5 Minutes With Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

5 Minutes With

5 Minutes With… PortSys CEO Michael Oldham

960 640 Stuart O'Brien

For the latest instalment of our cybersecurity executive interview series we spoke to Michael Oldham, CEO of PortSys, where he works on access control solutions across many industries, including finance, government, defense, utilities, healthcare, education, non-governmental organizations (NGOs), construction, retail, and other market segments where secure access to enterprise information is vital

Tell us about your company, products and services.

PortSys is a global Zero Trust Access Control company.  Total Access Control (TAC), our Zero Trust solution, allows organizations to consolidate their access infrastructure, make it easier for their end users, dramatically improve security, reduce costs, and empower their businesses.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Complexity, complacency and lack of funding. Over the years we’ve tackled security challenges in the same ways over and over again: a problem comes up, some smart people create a solution for that problem, and we implement it in our datacenters.  Recently these issues have exploded with cloud-based offerings of IaaS, PaaS, SaaS – Everything as a Service, essentially. And we just can’t keep up on the security front.

Complexity hasn’t been any one person’s or team’s fault; but over the last three or four decades we created a Frankenstructure – an incredibly complex infrastructure monster that we have lost control of. The more technologies we bring in, the more prohibitively expensive it gets to own them and keep them up to date. Too many products from too many different vendors, all of which don’t work together, creates a massive amount of security chaos across the enterprise, giving hackers too many cracks in your armor to exploit.

In addition, it’s not a matter of if you get hacked – it’s a matter of when. That’s why being complacent, staying with what you already have while hackers continue to evolve their tactics, is a recipe for failure. Most organizations still rely on a castle-and-moat defense, an outdated approach that wasn’t designed to protect us in today’s perimeterless world.

When hackers breach a perimeter (and don’t fool yourself, they will), it’s game over. Once inside, they can pivot and attack – stealing data, compromising accounts, installing ransomware, or just laying in wait for the right time to spring into action. Most organizations don’t see it coming.

It’s not solely the fault of IT – long-term, short-sighted budget neglect by the C-suite is often at the root of these security lapses. It’s hard to pivot from what we’ve done in the past to what we need to do for future threats without adequate financial resources. Yet IT security is still often seen as a cost center. We need to become more than just a line-item expense to successfully protect – and grow – our organizations.

And what have been the biggest opportunities?

We can have a direct impact on how our organizations operate and create a competitive advantage as well. IT security was always a boat anchor that dragged down innovation, particularly around mobility. Today we have technologies that make accessing information  – from anywhere, on any device – easier and far more secure than ever. So employees, suppliers, business partners and volunteers can be more productive than ever.

The emergence of these relatively recent innovations accelerated as practically the entire world migrated to a remote work environment during the pandemic. These security technologies possess an often hidden – or at least little understood – superpower when it comes to digital transformation. With certain solutions, using Zero Trust principles of security, we can now gain a seat at the table when the big strategic decisions are being made: we can actually empower new strategies that ensure the long-term success of our organizations by improving productivity and protecting access to the crown jewels more securely than ever.

What is the biggest priority for the IT security industry in 2022?

Cleaning up the mess of the past three or four decades. There must be a strategic imperative to consolidate the dizzying array of technologies out there, shrink our attack surface, and empower the business for the long haul. With Zero Trust, we now have the right security approach not only to protect our organizations in today’s perimeterless world, but also to reduce costs and grow the business.

What are the main trends you are expecting to see in the market in 2022?

First, reduce supply chain risks. The Solar Winds attack placed a harsh spotlight on the inadequate controls that are in place across our technology supply chain.

Supply chain attacks are just another method the opportunistic hackers have launched, just another way to get inside our infrastructure where protections are few or non-existent. Once inside, they will wreak havoc, so it is critically important to stop their ability to access our resources and applications, and to create segmentation within our infrastructure to prevent any lateral movement.

The other trend will be to reduce the complexity of our security infrastructure. We have to more robustly secure our proprietary information and resources, and yet be nimble in doing so. Zero Trust has been talked about for years, but confusion about what it actually is and a lack of understanding, caused by overhyped marketing, slowed adoption. That marketing haze is starting to lift as organizations gain a better understanding of how a technology like Zero Trust Access Control helps ensure long-term success.

In 2025 we’ll all be talking about…?

The risks associated with multi-tenant cloud environments. It was inevitable that we would see a breach of a major cloud service that would impact many customers in a single attack, even in the security realm. The recent breaches in Okta and Microsoft cloud services are evidence of that. But  while significant, these breaches will not be the last. Over the next few years we will see more of these and IT security will rise in importance on the list of priorities by affected and concerned customers of these large multi-tenant providers. These services are incredibly tempting to criminal elements because organizations have started to put all their security assets into one cloud basket. Just imagine if they are able to get valid credentials and a convenient sign-in method to thousands of organizations, how much would that be worth? It’s too tempting of a target and it will be exploited in both the cyber and physical worlds.

What’s the most surprising thing you’ve learnt about the IT security sector?

How at risk most organizations are, and how many people just don’t see or  acknowledge and address those risks. They are too focused on the details to see the bigger picture.  They are too focused on just trying to keep up with all the security products they already have in place. They don’t have time to think outside of the box they’ve created.

What’s the most exciting thing about your job?

It’s different every day. I love talking with customers about how our technology improved their business. There are so many unique digital ecosystems out there that every day we learn of another way that we help organizations to stay more secure and more productive.

And what’s the most challenging?

Rising above the noise in the market. There are so many different marketing messages related to Zero Trust that it’s human nature to just tune everyone out. That’s why it’s so important to engage with folks on the front lines and at the decision-making level to make sure they understand which approach works best for their unique needs.

What’s the best piece of advice you’ve ever been given?

Never cheat on your taxes and always watch the money!

Succession or Stranger Things?

Stranger Things for sure! It’s more fun for me to see a bunch of people working together to fight unexpected challenges than to watch a group of people fighting with each other for their own benefit.

5 Minutes With… HANDD Business Solutions’ Sam Malkin

480 320 Stuart O'Brien

In the latest instalment of our IT security industry executive interview series we spoke to Sam Malkin (pictured, right), Lead Solutions Architect at HANDD Business Solutions, about the company, the security challenges presented by the shift to home working, the opportunities it also creates and the potential of Gaia-X…

Tell us about your company, products and services.

HANDD Business Solutions, a data-centric cyber security service partner. Headquatered in the UK providing services globally to protect and manage data throughout it’s lifecycle, At-Rest, In-Transit, In-Use and when it’s created.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Without a doubt the obvious challenge is the shift to remote and hybrid working. Many different areas arise because of this, securing BYOD, understanding privilege access, accelerated cloud adoption, data proliferation. The list is enormous, many organisations were forced to adopt new technologies to protect the health of their workforce. This meant forgoing the usual processes around procurement, security, privacy etc just in order to keep the lights on. We also saw Brexit and things like the Schrems II which always keeps us on our toes.

And what have been the biggest opportunities?

Ironically enough the shift to remote and hybrid working. New technology adoption and moves into as-a-Service type models give lots of flexibility and quite often cost savings. People can realise opex-v-capex models. Luckily for us regardless of the location data needs managing and securing.

What is the biggest priority for the IT security industry in 2021?

Unfortanately I think it’s probably still going to be around remote working and transitioning back into the office. Safe collaboration platforms and things like CASB, Zero Trust Networks and Identity management platforms for me. VDI vendors are probably going to do alright again.

What are the main trends you are expecting to see in the market in 2022?

I’m expecting new legislation across the world around data privacy, data residency etc. Insider threat and accidental data loss safeguarding will no doubt feature as folk continue to resist going back to the traditional workplace. I’d love to see some organisations develop a dedicated privacy function within their organisation, taking data privacy seriously and running it alongside a traditional SoC.

What technology is going to have the biggest impact on the market this coming year?

Edge Computing is something I’m very intriqued by. I’m looking forward to seeing how enterprises can adopt this and the challenges in securing that. I’m also hearing lots of good things from analysts about Privalege Access Management. With administrators being outside the office understanding what and who are making changes is going to be crucial.

In 2025 we’ll all be talking about…?

Gaia-X hopefully – it aims to create a federated open data infrastructure based on European values regarding data and cloud sovereignty. https://www.gaia-x.eu/

Which person in, or associated with, the IT security industry would you most like to meet?

Linus Torvalds.

What’s the most surprising thing you’ve learnt about the IT security sector?

I’m often surprised by the lack of security in some organisations. And where those organisations prioritise spending.

You go to the bar at the Security IT Summit – what’s your tipple of choice?

An IPA, the quirkier the better. I’ve been referred to as a “craft beer snob” on more than one occasion!

What’s the most exciting thing about your job?

Without a doubt meeting customers, understanding how they’re using the technology and ultimately solving their problems. Pre-pandemic, actually visting a customer site always gave me a buzz, shaking hands and having a coffee whilst talking data security. Perhaps that makes me a little sad?

And what’s the most challenging?    

No customer environment is the same. We’re fortunate enough to work with very flexible software which means I’m often trying to swot up on something to integrate with. It means I never stop learning though which is something I also get a buzz about. Particularly if it means doing some engineering in a lab or testbed. 

What’s the best piece of advice you’ve ever been given?

No one ever got fired for being early.

Succession or Stranger Things?

I had to Google this to work out what I was being asked, so neither. We do watch a lot of Paw Patrol and Cricket in my house!

5 Minutes With… Tenfold Security’s Helmut Semmelmayer

960 640 Stuart O'Brien

Helmut Semmelmayer currently heads channel sales at the software company tenfold software. Having worked on countless customer projects, he has extensive knowledge of the challenges that organizations face when it comes to protecting data from unauthorized access. His goal is to educate businesses and build awareness for current and future access-based attack patterns…

Tell us about your company, products and services

tenfold Software is a pioneer in the identity access management market by catering specifically to midmarket businesses. Our IAM solution provides a wide range of tools and out-of-the-box plugins at a fraction of the cost or complexity of enterprise IAM suites. By focusing on the features that mid-sized organizations actually need, we are able to offer a fast setup, intuitive interface and easy-to-use automation options. 1,000 satisfied clients and counting show that businesses want solutions that fit their scope and needs.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The COVID-19 crisis forced companies to adapt and either implement or radically scale up remote work. Employees needed additional equipment, schedules had to be adjusted, VPNs had to be set up, etc.

Obviously, business continuity was the first priority for organizations adjusting to the new normal. However, this meant that IT security concerns were often lost in the shuffle. For example: With many employees being furloughed or working reduced hours, the remaining staff members needed additional access rights to cover for their colleagues. Companies did not stop to think about how to assign these permissions correctly or ensure they are revoked later on.

And what have been the biggest opportunities?

Every crisis is also an opportunity, in this case by massively speeding up the digital transformation of our economy. By adopting remote work solutions, businesses are able to offer flexible hours and bring in new talent, both locally and from around the globe. Collaborating across vast distances is the future of work and will play a crucial part in solving the global challenges of the future.

What technology is going to have the biggest impact on the market this coming year?

It’s clear that traditional IT security approaches are no longer enough to protect companies from increasingly sophisticated targeted attacks, from complex social engineering campaigns to dedicated malware and ransomware attacks.

With cybercrime on the rise, zero trust architecture is becoming more important than ever. It also marks a key shift from securing the network perimeter to securing user identities. The default tools available in Microsoft are not up to the task, so more and more businesses are looking for ways to manage users and permissions in complex hybrid and cloud environments.

In 2025 we’ll all be talking about…?

Let me put it like this: If I look back five years and think about what we were working on back then, it’s clear that the present is completely different from any prediction I would have made at the time. By that logic, any prediction I could make about 2025 is going to fall short of the massive changes we are likely to see in that timeframe.

That being said, the pace of new developments in IT security has been increasing for decades and I’m certain that trend will hold for the next five years and beyond. The arms race between bad actors and cybersecurity firms will continue. Keeping companies and public institutions safe from new modes of attack will require research, monitoring and dedicated new technologies. 

What’s the most surprising thing you’ve learnt about the IT security sector?

One thing that continues to shock me is the lack of awareness for IT security, even in large companies. Security by design should be the general approach, but in reality, it tends to be an afterthought or ignored completely, even as digital threats become more and more dangerous. Recent examples like the Colonial Pipeline hack show that cyberattacks affect more than just computers; they affect the physical world and can have a massive impact on society. As IT security professionals, it’s our job to not just offer solutions, but also educate the public on the importance of cybersecurity.

What’s the most exciting thing about your job?

I work in an industry that is constantly changing and adapting to new problems and threats. It’s a very exciting and dynamic environment. As recent attacks and new cybersecurity laws show, the question of how to protect IT infrastructure is becoming increasingly mainstream. Helping organizations navigate these challenges and providing them with the right tools to manage these threats is incredibly rewarding.

What’s the best piece of advice you’ve ever been given?

When I first started in the industry, I was trying to read up on a broad range of topics that touched on our field of work. I quickly realized that this strategy doesn’t work in an industry as highly specialized as tech. My mentor opened my eyes to the fact that I had to choose certain topics to focus on and leave the rest to someone else. I still follow this approach in my current role at tenfold by focusing the organization entirely on IAM for midmarket businesses.

5 Minutes With… Veriato’s Chris Gilkes

960 640 Stuart O'Brien

In the latest instalment of our IT security industry executive interview series we spoke to Chris Gilkes (pictured), Director EMEA at Veriato, about the company and its solutions, key challenges posed by a remote workforce, the importance of innovation and why you should never stop listening to customers…

Tell us about your company, products and services.

Veriato was founded as a software company in Florida in 1998. We have roughly 40,000 customers in over 100 countries worldwide. Our primary focus is Insider Threat Detection, Employee Monitoring and compliance solutions.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The new remote world has ushered in new security problems, with teams across the globe scrambling to find solutions that extend the corporate security framework beyond just the office. A key success factor in going remote is maintaining visibility into your workforce. 

Often, visibility is achieved by extracting information from disparate data sources like network and log data in the hopes of compiling a digital landscape of your remote workforce. The problem with many of these solutions is that they don’t offer granular visibility into the endpoint and Network analysis is not enough. This is where our flagship product, Cerebral can help.

How does Veriato help companies adapt to the new challenges inherent with a remote workforce? 

From a security perspective, Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring, and recording all user activity. Veriato proactively watches for signs of insider threat. The platform will send immediate alerts as well as provide risk scoring for the entire workforce. Because Veriato I son the endpoint and is not network-dependent it maintains visibility, and records all actions, to maintain compliance standards. Additionally, it can provide productivity reporting critical for managing remote employees.

What is the biggest priority for the IT security industry in 2021?

Maintaining corporate security, productivity and compliance while workers are remote.

What are the main trends you are expecting to see in the market in 2021?

Companies will continue a hybrid work model and continue to scale down their physical operations leading to a higher reliance on monitoring and analytics technology like Veriato.

What technology is going to have the biggest impact on the market this coming year?

Any type of technology that improves how employees work remotely.

Which person in, or associated with, the IT security industry would you most like to meet?

Brian Krebs, I’ve heard him speak at multiple events and he’s an interesting person with a great perspective on IT security.

What’s the most surprising thing you’ve learned about the IT security sector?

That the average number of tools an IT Security teams uses is 75, that’s absurd.

What’s the best piece of advice you’ve ever been given?

Never stop innovating and listen to your customers.

5 Minutes With… James Hart, Business Critical Solutions

960 640 Stuart O'Brien

For the latest instalment of our IT executive interview series we sat down with Business Critical Solutions CEO Jim Hart to talk about his company, industry issues, opportunities and what Peaky Blinders means to the Black Country…

Tell us about your company, products and services

Privately owned, BCS is the only company in the world that is dedicated to optimising digital infrastructure across the globe for our clients. We offer consultancy services, including project management, cost & commercial management and business strategy, across the development, implementation and operation of the IT asset lifecycle and have delivered 1,500mW of IT load of mission critical data centre space in every continent. Our 100% record of repeat business is testament to the quality of our solutions and we nurture the strength and longevity of our client relationships.

What have been the biggest challenges the industry has faced over the past 12 months?

Our recent European wide survey highlighted concerns that a shortage of sufficiently qualified professionals at the design and build stages will cause a bottle neck, with 64% of data centre users and experts believing there is a lack of skilled design and delivery resource.

And what have been the biggest opportunities?

As we see the greater adoption of the Edge there will be deployments of much smaller facilities on a multiple scale. We see that as a real opportunity as it is about managing an ongoing and overarching programme rather than a single project. While the hyperscalers will still be there, we believe this change will start to redefine a data centre going forward. The edge of the network will continue to be at the epicentre of innovation in the data centre space and we are seeing a strong increase in the number of clients coming to us for help with the development of their edge strategy and rollouts. 

What is the biggest priority for the industry in 2020?

The industry will continue to come under pressure from a resource perspective, there is a real lack of new talent coming to the market. We’ve got to start training and become ambassadors for the industry by going in to universities and telling STEM graduates about the data centre industry and how great it is – it’s an exciting place to be and we have to get out there and spread the word. Going into 2020, this issue will become more acute.

What are the main trends you are expecting to see in the market in 2020?

Into 2020 we expect distributed cloud infrastructure to drive edge computing. Allied to the advent of 5G, Edge will start to gain real traction as organisations require near-instant access to data and computing power to serve their customers, and they are increasingly looking to edge computing to provide a suitable infrastructure.

What technology is going to have the biggest impact on the market next year?

The adoption of serverless computing. Serverless computing is predicted to be one of the biggest developments in the cloud space, however, the serverless transition would require a strategic approach. Moving to serverless infrastructure requires an overhaul of traditional development and production paradigm, meaning outsourcing the entire infrastructure to the cloud

In 2023 we’ll all be talking about…?

We will be talking about high-speed mobile internet, artificial intelligence, big data analytics, and cloud technology which are set to spearhead companies’ adoption of new technologies and they will look to machine learning and augmented and virtual reality for considerable business investment.

Which person in, or associated with, the industry would you most like to meet?

The person at CERN who one day thought ‘we haven’t got enough compute power, I know, let’s ask the world if we can borrow their unused processing capacity’, along with downloadable books, one of the first examples of an embryonic cloud.

What’s the most surprising thing you’ve learnt about the sector?

When I first entered the sector, certainly for the first 15 years, it was very conservative with the rate of change very slow. The rate of change over the last 5 years or so has increased exponentially and what is sure one day is no more the day after. 

You go to the bar at the Security IT Summit – what’s your tipple of choice?

A cold pint.

What’s the most exciting thing about your job?

Being at the forefront of change and forging trends.

And what’s the most challenging?

Change.

What’s the best piece of advice you’ve ever been given?

A quote from Ghandi which was along the lines of ‘live as if you were to die tomorrow. Learn as if you were to live forever.’

Peaky Blinders or Stranger Things?

Peaky Blinders, you can’t beat a bit of stylised gangsterism from the black country!