eShard: a world where every connected device gets built-in security

Date: 20 Aug 2019

Jean-Luc Khaou, Chief Business Officer of eShard

Q: What is eShard about, and your role in it?
eShard is a leading specialist in embedded security technology. We exist to empower professionals to manage their complex security challenges. Our experts and solutions enable our clients to probe, manage and enhance the security of the next wave of connected devices.

As a result, our clients de-risk their businesses and are far better prepared for facing future security challenges. At eShard, we continuously invest and innovate in the research of new attacks and tools to efficiently assess the vulnerabilities of embedded and mobile solutions. Therefore, today we are proud that our flagship platform, esDynamic, is adopted by leading embedded security companies, and that our automated mobile application scanning solution, esChecker, has been selected by a major payment scheme.

As Chief Business Officer, I lead global strategic development of eShard, especially in the vibrant and innovative Asian markets. My role is to create brand recognition in this complex ecosystem and build strategic partnerships with key stakeholders to support our fast growth.

Q: Can you highlight some examples on how you work with your clients?
eShard is a strategic partner of many leading organisations in the payment and defence industries. We are a recognised trusted advisor of these high-tech companies, and we offer our expertise and software platforms to improve the security design of their embedded solutions. Today, we also work with companies across multiple sectors, such as payTV, automotive and IoT where the output is an embedded, mobile or connected product, from consumer-facing to defence. Our goal is to ensure that our clients have the knowledge and tools to de-risk their businesses and build cybersecurity into all of their mobile and connected products. We are helping them in many ways, from examining their potential exposure to risk, to physically building their laboratories.

As a case study, we would like to highlight on our current work with several government agencies in Asia to build their laboratories. In the process of working with them, we know the needs and levels of expertise vary across these organisations, so we adapt our approach. We start off by assessing their objectives and knowledge level. The output of this is an efficient pathway guiding them to achieve their goals. Our experts provide a customised training program to transfer knowledge on cryptography and mobile security techniques to them. They acquire our esDynamic platform, and we then set work programmes to empower them to perform security analysis on their own, monitor results, create reports, learn new attacks techniques and share results across teams. They also access the learning modules from the platform, enabling their whole organisation to up-skill over time.

Q: We saw that eShard has worked with a number of partners, one of them being V-Key. What is eShard’s relationship with V-Key?
V-Key is a pioneer in software protection solution, and eShard is proud to be a trusted partner of such an innovative and successful company.

Our role in this partnership is to support them in strengthening their V-OS solution. eShard offers reverse-engineering expertise to perform due diligence on their software secure element protections. V-Key recognises eShard as one of the best mobile reverse-engineering company. Thanks to our partnership, V-Key learns from our comprehensive attack techniques and tools. We then empower them to further strengthen their solution by transferring specific parts of eShard’s expert know-how via our coaching program.

Q: What gaps do you see in the security of mobile and connected devices right now? How can these gaps be improved?
Security of mobile and connected devices require strong cryptography and software hardening implementations. Since these technologies are at the heart of all solutions to handle authentication, integrity and authorisation processes, the products must be built-in with the appropriate security measures to ensure strong confidentiality and integrity of the related secrets in the devices.

As technologies progress and get more complex, it is increasingly difficult to ensure solutions do not fall into security gaps. These gaps could be known vulnerabilities on the algorithms, or newly published attacks that professionals did not have time to research for.

We believe that companies need to have the right approach and the most efficient tools to address their challenges. To improve, step by step, security professionals must be empowered to make the right analyses of the threat of attacks, so that they can focus on the adequate design of the counter-measure and protections for their solutions.

To achieve this, they must approach security like how eShard does. They must use the right tool based on data science technologies. The right tool will enable them to be up-to-date with the latest attacks techniques, with well-explained, executable knowledge tutorials. It will further accelerate learning in their teams. They should record and store every test, enabling reviews and sharing across their teams. Finally, they have to be empowered to create their own attacks.

Q: What do you see happening for eShard in two years’ time?
Our vision is a world where security professionals can ensure every single connected device is designed with security solutions built-in. Since we are committed to developing powerful, usable, and innovative industry-leading tools that enable security professionals and experts to master their cyber connectivity challenges, we believe that in two years’ time, eShard will be an indispensable part of the cybersecurity ecosystem. We will be defining the cybersecurity space, and will be the source of the industry expertise in cryptography and mobile security. eShard’s esDynamic and esChecker solutions will be references in our industry.

Share on: