Saturday, July 1, 2017

A Talk on the topic: Security 2.0-Safeguarding the Digital Frontier


I was recently at Zinnov Confluence 2017 and got to present an opening note on the topic- Security 2.0- Safeguarding the Digital Frontier. For the benefits of the readers, I am trying to recreate my speech as much as I can in the below here. Will be sharing the slide-deck shortly.

The Inevitable Future:
Not so long ago, I was reading this intriguing book by the name- The Inevitable. Written ably by a futurist named- Kevin Kelly, this book gives glorious insights into technological forces that will shape our future.
We are approaching an interesting world. The reason I call it interesting is because as much as AI powered automation (also known as automation on steroids) is going to impact a myriad of jobs as we know them, there are lot of new, unthinkable jobs that would emerge. Being a Futurist is one such job that I am fascinated with. I do believe all of us have a hidden futurist in us that in our own ways helps us makes sense of how upcoming events of the future would impact us. If we wear that futurist hat for a moment, I don’t think it will take long for us to come to a conclusion that the world- for both consumers and enterprises alike- is headed towards a massive digital disruption.
Technology was, is and has always been and will be humanity’s accelerant, a driving force that has been instrumental in taking the humanity from one level to the next.  Kevin Kelly says in his book- “We are moving away from the world of fixed nouns and towards a world of fluid verbs. In the next 30 years we will continue to take solid things- an automobile for instance and turn them into intangible verbs. Products will become services and processes. Embedded with high doses of technology, an automobile becomes a transportation service.”

Cloud Powers the World:
When you think of broad range of technologies that came to power the world in the last 10-15 years,
one that has emerged as absolute no. 1 enabler- without a doubt is cloud. Think about mobility, big data analytics, artificial intelligence, internet of things- none of them could have attained the kind of maturity they had now, had it not been for the cloud. The cloud from being just the tool to cut cost became an amazing enabler for everything else that’s happening in the world of technology, in the world of work around us.


The World is Under Severe Attack:
While the world is amazingly being powered by cloud and the up-and-coming technologies, we should also remember that there is always a flip side to any technological advancement. And one of the threats that I bring forward here is that the world is also under severe virtual attack.

If you’re familiar with any of these terms, then congratulations — and welcome to the new normal of cybersecurity.

If I request you to put your futurist hat for one more time and ask you to predict the future of cyber-security, it is actually not as hard as some of you are thinking it to be. The future of cyber-security is that- there will be a next attack soon. There is a hacker waiting to exploit the vulnerabilities in your systems, trying to steal the data, trying to attack our systems.
There are several considerations that go into designing the security models for the future than only dealing with the innovativeness of the security attacks being unleashed. I would like to talk about a couple of aspects-

The Weakest link in the Chain:
Citrix recently did a study with the Ponemon Institute and there were some interesting findings from the survey.  One part of study suggested that today’s workforce really comprises of three different generations. Nearly 50% of people participating in the world economy are the Digital natives i.e. the people who were born with technology, the people who doesn’t know how the world looked like without technology. The rest of workforce comprises of Gen-Xers (born 1965-1980) and Baby Boomers (both 1946-1964).
But why is the discussion of generational differences important in the context of Cyber-Security ? As our study suggested, it turns out, it is quite important. As Christian Reilly says here-

Any technology-based solution is only as strong as its weakest link; it’s last line of defense, and, in case after case, we learn that the source of the introduction of malware and ransomware has been as a result of the intervention of one or more end-users. Perhaps they clicked a malicious link in an email. Perhaps they opened a malicious attachment.

Each generation of workforce has different views on information sharing, collaboration, technology, and the role security plays in each. The global study shows that each generation is also susceptible to different kinds of security vulnerabilities:
55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk of circumventing IT security policies and using unapproved apps in the workplace.
33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams.
32% said Gen-Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.
The security models of the future would be successful only if among other considerations they also take into account the generational differences at workforce.

Tightening Regulations:
Another aspect that I wanted to briefly touch upon was the effect current regulations are bringing forward.  By this time next year, General Data Protection Regulation (GDPR), would have come into effect for all the companies dealing with data of EU customers. In the past, many of privacy regulations were toothless – and for many companies it was easier to pay tens of thousands in fines, rather than investing millions to fix the problem. That’s not the case with GDPR. The fine can be up to EUR €20 million OR 4% of the worldwide (!) revenue (not profit!) of the company. As Martin Zugec said here-
We are used to saying that IT solutions can be cheap, developed fast or designed to be secure – and you can choose any two of those. With GDPR, secure is a mandatory requirement for any IT solution that contains data about individuals. Security is no longer an ad hoc process, it needs to become our new lifestyle.

Old Security Perimeters Doesn't Help The New World of Work:
How do Enterprises deal with such diversity of users, tightened regulations and the ever-increasing innovativeness of the attacks.

In the Enterprise context, We are an intersection of users and applications.
The current context of work has changed a lot. People are no longer using only the IT managed apps but are bringing any web-based, cloud-based, mobility app. Not only that, people are not  just working  within the organization boundaries but are working at any place of their choice, roaming, on any device, using OS of their choice. As we often say in Citrix-

“Work is not a place. Work is an activity you do at a place you find inspiration.”

Older IT enterprise architectures were designed more keeping in the principles of Inaccessibility and Invisibility i.e. any intruder outside the boundaries of the organization cannot access the details of network infrastructure, not could it access any data and applications. This physical perimeter built by the traditional IT worked reasonably worked in the world of past where application and employee location were a constant. But in today’s world when the application, location and work context is no longer static, the perimeter of past is longer sufficient. Current enterprises need a better, strong, secure and flexible perimeter. So, what’s the solution ?

Citrix Secure Digital Workspace:
This is where Citrix comes in, really helping the organizations tame that complexity and pulling it together in a way by creating this new software defined perimeter but also enabling this easy access for people wherever they are around the world, whatever device they come in, to give them contextual access to technology whether it is the cloud technology coming from one of many clouds, whether it is traditional on-prem technology or whether it is a mobile technology, they need to access it all in a simple contextual way and that is precisely what we do and on the IT side really need to manage all these devices, they really need to control the policy for access.

Very recently we introduced, Citrix Secure DigitalWorkspace- effectively taking up this amazing foundation that we laid down with Xen family of products, with Netscaler, with Sharefile and enabling this future of work- powered by Citrix Cloud driven by Artificial Intelligence.

Welcome to the Future of Work, Powered by Citrix! 


Credits and Inspiration:
https://www.citrix.com/blogs/2017/06/08/you-cant-touch-this/
https://www.citrix.com/blogs/2017/06/08/welcome-to-the-future-of-work/