet this. TLS autheticatio prior to each commuicatio Usig a recogized ad stadardized autheticatio mechaism esures that o third parties are able to itervee i the commuicatio betwee a IoT device or a customer s browser ad the Cloud of Thigs. Prior to ay commuicatio via a etwork, the Cloud of Thigs proves its idetity by meas of a certificate. Certificates esure that the commuicatio parter is who they say they are a source that is uable to provide a accepted certificate will ever be trusted. This meas that the autheticity of the platform is evideced i the evet of chages to the firmware or other exchage of data with the device. The Cloud of Thigs uses the Trasport Layer Security (TLS) protocol. I TLS, the commuicatio parters check their autheticity by meas of certificates ad set up a ecrypted coectio. Data ca the be shared securely: The coectio is protected agaist attacks where the attacker assumes a fake idetity, iterveig betwee the seder ad recipiet ad tappig ito the data exchage (kow as ma i the middle attacks). Ecryptio with AES All data commuicatio with the Cloud of Thigs is ecrypted. This applies ot oly to access via the cockpit, but also to all commuicatio betwee the IoT devices ad the platform, i both directios. To this ed, the Cloud of Thigs supports the secure Advaced Ecryptio Stadard (AES) algorithm. This algorithm has bee declared stadard by the America Natioal Istitute of Stadards ad Techology (NIST). It is cosidered so secure that i the USA it is eve authorized for use o official, top-secret documets. For customers whose devices do ot support AES or whose security ratigs do ot require this, the Cloud of Thigs supports further ecryptio methods such as 3DES or Camellia. Strog ecryptio esures that o oe ca decrypt compay or customer data if they obtai it by chace, illegally or through espioage, prevetig them from usig it for their ow beefit, sellig it or publishig it elsewhere. Makig chages to data spoofig is also ot possible: For example, a attacker caot overwrite positio data or virtually chage the positio of a truck, maipulate sesor data from a refrigerated cotaier, or reproduce the sigal from a garage door i a smart home (which would make it possible to ope the door at ay time). Network separatio The core of the Cloud of Thigs is divided up ito several sub-sectios with differet fuctios. The idividual modules of these sub-sectios work i their ow cells, which, i tur, use idepedet etwork cofiguratios with their ow address zoes. These virtual etworks (VLANs) are isolated from oe aother i such a way that eve if a hacker breaks ito oe VLAN, they will be uable to access aother VLAN ad expad the attack to other cells. Firewalls The Cloud of Thigs uses a multi-stage firewall cocept to protect agaist access to the platform from isecure etworks. All icomig requests must pass through the firewall: This applies to access from the website as well as to requests from IoT devices via the software iterfaces of the Cloud of Thigs. Deutsche Telekom s security experts check the firewalls regularly usig peetratio tests: This ucovers ad resolves vulerabilities ad esures that hackers have o chace of breakig through the firewalls. 8 9

6 Maximum security with the Cloud of Thigs Security i the Cloud of Thigs Maximum security with the Cloud of Thigs Security i the Cloud of Thigs 3.3 ADDITIONAL MEASURES FOR INCREASED SECURITY The iterfaces i the Cloud of Thigs represet aother target for attack. They are required for device maagemet ad data retetio, ad are also used to pass o alerts. Because they are accessible via the Iteret, Deutsche Telekom has developed special cocepts to protect them. Multi-teacy The Cloud of Thigs has a multi-teat structure: O the platform, differet customers (teats) have separate user areas ad do ot share admiistrator, data or address areas with other customers. It is ot possible to view aother teat s customer data, user data or payload. For example, a logistics compay will ot have access to a competitor s customer or truck positioig data. Separatio of user data ad payload A secod separatig mechaism protects agaist espioage ad maipulatio of data: Withi each teat, customer ad user data is maaged ad stored separately from payload. This meas, for example, that i the Cloud of Thigs it is ot possible to secretly sed a database commad whe trasmittig a GPS positio (= payload), which would make it possible to obtai a customer s ame (= customer data) ad use it for other purposes. Authorizatio cocept Customers ca defie ad authorize differet user roles, such as admiistrator, stadard user or busiess user, which are associated with differet authorizatios ad privileges. This meas that users ca oly view cotet for which they have bee assiged rights i the user roles. The authorizatio cocept defies who ca geerate, read, edit ad delete data. Privileged rights are oly assiged to roles, groups or people that are primarily etrusted with admiistratio. No built-i back doors The Cloud of Thigs has properly defied ad secured iterfaces through the cockpit for maual users ad through the software iterfaces for devices. I additio, the Cloud of Thigs does ot feature ay additioal ports or other built-i back doors, either for customers with their ow iterfaces or, for Deutsche Telekom, for maiteace ad admiistratio purposes. All requests have to be hadled via the stadard ports, ad therefore through the same firewalls ad security mechaisms. Eve requests regardig admiistratio ad maiteace are ot hadled via dedicated iterfaces that could be exploited by a attacker. Approval by security experts before each releasee I the evet of ew developmets or chages, experts from Deutsche Telekom check whether the project meets all requiremets i terms of techical security ad data privacy. Approval by the security experts, who are orgaizatioally ad procedurally separated from the project ad developmet teams, is madatory before ay release of the Cloud of Thigs release without their approval is ot possible. Certificatio process for IoT devices The experts at Deutsche Telekom check ad certify all IoT devices that busiess parters may use with the Cloud of Thigs. This esures that these devices meet the requiremets i terms of techical security ad data privacy. Customers that itegrate their ow devices ad suppliers ca request the relevat test criteria, or commissio Deutsche Telekom to provide advice ad carry out tests. Staff i the data ceter 10 11

7 Maximum security with the Cloud of Thigs Workig Securely Maximum security with the Cloud of Thigs Workig Securely 4. TIPS FOR WORKING SECURELY IN THE INTErNET OF THINGS Deutsche Telekom has a extesive list of measures to esure the greatest possible security withi the Cloud of Thigs. However, eve the securest platform is useless if the customer s IT eviromet is ot sufficietly protected. This checklist should help you to avoid typical mistakes whe it comes to security. 4.1 Priciples ad guidelies Formal processes ad guidelies are a importat compoet: It helps to have a pla! Coduct risk aalyses: Idetify security risks, assess possible damage scearios, take prevetive measures Defie requiremets: Draw up requiremets ad checklists, defie referece values ad test criteria Test for security: Simulate targeted attacks usig your ow security staff, coduct peetratio tests, draw up a list of tests, geerate case studies, fid testers, defie a schedule for tests ad audits, utilize test automatio Defie acceptace strategies: Defie gates ad schedules, appoit auditors, documet results Develop emergecy plas: Set out procedures for emergecies, provide for switch-off / shut-dow of modules ad systems, esure operatioal cotiuity, create safety reserves, set out rules for commuicatio ad press relatios 4.2 Device security Security measures must also be take for the software ad data o coected devices outside of the Cloud of Thigs for example, o a computer used to access a web portal to esure that they are ot used as a gateway for attacks. Deutsche Telekom recommeds the followig measures: Load updates: Close security loopholes i the operatig system, update firmware, facilitate certificate updates Chage passwords: Replace all stadard passwords with your ow passwords, use strog passwords, search for compoets istalled i the backgroud Stregthe authorizatio: Check authorizatio o the server (ot o the cliet), facilitate password chages, eable chages to access details for other systems, provide for deletio of access data, use LDAP or comparable stadard authorizatio backeds Use stadard PKI: Implemet stadardized Public Key Ifrastructure (PKI) with certificate checks before ay data commuicatio, use TLS (where the cliet checks the server s certificate) or IPsec (both sides mutually check their certificates), use device-specific certificates, avoid sharig or joit use of certificates with other coected devices Protect agaist malware: Use ati-virus protectio ad keep it up to date Ecrypt memories: Ecrypt all local data carriers Protect agaist overload: Reject uauthorized data trasfer at the poit of etry, idetify ad react to overload situatios caused by a flood of requests (DDoS), shut dow systems i a cotrolled maer before ustable or upredictable behavior arises Provide rules for takig devices ad services out of use: Put devices ad services out of use i the evet of loss / theft / sale / at the ed of the product s life, block access details, disable access, cacel certificates ad liceses, uistall software, delete memories, update etries i whitelists, shut devices ad services dow, remove hardware, esure proper disposal 4.3 Ehacig your ow skills It is recommeded that you ot oly ivest i techology ad security cocepts, but to also costatly expad your ow skills ad observe treds ad ecessary adjustmets. Deutsche Telekom will be happy to help. Briefig: Brief employees, highlight dagers, defie resposibilities, preset techiques, provide materials Traiig: Provide traiig budget ad traiig i cocepts ad techiques, procure advice ad expertise, promote trasfer of kowledge Certificatio: Have exteral checks coducted ad processes certified, certify employees 12 13

8 Maximum security with the Cloud of Thigs Summary Maximum security with the Cloud of Thigs Glossary 5. SUMMARY GlossarY Without the Iteret of Thigs there is o Idustry 4.0 ad without security there is o Iteret of Thigs. O the oe had, compaies wat to take advatage of the beefits of a cloud-based IoT platform i order to future-proof their busiess models. O the other had, they wat to be absolutely certai that compay, customer ad sesor data will ot get ito the wrog hads. SECURITY AND DATA PRIVACY AT DEUTSCHE TELEKOM With this i mid, Deutsche Telekom has give top priority to the security of its IoT platform Cloud of Thigs. Throughout the Group, the Privacy ad Security Assessmet esures the itegratio of data privacy ad data security ito system ad product developmet. Data ceters, from which the Cloud of Thigs is provided, are subject to the highest security stadards: The high security data ceters hostig the Cloud of Thigs are also armed agaist cyber attacks with a early warig system. The ifrastructure beefits from extesive buildig protectio ad is safeguarded agaist uauthorized access, as well as agaist uforesee evets such as fire, floodig or power failure. SECURITY CONCEPT FOR THE CLOUD OF THINGS A special list of measures provides the Cloud of Thigs with additioal protectio. The operatig system ad software are immuized agaist viruses ad malware. The systems are ot coected to the Iteret without protectio, ad all data is ed-to-ed ecrypted. Bidirectioal autheticatio precedes ay etwork commuicatio. IT systems are protected agaist DDoS attacks; databases ad servers are actively maaged. I additio, the platform is protected agaist uauthorized access by meas of a multi-stage firewall. The idividual modules i the Cloud of Thigs work etirely idepedetly of oe aother. This meas that attacks o oe module caot affect other modules. Similarly, customer accouts are maaged separately: Users are ot able to access aother user s area. Customer data, user data ad payload is also stored idepedetly. Users caot be idetified by their payload; data privacy is always guarateed. With this comprehesive security package, Deutsche Telekom is pavig the way for compay applicatios i the Iteret of Thigs. 3DES Triple Data Ecryptio Stadard: Precursor of AES AES Advaced Ecryptio Stadard: Ecryptio method with a extremely high level of security BSI Germa Federal Office for Iformatio Security Camellia: A symmetrical block ecryptio method with similar parameters to AES, but with a differet ecryptio algorithm DDoS Distributed Deial of Service: Uavailability of a service as a result of overload caused by a targeted attack o a server or aother etwork compoet ru by a large umber of third-party systems Firewall: A security gateway, comprisig software ad hardware, used to securely lik up IP etworks IDS Itrusio Detectio System: System for detectig attacks o a computer system or etwork M2M machie-to-machie commuicatio: Automated exchage of data betwee machies, devices, dispesers, vehicles ad other termials or with a cetral cotrol ceter via the Iteret, cellular etworks ad other access etworks Ma-i-the-middle attacks: Itervetio i commuicatio betwee two parters by a attacker Multi-teacy: A computer system s ability to maage differet teats with idepedet data maagemet, cofiguratio ad presetatio Peetratio test: Simulated attempt to access your ow IT system by usig a method that might be used by a potetial attacker PKI Public Key Ifrastructure: A system for issuig, distributig ad checkig digital certificates for the purpose of autheticatio usig a pair of public ad private cryptography keys PSA Privacy ad Security Assessmet: Deutsche Telekom s stadard process for esurig security ad data privacy i all of its products Teat: A group of computer system users that are isolated i terms of their data ad have their ow access authorizatios TLS Trasport Layer Security: Ecryptio protocol for data trasmissio, advacemet of Secure Socket Layer (SSL) VPN Virtual Private Network: A closed commuicatio etwork that uses a differet commuicatio etwork as a medium of trasport, for example i the form of a VNP tuel through the public Iteret 14 15

9 CONTACT Phoe: Website: m2m.telekom.com Imprit Deutsche Telekom AG Ladgrabeweg Bo, Germay