July 18, 2025 • 18 mins
Interested in being a guest? Email us at admin@evankirstel.com
The connected world of IoT devices brings incredible benefits—from smart manufacturing to intelligent agriculture—but also creates unprecedented security challenges. When billions of devices collect and transmit sensitive data in real-time, how do we ensure they're properly protected?
Rodrigo Ferreira, Senior Vice President of Sales at Thales Mobile Connectivity Solutions, reveals the uncomfortable truth about IoT security: most devices lack built-in protection from the start. "Security isn't by design," he explains, leaving critical vulnerabilities that attackers can easily exploit. Among the biggest concerns is weak authentication—devices using simple login credentials that can be compromised, potentially allowing attackers to impersonate legitimate devices or even take over entire systems. When those systems control power grids or medical equipment, the consequences could be devastating.
Secure device identity becomes the foundation for trust in our connected ecosystem. But authentication is just the beginning—data encryption throughout the collection, transmission, and storage journey is equally crucial. As Ferreira states, "It's not a matter of if you get hacked, it's a matter of when." Without proper encryption, compromised data can be easily exploited. The industry faces additional challenges with firmware updates (many devices simply can't be updated) and fragmented regulations across regions, making global IoT deployments particularly complex.
Despite these challenges, innovation continues with promising developments like the GSM-SGP32 specification, which simplifies secure connectivity across multiple carriers without complex integrations. Ultimately, IoT security requires collaboration across the entire ecosystem—no single player can solve it alone. As we build our connected future, the responsibility falls on all participants to prioritize security at every layer, from device to network to cloud. Learn more about Thales' approach to IoT security at upcoming industry events including Mobile World Congress Americas.
More at https://linktr.ee/EvanKirstel
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Hey everybody, Really exciting topic, One of the most
pressing challenges in techtoday around IoT security.
We're going to unpack what thatmeans for enterprises across
the board, where the risks lieand what the future holds for
securing billions of connecteddevices.
Rodrigo with Talas, how are you?
Speaker 2 (00:24):
Very good, evan.
Thanks for having me here today, very excited.
Speaker 1 (00:27):
Thanks for being here , really excited to dive into
all things IoT security.
Before that, maybe, introduceyourself and your division
within Talas for those who maynot be familiar.
Speaker 2 (00:40):
Sure, so I'm Rodrigo Ferreira, senior Vice President
of Sales at Mobile ConnectivitySolutions, what we call MCS, at
Thales.
I've been with the group forover 20 years, working in four
different countries in differentroles, from software
development to project deliveryand sales and sales leadership.
(01:05):
So today I lead the NorthAmerica business for MCS,
working very closely withconnectivity providers and
device makers, trying to helpshape the future of what we call
a connected, secure IoT.
I don't know, evan, how muchyou know about Atalis.
Just giving a quick intro onAtalis Atalis is a global
(01:28):
technology provider with over80,000 employees across five
continents.
Yeah, it's pretty impressive.
We serve in markets likedefense, aerospace and
cybersecurity and digitalidentities.
We invest heavily in digitaland deep technology innovations
(01:50):
like AI, cybersecurity,connectivity and quantum
technologies.
So, just to put it simple, thementality is we are about making
the world safer and smarter or,like we like to say, building a
future we can all trust.
Speaker 1 (02:08):
Love it.
Great taglines and you've seenthe rise of IoT firsthand, now
connecting hundreds of millions,if not billions, of devices in
the near future, collectingenormous amounts of data in real
time.
What are some of the biggestsecurity challenges that you've
seen arise firsthand?
Speaker 2 (02:28):
You know, evan, just to start on the IoT, right.
I mean, when we talk about IoT,I think most people agree all
the benefits that it brings toour lives, right?
Whether it's in automationmanufacturing or if it is a
real-time data collection inagriculture or just making our
homes smarter.
So it's pretty exciting when wesee what IoT can do for us,
(02:52):
right?
However, what we see is thatmany of those devices, they have
limited capabilities.
Security isn't built from thestart, right, I mean it's not by
design, like we say.
From the start.
Right, I mean it's not bydesign, like we say.
And that opens, like apotential opportunities for
attackers to find weak spots orgain unauthorized access, right.
(03:14):
So there are a few areas thatwe believe that the industry
needs to work on to make surethat the entire ecosystem is
secure and can be trustedDefinitely and, as we know,
identity is secure and can betrusted.
Definitely.
Speaker 1 (03:25):
And, as we know, identity is the flip side of
security, and weakauthentication has been sort of
endemic to IoT for some time.
Right, how do we make sure thatonly secure devices are
connected to our networks,especially with so many
sensitive infrastructure domainsout there healthcare and energy
(03:47):
and aviation and beyond?
How can we get better at thingslike?
Speaker 2 (03:51):
Yeah, that's a pretty important point, evan, right?
I mean, as I mentioned, some ofthose IoT devices, they have
limited capabilities.
You will be surprised when wetalk with some of our players,
right.
I mean they are using just alogin and password to
authenticate their device to thenetwork, or the identity of
(04:14):
that device is not secure, isstored in a secure enclave in
the device, right.
And having those weakauthentication protocols, it
makes it easier for attackers toimpersonate the device and gain
unauthorized access or, evenworse, do like a full system
takeover.
So think about the power grid orthink about oxygen meter at the
(04:38):
hospital.
I mean, those are use cases thatcan have real life consequences
, right?
So it is really important that,when we talk about the
authentication protocols, thatyou use the strong cryptographic
base identity verificationright, and making sure that
that's properly secure in thedevice, that you can make sure
(05:00):
that that device it is who itsays it is before you even get
access to the network, right.
And when we talk about all thedata that those devices are
constantly collecting, and quiteoften in real time, that data
can also be extremely sensitive,right.
I mean, think about yourlocation or health metrics or
(05:23):
even, like a business criteria,insights that help you to make
decisions right.
So it is extremely importantthat, on top of the strong
identity verification, we alsohave strong encryption protocols
.
Right, I mean?
It is making sure that your theentire data journey is secure,
(05:44):
from the data collection totransmission and storage.
At Thales, we usually say it'snot a matter of if you get
hacked, it's a matter of when.
And if that happens, you needto make sure that that data
cannot be tampered with, thatdata can't be accessed, that
data is properly encrypted.
Speaker 1 (06:06):
Got it.
Another weak link in the IoTsecurity chain is the update
mechanisms that are out there.
Certainly, many of thesedevices don't have update
mechanisms, which is prettyscary.
Others have pretty manualupdate mechanisms, pretty manual
update mechanisms.
So what can manufacturers orbusinesses customers, you know
do to ensure their devices staysecure and updated?
(06:30):
Firmware gets updated over time, much like our Apple, you know
handsets do Right.
Speaker 2 (06:35):
Yeah, that's another pretty important aspect in IoT
security, right.
I mean, as you mentioned, manyof those devices.
They don't have thosecapabilities right and that's a
pretty big risk.
If a vulnerability is found,that device stays exposed for
exploitation or malwareinfection.
(06:56):
And I said at the beginning,security should be from the
start in by design.
It's not a matter of justlaunching a product.
It's a matter of making surethat it's secure for the long
haul.
So I think the important pointshere for tech providers and
enterprise is to deployover-the-air update mechanisms
(07:19):
in a secure way, but also thinkabout the lifecycle management
from day one.
I mean it should be from thebeginning and think about the
entire device lifecycle howyou're going to manage that.
Speaker 1 (07:30):
Yeah, interesting topic.
Another topic that you hear alot about are new regulations,
rules, laws to secure devices,and there's just a constant
stream of updates in the US,europe, every country having its
own ideas about this.
Is there any way to unify allof this across borders and
countries and regions?
(07:50):
Where are we with thestandardization and rules side
of IT security?
Speaker 2 (07:56):
Yeah, that's a good point, right, I mean security.
It's a pretty broad topic and,let's be honest, it can be very
confusing.
Right, and as you mentioned,there's like a regulations.
There is different standardsacross the board.
If we were to have unifiedapproach, for sure that can help
in scalability.
Right, it makes it much easierfor us to deploy that across
(08:21):
regions or across differentsectors, and some may argue that
if you have a very strictstandard or if it's not
well-designed, that will preventinnovation.
Right, and that's where Ibelieve that industry bodies or
(08:41):
standard organizations that cancome in, even in governments, to
try to strike the right balancehere.
Right, I mean, one greatexample that I can mention is
the NIST 2022 framework forconsumer software and consumer
IoT products, because it givesthe right direction and clear
(09:01):
direction on what should beimplemented without preventing
that innovation.
Right, giving the flexibilityfor tech providers and
enterprise to choose the bestsolution that fits their needs
and to scale Got it.
Speaker 1 (09:17):
And in the midst of all this, the industry continues
to innovate new services likeeSIM.
I'm a big fan.
I have three or four eSIMs.
Also new standards from peoplelike 3GPP and GSMA.
Maybe break down some of thosenew standards and also new
technologies that you're reallyintrigued by.
Speaker 2 (09:36):
Yeah, so recently we are seeing lots of buzz around
what we call the GSM-SGP32.
So that's a new specificationdesigned for IoT.
We did have thosespecifications for IoT in the
past, but those require prettycomplex integrations across the
carriers that you want tosupport, right?
(09:56):
So the challenge that we had inthe past is that an IoT device
would either stay locked in asingle carrier or the carriers
that they need support had to beintegrated across their backend
, which made the management ofconnectivity pretty complex.
Right Now, think about yourphone or your watch.
When you have that eSIMcapabilities there, no need to
(10:21):
be like a strong backendintegration across the different
cares.
You can basically enable thatdevice in any of those networks
and that's what the SGP32 isbringing to the IoT is that
flexibility for you to connect,like different cares, including
private networks, without havingto do those complex backend
integrations.
(10:41):
So what we've learned in ourwork with IoT at Thales is some
industries let's say utilitiesthey require connectivity
resiliency, right.
So for those players to thinkfrom the beginning which
carriers they're going to use orhow they're going to use those
carriers, or when to switch oneto the other, is with the
(11:04):
previous specifications theywere pretty complex With the
SGP32, that makes it easier.
So the entire supply chain fromdevice manufacturing,
deployment and maintenance ismuch easier.
So the entire supply chain fromdevice manufacturing,
deployment and maintenance ismuch easier.
So it's a pretty excitingdevelopment on the IoT
connectivity and we are seeinglots of traction these days in
the market.
Speaker 1 (11:24):
Fantastic, and what are some of the threats that you
have your eye on or the team atDallas has its eye on this year
and over the next years?
There's a lot on the horizon.
You hear about quantum andother threats to encryption, but
what's top of mind for you andthe team?
Speaker 2 (11:40):
You know there's different topics, right?
I mean, I believe that, as theIoT tech keeps evolving and
reshaping industries, there isno single player that, in my
view, can tackle everything byitself.
The threats are evolving, asyou mentioned, like quantum.
(12:02):
It is one, right, I mean, ifyou're doing like a data
collection today to access thoselater on.
So there's lots of concernsaround the security, and that's
where collaboration is veryimportant across the different
organizations, enterprise techproviders, to really tackle
those risks.
(12:22):
One great example that I canmention is recently, the IoT
Machine to Machine Council andGlobal Certification Forum.
They form the task force toexplore a global certification
for IoT, and here they're notlooking only at the device,
right, I mean.
I think, as I mentioned earlier, security is pretty broad and
(12:43):
can be quite complex, and itdoesn't help if you have a very
secure device but your networkor your cloud platform is not
secure, right?
So, basically, here this taskforce is trying to look at those
different components from thenetwork, from the cloud
platforms and the device, and inmy view, it's that holistic
approach that we need, right?
(13:05):
So there's much more that needsto be done.
For sure, I always say that wethat are part of this connected
future.
It's up to us to build a futurethat we that are part of this
connected future, it's up to usto build a future that we can
really trust.
So it is really important thatwe keep working towards that.
(13:26):
You know, to beat what thethreats will evolve right the
way that they evolve.
Speaker 1 (13:35):
Yeah, sounds like the shared responsibility and
accountability is required byall the parties.
And what role does TALIS MCSplay in the mix?
How do you see your role andhow do you help?
Speaker 2 (13:49):
Yeah, so we?
You know, as I mentionedearlier, thales is pretty broad,
but specifically on MCS, we areworking with the connectivity
providers, device makers, byhelping on two fronts.
One is on the connectivity howwe make that connectivity
scalable and easier and lesscomplex, right.
(14:10):
I mean by all I say think abouta lamp, how you can get the
lamp and connect that in an easy, complex right.
I mean by all I say think abouta lamp, how you can get the
lamp and connect that in an easyway.
Right, we are focusing onwireless right.
So the way that we're workingwith activities are wireless and
, as you have those componentslike eSIM or you have a secure
element that you are puttingthere, you can actually use that
(14:31):
component to increase thesecurity right.
Use that as a security play foryour device identity or to have
your keys for you to accessyour cloud platforms.
So that's the work that we havebeen doing at Talos MCS working
closely with those devicemakers to help them to perform
(14:53):
the security by design right.
I mean, as they are talking onthe connectivity, how can we
tackle those two frontsconnectivity and security from
the beginning in a way that wecan really shape the future of
connected IoT?
Speaker 1 (15:08):
Wow, wonderful mission and just a fun question.
If you had a magic wand andcould wave it and sort of just
change one thing about the IoTecosystem today to make it safer
, what would you change?
What would you wish intoexistence?
Speaker 2 (15:24):
adoption of SGP32, it's pretty important, right.
I mean, we saw in the pastpeople trying to connect those
devices in not a secure way, andthat's a pretty big risk, right
.
So having a way for you to doremote provisioning and doing
(15:44):
connectivity management in asecure way or allowing the
device to switch automatically,that's for me, it's pretty
important.
But beyond that, you know,there are other principles that
people need to take into account, which is like strong
encryption protocols that wementioned at the beginning, of
(16:06):
course, embracing zero trustprinciples, right, to make sure
that you don't trust anything.
So security should be in everylayer of your IoT ecosystem, and
we are seeing lots of AIsecurity-driven models.
I mean that's important.
We always question who's goingto win on the AI war?
(16:27):
Right, that is the protectionor the attack.
The threats will keep evolving,right, and that's why
organizations need to stayproactive.
It's important that they adaptquickly and, as I said, build
trust in every single layer oftheir IoT ecosystem.
Speaker 1 (16:47):
Well, really optimistic note there and food
for thought as we head intoBlack Hat and DEF CON and other
events this year.
What are you excited about overthe next few weeks and months?
Where are you traveling?
Where can people meet you andlearn more?
Speaker 2 (17:05):
Yeah, so there's a mobile World Congress that is
coming up in the coming days.
Americas, right.
Of course, there is the MobileCongress in Barcelona that we
are meeting.
We have a bunch of IoT eventsin different sectors, right?
(17:25):
What we realize is that, tomake sure that the industry is
educated on those points, we'reactually now actively
participating on specific events, either for healthcare.
Now actively participating onspecific events, either for
healthcare or for utilities, youknow, like a distribute tag,
because that's a way that we canmeet those players and get to
learn their challenges andexplain to them how we can
(17:46):
support them, right?
I mean, when people hear aboutthe eSIM, they think that's what
is that and how I can preventtheir use of the plastic SIMs.
And that's where we are to helpthem.
That means, from the design,helping them to integrate that
seamless to their device,provide some components that
they can help them to use thatpiece not only as a connectivity
(18:08):
management but also identity.
So we're excited myself and myteam, we are participating in
different events in the comingmonths and weeks to really
tackle that challenge that we asan industry we face for the
future.
Speaker 1 (18:25):
Fantastic.
Well, thanks very much, reallyimportant work, and wishing you
and all of us luck in thatregard.
Thanks for joining and I lookforward to meeting you at Mobile
World Congress or one of themany events out there.
Speaker 2 (18:37):
Sounds good, ivan, thank you for having me here to
explain the exciting work thatwe're doing at Thales with IoT.
Speaker 1 (18:43):
Thank you and thanks everyone for listening, watching
, sharing this episode, ofcourse, and check out our new TV
show, techimpact TV, now onBloomberg and Fox Business.
Thanks everyone, take care.
Hey everybody, Really exciting topic, One of the most
pressing challenges in techtoday around IoT security.
We're going to unpack what thatmeans for enterprises across
the board, where the risks lieand what the future holds for
securing billions of connecteddevices.
Rodrigo with Talas, how are you?
Speaker 2 (00:24):
Very good, evan.
Thanks for having me here today, very excited.
Speaker 1 (00:27):
Thanks for being here , really excited to dive into
all things IoT security.
Before that, maybe, introduceyourself and your division
within Talas for those who maynot be familiar.
Speaker 2 (00:40):
Sure, so I'm Rodrigo Ferreira, senior Vice President
of Sales at Mobile ConnectivitySolutions, what we call MCS, at
Thales.
I've been with the group forover 20 years, working in four
different countries in differentroles, from software
development to project deliveryand sales and sales leadership.
(01:05):
So today I lead the NorthAmerica business for MCS,
working very closely withconnectivity providers and
device makers, trying to helpshape the future of what we call
a connected, secure IoT.
I don't know, evan, how muchyou know about Atalis.
Just giving a quick intro onAtalis Atalis is a global
(01:28):
technology provider with over80,000 employees across five
continents.
Yeah, it's pretty impressive.
We serve in markets likedefense, aerospace and
cybersecurity and digitalidentities.
We invest heavily in digitaland deep technology innovations
(01:50):
like AI, cybersecurity,connectivity and quantum
technologies.
So, just to put it simple, thementality is we are about making
the world safer and smarter or,like we like to say, building a
future we can all trust.
Speaker 1 (02:08):
Love it.
Great taglines and you've seenthe rise of IoT firsthand, now
connecting hundreds of millions,if not billions, of devices in
the near future, collectingenormous amounts of data in real
time.
What are some of the biggestsecurity challenges that you've
seen arise firsthand?
Speaker 2 (02:28):
You know, evan, just to start on the IoT, right.
I mean, when we talk about IoT,I think most people agree all
the benefits that it brings toour lives, right?
Whether it's in automationmanufacturing or if it is a
real-time data collection inagriculture or just making our
homes smarter.
So it's pretty exciting when wesee what IoT can do for us,
(02:52):
right?
However, what we see is thatmany of those devices, they have
limited capabilities.
Security isn't built from thestart, right, I mean it's not by
design, like we say.
From the start.
Right, I mean it's not bydesign, like we say.
And that opens, like apotential opportunities for
attackers to find weak spots orgain unauthorized access, right.
(03:14):
So there are a few areas thatwe believe that the industry
needs to work on to make surethat the entire ecosystem is
secure and can be trustedDefinitely and, as we know,
identity is secure and can betrusted.
Definitely.
Speaker 1 (03:25):
And, as we know, identity is the flip side of
security, and weakauthentication has been sort of
endemic to IoT for some time.
Right, how do we make sure thatonly secure devices are
connected to our networks,especially with so many
sensitive infrastructure domainsout there healthcare and energy
(03:47):
and aviation and beyond?
How can we get better at thingslike?
Speaker 2 (03:51):
Yeah, that's a pretty important point, evan, right?
I mean, as I mentioned, some ofthose IoT devices, they have
limited capabilities.
You will be surprised when wetalk with some of our players,
right.
I mean they are using just alogin and password to
authenticate their device to thenetwork, or the identity of
(04:14):
that device is not secure, isstored in a secure enclave in
the device, right.
And having those weakauthentication protocols, it
makes it easier for attackers toimpersonate the device and gain
unauthorized access or, evenworse, do like a full system
takeover.
So think about the power grid orthink about oxygen meter at the
(04:38):
hospital.
I mean, those are use cases thatcan have real life consequences
, right?
So it is really important that,when we talk about the
authentication protocols, thatyou use the strong cryptographic
base identity verificationright, and making sure that
that's properly secure in thedevice, that you can make sure
(05:00):
that that device it is who itsays it is before you even get
access to the network, right.
And when we talk about all thedata that those devices are
constantly collecting, and quiteoften in real time, that data
can also be extremely sensitive,right.
I mean, think about yourlocation or health metrics or
(05:23):
even, like a business criteria,insights that help you to make
decisions right.
So it is extremely importantthat, on top of the strong
identity verification, we alsohave strong encryption protocols
.
Right, I mean?
It is making sure that your theentire data journey is secure,
(05:44):
from the data collection totransmission and storage.
At Thales, we usually say it'snot a matter of if you get
hacked, it's a matter of when.
And if that happens, you needto make sure that that data
cannot be tampered with, thatdata can't be accessed, that
data is properly encrypted.
Speaker 1 (06:06):
Got it.
Another weak link in the IoTsecurity chain is the update
mechanisms that are out there.
Certainly, many of thesedevices don't have update
mechanisms, which is prettyscary.
Others have pretty manualupdate mechanisms, pretty manual
update mechanisms.
So what can manufacturers orbusinesses customers, you know
do to ensure their devices staysecure and updated?
(06:30):
Firmware gets updated over time, much like our Apple, you know
handsets do Right.
Speaker 2 (06:35):
Yeah, that's another pretty important aspect in IoT
security, right.
I mean, as you mentioned, manyof those devices.
They don't have thosecapabilities right and that's a
pretty big risk.
If a vulnerability is found,that device stays exposed for
exploitation or malwareinfection.
(06:56):
And I said at the beginning,security should be from the
start in by design.
It's not a matter of justlaunching a product.
It's a matter of making surethat it's secure for the long
haul.
So I think the important pointshere for tech providers and
enterprise is to deployover-the-air update mechanisms
(07:19):
in a secure way, but also thinkabout the lifecycle management
from day one.
I mean it should be from thebeginning and think about the
entire device lifecycle howyou're going to manage that.
Speaker 1 (07:30):
Yeah, interesting topic.
Another topic that you hear alot about are new regulations,
rules, laws to secure devices,and there's just a constant
stream of updates in the US,europe, every country having its
own ideas about this.
Is there any way to unify allof this across borders and
countries and regions?
(07:50):
Where are we with thestandardization and rules side
of IT security?
Speaker 2 (07:56):
Yeah, that's a good point, right, I mean security.
It's a pretty broad topic and,let's be honest, it can be very
confusing.
Right, and as you mentioned,there's like a regulations.
There is different standardsacross the board.
If we were to have unifiedapproach, for sure that can help
in scalability.
Right, it makes it much easierfor us to deploy that across
(08:21):
regions or across differentsectors, and some may argue that
if you have a very strictstandard or if it's not
well-designed, that will preventinnovation.
Right, and that's where Ibelieve that industry bodies or
(08:41):
standard organizations that cancome in, even in governments, to
try to strike the right balancehere.
Right, I mean, one greatexample that I can mention is
the NIST 2022 framework forconsumer software and consumer
IoT products, because it givesthe right direction and clear
(09:01):
direction on what should beimplemented without preventing
that innovation.
Right, giving the flexibilityfor tech providers and
enterprise to choose the bestsolution that fits their needs
and to scale Got it.
Speaker 1 (09:17):
And in the midst of all this, the industry continues
to innovate new services likeeSIM.
I'm a big fan.
I have three or four eSIMs.
Also new standards from peoplelike 3GPP and GSMA.
Maybe break down some of thosenew standards and also new
technologies that you're reallyintrigued by.
Speaker 2 (09:36):
Yeah, so recently we are seeing lots of buzz around
what we call the GSM-SGP32.
So that's a new specificationdesigned for IoT.
We did have thosespecifications for IoT in the
past, but those require prettycomplex integrations across the
carriers that you want tosupport, right?
(09:56):
So the challenge that we had inthe past is that an IoT device
would either stay locked in asingle carrier or the carriers
that they need support had to beintegrated across their backend
, which made the management ofconnectivity pretty complex.
Right Now, think about yourphone or your watch.
When you have that eSIMcapabilities there, no need to
(10:21):
be like a strong backendintegration across the different
cares.
You can basically enable thatdevice in any of those networks
and that's what the SGP32 isbringing to the IoT is that
flexibility for you to connect,like different cares, including
private networks, without havingto do those complex backend
integrations.
(10:41):
So what we've learned in ourwork with IoT at Thales is some
industries let's say utilitiesthey require connectivity
resiliency, right.
So for those players to thinkfrom the beginning which
carriers they're going to use orhow they're going to use those
carriers, or when to switch oneto the other, is with the
(11:04):
previous specifications theywere pretty complex With the
SGP32, that makes it easier.
So the entire supply chain fromdevice manufacturing,
deployment and maintenance ismuch easier.
So the entire supply chain fromdevice manufacturing,
deployment and maintenance ismuch easier.
So it's a pretty excitingdevelopment on the IoT
connectivity and we are seeinglots of traction these days in
the market.
Speaker 1 (11:24):
Fantastic, and what are some of the threats that you
have your eye on or the team atDallas has its eye on this year
and over the next years?
There's a lot on the horizon.
You hear about quantum andother threats to encryption, but
what's top of mind for you andthe team?
Speaker 2 (11:40):
You know there's different topics, right?
I mean, I believe that, as theIoT tech keeps evolving and
reshaping industries, there isno single player that, in my
view, can tackle everything byitself.
The threats are evolving, asyou mentioned, like quantum.
(12:02):
It is one, right, I mean, ifyou're doing like a data
collection today to access thoselater on.
So there's lots of concernsaround the security, and that's
where collaboration is veryimportant across the different
organizations, enterprise techproviders, to really tackle
those risks.
(12:22):
One great example that I canmention is recently, the IoT
Machine to Machine Council andGlobal Certification Forum.
They form the task force toexplore a global certification
for IoT, and here they're notlooking only at the device,
right, I mean.
I think, as I mentioned earlier, security is pretty broad and
(12:43):
can be quite complex, and itdoesn't help if you have a very
secure device but your networkor your cloud platform is not
secure, right?
So, basically, here this taskforce is trying to look at those
different components from thenetwork, from the cloud
platforms and the device, and inmy view, it's that holistic
approach that we need, right?
(13:05):
So there's much more that needsto be done.
For sure, I always say that wethat are part of this connected
future.
It's up to us to build a futurethat we that are part of this
connected future, it's up to usto build a future that we can
really trust.
So it is really important thatwe keep working towards that.
(13:26):
You know, to beat what thethreats will evolve right the
way that they evolve.
Speaker 1 (13:35):
Yeah, sounds like the shared responsibility and
accountability is required byall the parties.
And what role does TALIS MCSplay in the mix?
How do you see your role andhow do you help?
Speaker 2 (13:49):
Yeah, so we?
You know, as I mentionedearlier, thales is pretty broad,
but specifically on MCS, we areworking with the connectivity
providers, device makers, byhelping on two fronts.
One is on the connectivity howwe make that connectivity
scalable and easier and lesscomplex, right.
(14:10):
I mean by all I say think abouta lamp, how you can get the
lamp and connect that in an easy, complex right.
I mean by all I say think abouta lamp, how you can get the
lamp and connect that in an easyway.
Right, we are focusing onwireless right.
So the way that we're workingwith activities are wireless and
, as you have those componentslike eSIM or you have a secure
element that you are puttingthere, you can actually use that
(14:31):
component to increase thesecurity right.
Use that as a security play foryour device identity or to have
your keys for you to accessyour cloud platforms.
So that's the work that we havebeen doing at Talos MCS working
closely with those devicemakers to help them to perform
(14:53):
the security by design right.
I mean, as they are talking onthe connectivity, how can we
tackle those two frontsconnectivity and security from
the beginning in a way that wecan really shape the future of
connected IoT?
Speaker 1 (15:08):
Wow, wonderful mission and just a fun question.
If you had a magic wand andcould wave it and sort of just
change one thing about the IoTecosystem today to make it safer
, what would you change?
What would you wish intoexistence?
Speaker 2 (15:24):
adoption of SGP32, it's pretty important, right.
I mean, we saw in the pastpeople trying to connect those
devices in not a secure way, andthat's a pretty big risk, right
.
So having a way for you to doremote provisioning and doing
(15:44):
connectivity management in asecure way or allowing the
device to switch automatically,that's for me, it's pretty
important.
But beyond that, you know,there are other principles that
people need to take into account, which is like strong
encryption protocols that wementioned at the beginning, of
(16:06):
course, embracing zero trustprinciples, right, to make sure
that you don't trust anything.
So security should be in everylayer of your IoT ecosystem, and
we are seeing lots of AIsecurity-driven models.
I mean that's important.
We always question who's goingto win on the AI war?
(16:27):
Right, that is the protectionor the attack.
The threats will keep evolving,right, and that's why
organizations need to stayproactive.
It's important that they adaptquickly and, as I said, build
trust in every single layer oftheir IoT ecosystem.
Speaker 1 (16:47):
Well, really optimistic note there and food
for thought as we head intoBlack Hat and DEF CON and other
events this year.
What are you excited about overthe next few weeks and months?
Where are you traveling?
Where can people meet you andlearn more?
Speaker 2 (17:05):
Yeah, so there's a mobile World Congress that is
coming up in the coming days.
Americas, right.
Of course, there is the MobileCongress in Barcelona that we
are meeting.
We have a bunch of IoT eventsin different sectors, right?
(17:25):
What we realize is that, tomake sure that the industry is
educated on those points, we'reactually now actively
participating on specific events, either for healthcare.
Now actively participating onspecific events, either for
healthcare or for utilities, youknow, like a distribute tag,
because that's a way that we canmeet those players and get to
learn their challenges andexplain to them how we can
(17:46):
support them, right?
I mean, when people hear aboutthe eSIM, they think that's what
is that and how I can preventtheir use of the plastic SIMs.
And that's where we are to helpthem.
That means, from the design,helping them to integrate that
seamless to their device,provide some components that
they can help them to use thatpiece not only as a connectivity
(18:08):
management but also identity.
So we're excited myself and myteam, we are participating in
different events in the comingmonths and weeks to really
tackle that challenge that we asan industry we face for the
future.
Speaker 1 (18:25):
Fantastic.
Well, thanks very much, reallyimportant work, and wishing you
and all of us luck in thatregard.
Thanks for joining and I lookforward to meeting you at Mobile
World Congress or one of themany events out there.
Speaker 2 (18:37):
Sounds good, ivan, thank you for having me here to
explain the exciting work thatwe're doing at Thales with IoT.
Speaker 1 (18:43):
Thank you and thanks everyone for listening, watching
, sharing this episode, ofcourse, and check out our new TV
show, techimpact TV, now onBloomberg and Fox Business.
Thanks everyone, take care.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.