October 2015 | SafeLogic

Archive for October, 2015

21 Oct 2015

Worse than Frenemies

You’ve heard the term ‘frenemies’ before, right?  You most likely have if you’ve got kids past middle school, unfortunately.  It’s the mash-up of ‘friend’ and ‘enemy’ with the distinction defined in the helpful illustration below.

FrenemiesEnemies

Today’s blog post is a public service announcement – Beware of frenemies.  Many of us forget about this life lesson once we are adults and it can really sting.  Frenemies come in several flavors in the business world, but many are friend/competitors.  Maybe these should be called ‘frempetitors’.

Our prime example is Samsung and Apple.  They have been engaged in litigation since 2011, and yet Tim Cook’s braintrust thought it was a good idea to contract with Samsung to produce A9 processors for the iPhone 6S.  Samsung was even accused of engaging in corporate espionage to displace TSMC, who had been slated for the full order.  Even the most forgiving folks would have to be a little suspicious, right?

Now the kicker – Samsung’s version of the A9 chip has been benchmarked for worse heat dissipation and shorter battery life than the alternative version by TSMC.  Was this malicious?  Was Samsung actively trying to undermine the reputation of Apple’s new flagship phone?  Popular Apple-centric blog ‘Cult of Mac’ says maybe they are.  The fact that the two corporate giants have been locked in mortal combat in both the courtroom and for market share automatically throws a shadow on the developing situation.  Despite Apple’s public claims that the variance is only 2-3% and it won’t affect typical use, Samsung doesn’t get the benefit of the doubt, since they are the very definition of ‘frempetitors’.  I’d love to hear the internal discussions in Cupertino on the topic.

So why do you care?  Well, we’ve had a spike lately in inquiries from companies in a specific industry that have been using an encryption product from their frempetitor.  Yes, they licensed a crypto module from [company name redacted] even though they are competing head-to-head against that company’s flagship product.  This boggles my mind.  We’re not talking about complementary offerings, we’re talking about the exact same kind of Apple-Samsung clash of the titans but on a smaller battlefield.  Why would you trust this frempetitor?  It’s not like their product is so fantastic that you had no choice. It’s certainly not that their pricing was so incredible that you couldn’t afford to pass it up.  For comparison’s sake, it’s not even like they provide FIPS 140-2 validation services, Rapid or otherwise.  This is just a head-scratcher.

What happens when their module isn’t working properly or if it is proven to be vulnerable?  Will they step up and patch it in a timely manner?  Or will they prioritize their own products and customers first, and you’ll have to wait until they get around to it?

What if your crypto provider pulls your license in an effort to sidetrack your engineering team and cripple your momentum, because you’ve been taking market share from their primary offering?  Are you prepared to pivot quickly on your competitor’s whim?

Would you be concerned that you are relying upon an internal component that was designed by a competitor?  What if it slows down your product’s performance?  What if it includes tracking capabilities so that they can monitor your install base?

Paranoid?  Sure, but definitely within the realm of possible.

If you ran a restaurant, you would never purchase your ingredients from a competitive restaurant.  You’d rightfully assume that they would cherrypick the best produce, the best cuts of meat, the proverbial cream of the crop, and leave you the rest.

Would your boss/investors/shareholders/customers give you the benefit of the doubt in these scenarios?  Is choosing to work with a frempetitor ever a justifiable position in retrospect?

Skip the heartache and paranoia.  Don’t get stabbed in the back and don’t give a competitor the opportunity to be a part of your supply chain.

If you are currently using encryption provided by a company that would stand to gain from your troubles, contact us immediately and we’ll help you escape from this dysfunctional relationship.  If you are considering them, please think very carefully about it before you move forward.  I don’t promise never to say “I told you so”, but I do promise that SafeLogic will be ready to help when you’re ready.  Plus, we have better modules, greater compatibility and platform coverage, and RapidCert‘s lightning fast validation is just the cherry on top.  Choose wisely!

BlogFooterWalt2

6 Oct 2015

The Need for Speed

TopGunThe Miramar Air Show was this weekend, a highlight of the year for Southern Californians.  Bay Area flight enthusiasts will get their own dose of the Blue Angels this weekend at Fleet Week San Francisco, before the iconic jet team heads to Oahu and then closes their season with dates in Georgia and Florida.  I like to think that our San Diego event holds a special place in the hearts of these naval aviators, since Marine Corps Air Station (MCAS) Miramar was the setting for the film that still reigns #1 among pilots – Top Gun.  I could have walked up to any of the soldiers on the base and asked if they ‘felt the need for speed’ and gotten a high five, or asked if they had ‘lost that loving feeling’ and gotten serenaded.  Forget that Maverick and Goose first inverted to ‘keep up foreign relations’ years before this generation’s hotshot pilots drove a car, let alone flew a plane; Top Gun is still the most effective two hour recruiting tool in the Navy.

Bottom line – the air show was awesome.  My son had a blast (the Shockwave jet truck was a big hit) and I was left with the same patriotic awe and inspiration as years past.  I’m still thunderstruck by the engineering feats that we have achieved, as a country and as a species.

I’m also equally blown away by our continually jaw-dropping idiocy.  Chatting with one of the aforementioned millennial pilots (I’m no senior citizen, but this kid was definitely born during the Clinton administration), he told me that while some of his superiors had received iPads for flight plans, he had not.  When I pressed him, he admitted that he used his own personal iPad… with a handy app that he had downloaded from the App Store, of course.  I was flummoxed.  Yes, the app (which shall remain nameless) has an excellent reputation and yes, it has a specific setup for military usage, including a worldwide library of Department of Defense Digital Flight Information Publications (D-FLIP) terminal procedures, airport diagrams, enroute charts and publications.  Very handy.

But who is authorizing this?  Or rather, who is looking the other way on this?  I’m not suggesting that the app is corrupt (although they fail to include FIPS 140-2 validation).  I recognize that the pilots are supposed to download their relevant data before takeoff and disable cellular signal while in flight.  Good rules of thumb.  But how about that GPS chip in the tablet?  That’s a major tracking beacon that has not been officially sanctioned. Or what if someone has hacked the app and is enjoying a MITM attack, collecting all user destination data?  In that case, they could theoretically isolate the military users, even the type of plane and originating location.  Gee, that wouldn’t be helpful information at all.

top-gun-2iPads have been a huge boost to efficiency and modernizing the habits of pilots, both the military and civilian.  I’m not disputing that.  In fact, I’ve been a major advocate.  That doesn’t mean that unbridled BYOD is okay, let alone encouraged.  It’s a tight margin for error and it’s shrinking.  We need to address it, because it’s not just the 20-something pilots that want it yesterday already, it’s every customer, big and small.

New solutions are a balancing act and always have been.  We constantly have to be vigilant, weighing the advantages of the technology with the compromises that we recognize in the current version before we can feel comfortable deploying it in sensitive environments such as the military.  This is a recurring theme in our CEO’s talks nationwide at security and technology conferences.  It’s just not enough to build something better – it has to be secure.  And it’s not enough to build something secure – it has to be ready faster.  And if it’s secure and fast?  Yes, it’s gotta be better than what’s already out there.

As a technology vendor, you need to enter production faster.  Getting bogged down in the FIPS 140-2 process is a fools’ errand, but we definitely have it figured it out.  Build your product, add CryptoComply, move fast, beat your competitors, and win market share.

If you’ve got the need for speed, then you need RapidCert.

P.S. – Top Gun 2 is in the works, bringing back Tom Cruise as Maverick.  Seriously.

BlogFooterWalt2