Every year, BPO Media sponsors the big annual get together of IT and security experts that is CompTIA’s ChannelCon, and every year I walk away with valuable insights and new connections that serve me well. This year was no exception; perhaps not surprisingly, the current dialog was very focused on the idea that the future, and even the present, hinges on data and security. Here is what some of the smartest people in the room had to say about those topics.
The future is security
In a session titled Cybersecurity 2020: Tech’s Roaring 20s or an Electronic Wasteland, security experts Lysa Myers, Charles Tholen and Ian Thornton-Trump addressed a packed room during one of the last sessions of the week. CompTIA’s own senior director technology analyst, Seth Robinson, joined the trio to discuss current advances in technology like IoT, automation and big data, and their relationship to cybersecurity now and in the future.
Myers said that today's threat landscape doesn’t look much different than it has in the past — a lot of old techniques, like DDoS attacks with botnets, are being reused in new ways. Meanwhile, developers are rushing their latest and greatest software to market, and sometimes that comes at the expense of security. “Security should be more proactive, especially because we’re getting into areas where there is physical risk,” said Myers, who is security researcher at ESET LLC. Security must be “baked in from the beginning, with privacy and security in mind,” she said.
Next, Tholen discussed which verticals will face the biggest challenges moving forward. Just as automation transformed the manufacturing industry, AI will do the same to the service sector in places like the healthcare, legal and finance verticals. But as technology evolves, it becomes more complicated. “An F-22 Raptor has 1.2 million lines of code in it. A Dreamliner has 6.8 million lines of code. An S-Class Mercedes has over 100 million lines of code — and that’s not even an autonomous car,” he said, noting that with more code comes more and more vulnerabilities that can be exploited, and that industries must weigh the ramifications of what could come from a security flub. Tholen thinks transportation and healthcare will have the most difficult journey, citing a few incidents, like when someone hacked a Jeep, or when they found fatal vulnerabilities in insulin pumps, as examples of the potentially disastrous results of insecure technology.
The conversation changed gears Thornton-Trump took the stage to speak about security and compliance. “I’m seeing a huge distance between actual effective security and being compliant,” he said. He noted that while many folks are in compliance with the standards governing their industries, they still end up as victims of theft or fraud. We are seeing a new wave of legislation to help address these problems; according to Thornton-Trump, all but two U.S. states have mandatory reporting requirements.
Compliance has not helped ensure a secure environment and can be a matter of victim punishment, according to Thornton-Trump. “You’re compliant until you're not, and then when you’re not compliant, your threat landscape is not just people in hoodies, but guys who show up in suits that want to see all the documentation about how you failed — it’s really an uncomfortable position to be in,” he said. Thornton-Trump also thinks we keep too much data, and holding onto it is only a liability; the pathway to compliance Mecca, he says, is through keeping only the data that you need.
Just as the session was wrapping up, Thornton-Trump proposed an interesting concept: test your employees. The head of security for ZoneFox told attendees to send their employees an email with a link, for example, to see who is adhering to company policy, and which workers might need more training.
Data, the other future
A day earlier I sat in on a session called Biggest Trends in Data: From the Stone Age to the Golden Age. Matt Laessig, COO and co-founder of data.world, kicked off the session with a poll, and the results were interesting. While 75 percent of the audience responded that making data-driven decisions is important to their organization, half of the respondents said they were “effective sometimes” when making them. Another 20 percent said they were not effective very often, or “we are atrocious.” “So I think you guys get the point, that there’s actually a big delta between the importance organizations place on data-driven decisions and their capabilities for enabling data-driven decisions,” said Laessig. And that’s where we are right now. We want to use data, but as Laessig put it, “we’re in the stone age of data”.
“There’s this tremendous problem in what’s known as the first mile of data work,” said Laessig. "There is an often-cited statistic: 80 percent of all time in data projects is spent in this first mile.” There is a lot to work to do in finding and understanding data before you can analyze and leverage data, he said, but once that is done you can get to “the fun part of data work, which is analytics,” and then eventually, building out applications to build models into something functional within your organization.
The future of data, however, looks very promising. Laessig hopped from how new workflow paradigms can use context, metadata and derivatives with data, and how linked data technology leverages networks to dovetail disparate data sources.
Laessig dedicated an entire slide that compared the value of data as a resource to that of oil. And if we take a breath, look around and take in all of the technology currently flooding every marketplace you can imagine, it’s a more than fair comparison. We’re on the launch pad right now, and the countdown has begun. We’re going to blast off, and data is driving the rocket into the stratosphere.
But we have to keep in mind that we need to harness this power in a way where it doesn’t blow up in our faces. Developers need to consider security when they are building their software. Industries need to see how new technology can fit into their business plan with respect to the ramifications of security failures.