Kevin Gillick, Executive Director at GlobalPlatform talks about the significance of Cybersecurity and Device Trust Architecture while meeting regulatory requirements
1. What are some of the unique lessons you have learned from analysing your member’s behaviour?
GlobalPlatform’s membership comprises a diverse range of component and device makers, digital service providers, cloud platform providers, and more, from across industries. While specific needs vary, we are seeing that as the IoT expands, these stakeholders need solutions that enable innovation, accelerate secure product development and reduce cost and time to market. They need to maximize the appeal and relevance of their products, while ensuring data privacy and data integrity are maintained regardless of the use case. Cybersecurity is a very real consideration, particularly for industries where products have not traditionally been connected such as home appliances and healthcare. One challenge, however, is the fragmented regulatory landscape. There are multiple cybersecurity regulations from different bodies and geographies, and an array of frameworks and guidelines for building and deploying solutions. By providing standards and certifications that map to global regulations, GlobalPlatform is supporting its members with market and device agnostic technologies to build, deploy and manage trusted products.
2. Tell us how you came to be the Executive Director at GlobalPlatform.
I was employed by a technology company that was a member of GlobalPlatform. As an active and engaged member, I participated in and ultimately chaired a group referred to as the Marketing Centre. As the organization grew, the Board of Directors determined that there was a need to hire a full time Executive Director to lead the organization and I applied for the position. I am very pleased to have served the membership as Executive Director since 2006.
3. How much of your typical day is involved in managing / supporting initiatives that enable innovative technologies for GlobalPlatform members?
Though my day-to-day role does not involve inputting to the technical specifications and initiatives of GlobalPlatform, the support of these initiatives is vital to the organization’s success. One key aspect of my role is promoting collaboration and input from members. Effective industry collaboration is vital for the development of standards that enable trusted digital services across the various markets that GlobalPlatform and its member’s support.
4. What are the applications or rather opportunities you seek to have with your solutions?
We are focused on enablement. GlobalPlatform’s ongoing mission is to empower stakeholders across industries with standardized technologies and certifications for trusted digital services and devices. These need to effectively address business, security, regulatory and data protection needs. GlobalPlatform standardized technologies and certifications are developed through effective industry-driven collaboration, led by multiple diverse member companies working in partnership with industry and regulatory bodies from around the world. Our key offerings include secure component specifications, the Device Trust Architecture for accessing secure services within a device, the IoTopia Framework for secure launch and management of connected devices and the SESIP Methodology for IoT device certification.
5. How did you define the vision of GlobalPlatform? How did you approach your first 100 days as the Executive Director at GlobalPlatform?
Initially, I focused on the key strategies laid out by the Board of Directors. Getting a fast start on these top priorities immediately created value to the organization and to this newly created position.
6. What are some of the distinctive features of GlobalPlatform technologies?
Appropriate security is a must to create frictionless and reliable services. Digital services in today’s world are deployed on a device using a network to access a back end, most of this is outside of the service provider’s control.GlobalPlatform empowers stakeholders to integrate the right core services into devices. For example, our technologies offer device makers and developers a secure platform upon which to build their solutions. They don’t need to dedicate resources to building their own security services, they can focus on innovating and differentiating to seize market share more quickly.
7. GlobalPlatform was recently in the news for applying at EMVCo specs on device authentication. Can you elaborate more on the same?
GlobalPlatform has collaborated with EMVCo on the Secure Element (SE) Broker Interface, which simplifies end-user authentication for applications running on a GlobalPlatform certified SE. This empowers developers to create secure financial applications that run across different operating systems and models, enabling consumers to rely on a single user authentication method (for example biometrics) for all apps on a device, rather than remembering multiple pins and passwords.
8. What are some of the common pain points that your customers / members commonly approach you with?
For non-experts, adding security is expensive and can slow down product development, and the impact of cyberattacks can be hugely damaging from a financial and brand perspective. Using GlobalPlatform-certified components and our APIs, stakeholders can achieve the required baseline of security and meet regulatory requirements. In 2021, the value of security by design should be clear, yet we are still witnessing new attacks on connected objects that don’t adhere to baseline standards of security. GlobalPlatform offers access to this baseline level of security, along with guidelines of how device and solution providers can implement secure technologies into their solutions. This creates a secure platform upon which innovative solutions can be created.
9. What advice would you like to give to the upcoming Cyber Security-based tech start-ups?
A start up in cybersecurity will already have its work cut out in terms of creating a solution that is new and innovative, and that can compete with the world industry leaders with more experience and larger budgets. A start-up should take advantage of the technology that is already at their disposal to ensure they don’t waste valuable time building their solutions from scratch. GlobalPlatform has spent the past two decades creating specifications that provide a platform upon which new solutions can be securely developed.
10. Can you give us a sneak peek into some of the upcoming initiatives that your members can look forward to?
In the past 18 months, GlobalPlatform has launched two key initiatives to help secure the rapid expansion of the IoT ecosystem, our IoTopia Framework and a Security Evaluation Standard for IoT Platforms (SESIP) methodology. IoTopia supports the secure launch and management of connected devices, by providing a practical implementation guide to secure IoT devices across all markets and in line with global requirements. An exciting development of IoTopia is our new MUD (Manufacturer Usage Description) File Service, which is currently operating as a free BETA service. This simplifies the access and consumption of MUD files from networks hosting IoT devices, greatly improving the security of connected things and the networks they are connected to.
On the other hand, SESIP provides a common and optimized approach for evaluating the security of connected products. With this methodology, GlobalPlatform is supporting IoT device makers and certification bodies to adopt SESIP and establish their own IoT device security certification schemes. This will reduce complexity, cost and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies, and compliant with standards and regulations. We are working to align certification bodies and laboratories, to ensure comparable evaluations across the entire IoT ecosystem and welcome engagement from certification bodies and laboratories. We have already seen early adopters of the methodology, and look forward to seeing more supporters create their own certification schemes using the methodology.
11. Which is the one Cyber Security breakthrough you will be on the lookout for in the upcoming year?
In the upcoming year we will have finalized a new framework called Device Trust Architecture (DTA) that standardizes access to secure digital services on a device. Secure services can include key storage, authentication of the end user or a device, crypto function to open a secure communication. The DTA framework will clarify the responsibility of the component maker, the device manufacturer that uses components to build a device and the application developer that uses the services. This will open the possibility for a device manufacturer to create various designs based on different technologies, without impacting how application developers are using those services.
12. What is the one leadership motto you live by?
My first job after graduating from college put me under the supervision of a remarkable boss and mentor. He described leadership by using a dog sledding metaphor. He would say that “The speed of the leader determines the rate of the pack.” In other words, the momentum created by the leader is the pace the team should align with and aspire to. If the leader isn’t moving, the team likely isn’t moving either. I’ve always tried to keep that simple metaphor in mind when approaching my day-to-day duties and interactions with the team.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.
Executive Director at GlobalPlatform
Kevin Gillick, Executive Director at GlobalPlatform.
As Executive Director of GlobalPlatform, Mr. Gillick is responsible for driving awareness and accelerating adoption of the GlobalPlatform Specifications within worldwide markets.