Hackers — in case anyone was still left wondering — are not going anywhere anytime soon. The environment is simply too rich with targets. And given the tens of billions of IoT devices expected to be logging on — and possibly logging in to payments functions — the environment is only getting richer and more tempting.
And in an age where cybercriminals seem to be ubiquitously lurking at all times, security becomes every merchant’s, issuer’s, card network’s and consumer’s problem. At this point, there are almost no serious players in the game willing to shrug off the importance of security for their system.
But knowing one needs security is not the hard part. Finding a way to actually secure systems is the much, much harder part, because, noted MagicCube CEO and Cofounder Sam Shawki, up until now, the choices for doing it frankly weren’t that good: Use expensive and sometimes non- existent hardware or rely on keystore services from mainstream operating systems, or white box encryption.
And this, Shawki noted, is where MagicCube enters the picture and hopes to change the game. Instead of forcing a hard choice for their customers, MagicCube instead offers a more comprehensive solution: the simplicity, ubiquity, and extensibility of software, with the security and isolation of hardware.
“We show up as a rival of hardware that is deployable across IoT devices,” Shawki explained to Karen Webster in a recent chat. “Our platform provides a software container that lives inside an app and essentially functions like a hardware chip. So, now, you can apply it to any device, anywhere, because it’s a platform designed for massive scale.”
And it is that scalability, Shawki noted, that is especially crucial, because it allows MagicCube to legitimately function as a software alternative to a technology that has always been rooted in hardware to make sure financial transactions are actually protected. MagicCube — due to the unique configuration of its patented platform — is designed to provide essentially all the services a chip-based hardware technology provides.
Why is it better than what’s out there?
Because, Shawki noted, access to hardware is a fundamental challenge for lots of players, particularly those wading for the first time into the complicated, tokenized world of digital security. Apart from being expensive, hardware also has issues around access. It is about as far from “turnkey” as it gets, and that is a turnoff.
Plus, Webster noted, the world is a fast-changing place, and hardware that is good today — in a device that is the cutting-edge — can be yesterday’s news before today is even over.
But, Shawki noted, the alternative, white-box encryption solutions have their problems. they works fine in limited deployments, but the bigger and more complex the issue, the worse they scales.
“It is really tempting to jump into using white-box encryption to free your product from depending on hardware vendors, and in the process accept “good enough” security and the burden of managing the complexity of deploying and managing white box solutions
Shawki likened the white-box encryption solutions to taking a needle, breaking it into a hundred pieces and scattering those pieces through a haystack. Sounds like it should make finding it again impossible, but as it turns out, an average hacker with the right set of publicly available software tools can probably get the pieces out of the haystack and put the needle back together again within a couple of weeks.
MagicCube’s software container, on the other hand, is both turnkey and private , as it is designed to be plug and play for partners and invisible to consumers whose transactions are being secured .. MagicCube’s product is inside the app itself and has many sophisticated layers of defenses — as opposed to, say, the Google’s Android keystore where researchers have pointed out many vulnerabilities including that Google and its partners have access to the centralized keystore
How is it growing?
MagicCube is ready to run on any device powered by Linux or Unix, which means it is rather unlikely to become obsolete anytime soon, and it works on any device, phone, refrigerator, car — you name it.
And though MagicCube is designed around payments, the vision, according to Shawki, is bigger — because the platform is designed to make the transfer, on- device storage, and usage of any type of data secure.
“In our vision, we want to secure anything that can travel digitally, and gets stored on any device — identity information, fingerprints — we can work with any form of ‘secret data,’ which means there are a lot of verticals we can be an asset to. Healthcare and Defense spring to mind, but this can go a lot of places.”
And it will, if MagicCube has any say. To that end, it is amassing allies. MagicCube has recently announced a partner with the team over at Sequent — a secure digital issuance platform and Wallet Platform-as-a-Service for mobile payments using HCE, NFC and tokenization.
Sequent’s solution for managing digitization for the enterprise is a perfect fit for the MagicCube platform because it allows it to really and fully complete its offering with what Shawki referred to as “the full menu of security services — from hardware, to software encryption, to the new MagicCube solution.”
“It’s big for us because it puts us on the map. But it’s big for the industry because you now have a menu of technology options to choose from based on the level of security you require, and you can get it all from one place that actually has experience running the whole thing.”
Security, Shawki noted, should always involve choice and customization, because the criminal minds that seek to break it are both innovative and able to customize their attacks. There is never a silver bullet, noted Shawki, but MagicCube is a platform that makes it easy to bring a lot of advanced weapons to the fight — without drowning in a sea of technical complexity.
And, he noted, the partnerships and big news are just starting. There will be lots more to talk about in 2017.
We’ll make sure you know about all of the scoops as they come in.