Subscribe
Share
Share
Embed
HPE news. Tech insights. World-class innovations. We take you straight to the source — interviewing tech's foremost thought leaders and change-makers that are propelling businesses and industries forward.
Aubrey Lovell (00:09):
Hello and welcome back to Technology Now, a weekly show from Hewlett Packard Enterprise, where we take what's happening in the world and explore how it's changing the way organizations are using technology. We're your hosts, Aubrey Lovell.
Michael Bird (00:22):
And Michael Bird. So in this episode, we are looking at the dilemma being faced by organizations across the world when it comes to moving forward with innovations in technology whilst also being wary of cybersecurity issues. In fact, according to research by HPE Aruba Networking, just under 2/3 of IT leaders believe their companies are missing out for that very reason. We'll put a link to the research in the show notes so you can check out all the figures yourselves. And of the 2,100 IT leaders questioned for the survey, 91% also say they either simply consider emerging technology to be a danger or they've experienced breaches because of it. So with the rapid advancement in Gen AI and edge to cloud technology, how do organizations overcome these fears in order to keep up whilst also keeping safe?
Aubrey Lovell (01:17):
Well, if you are the kind of person who needs to know why, what's going on in the world matters to your organization, this podcast is for you. And if you haven't yet, and I'm assuming that you have because you love us, subscribe to your podcast app of choice so you don't miss out. All right, Michael, let's get into it.
(01:36):
All right. So according to data research source, Statista, global spending on digital transformation is set to reach $3.9 trillion by 2027. That's a lot. So to give some indication of the explosion in the sector, in 2017, it sat at a mere $0.9 trillion. So that's a predicted growth rate of $3 trillion in just a decade. But despite that rapid expansion, less than half of all IT leaders say their organization is innovative and even fewer describe it as secure. The good news is it's a challenge IT leaders are also increasingly taking on board despite those concerns over security. 89% of the people in charge of IT within organizations say they are investing in security service edge or similar edge to cloud security. And that's from the HPE report we talked about a moment ago.
Michael Bird (02:29):
So how can IT leaders be reassured that their organization's data will remain safe during their own transfer from edge to cloud? And with the growth of GenAI and the subsequent increase in cyber attacks, how can chief information security officers or CISOs approach the speed of this innovation from a security point of view.
Aubrey Lovell (02:48):
As HPE's chief security officer, that challenge of moving ahead with innovations in tech while also making sure security is a priority is something our guest, HPE's Chief Security Officer, Bobby Ford, knows all about. So Bobby, speaking as a CISO, what are the challenges when it comes to embracing innovation while also wearing your security hat?
Bobby Ford (03:10):
I have always seen innovation as a positive for security. And the reason why is because fundamentally, I believe that the role of security is to enable the organization to take risk. And so if you believe that that's the role of security, to enable the organization to take risk, then you sort of look for creative and innovative ways to do that. And had it not been for security, then a lot of the things that we see and we leverage... Take mobile banking for example, no one would actually do that if they weren't confident that it was secure. And so like I said, I sort of see it differently. I look at us as enablers of innovation rather than blockers or tacklers.
Michael Bird (03:57):
When there's an exciting new technology on the horizon, are your first thoughts, excitement or about the security challenges it'll bring?
Bobby Ford (04:05):
Yeah, I definitely think it's both. I try to be ambidextrous in my approach with most things. And even if we take it away from technology and we just look at any type of tool, because I think that ultimately that's all any technology is, it's a tool. And that tool can either be used for good or that tool could be used for bad. Here's an easy example. I remember there was a time when CISOs were discussing how we would block social media, and that's what we wanted to do. We wanted to block social media. There was no business justification for it. It was a place where malware was rampant. And so we wanted to block social media. And then what happened? The business saw that it could be exploited and used for legitimate business reasons. And so we had to make sure that we had the right controls in place in order to enable that.
(05:02):
And that's when we started talking about data classification and data governance. And so whenever there's an innovation or whenever there's a technology, I look at it like I look at all tools and I say, "Hey, there has to be some positives that we could use it for, but then we also have to be able to defend against it." And then the challenge for the security organization, and it's a challenge that I talk about with my team all the time, is to make sure that we're adopting and adapting to these innovations at a rate that's faster than our adversaries or those that would do us harm.
Aubrey Lovell (05:41):
So how do you approach the speed of tech advancement from a security perspective, especially with the explosion of GenAI and edge computing?
Bobby Ford (05:49):
Well, the first thing that I do is I make sure that we're looking at it and considering it long before the business is. And so as a result, you have to stay tuned in, you have to stay plugged in, and you just have to stay connected. And once you do that, and you have to make sure that the organization is staying tuned in, that the organization is staying connected and that they're sort of looking out on the horizon. Now there will be instances where the business or the adversary will go much faster than security. And when that happens, you would've had to do the work in advance of that, of making sure that you've prioritized the data that you've prioritized, whatever platforms that you've prioritized, whatever systems that are necessary to be protected regardless of the innovations. And ultimately, I think that's what my answer to the question is, Aubrey, that it all starts with prioritization.
Michael Bird (06:47):
So do you think that organizations are generally nervous about innovation because they worry about security and are those fears well-founded?
Bobby Ford (06:57):
I think they're definitely concerned about security, but based on the conversations that I've been having, I think that they're more excited than they are concerned about security. And that's where... As security professionals, that's what we want. We want them to be excited. We never want to see ourselves as stifling innovation. And so if you're a good security partner, you make sure you do that. You have to put the right... And you'll hear this, it sounds so cliche, but it's true. You have to make sure you put the right guardrails in place to protect the organization. And that, to me, starts with prioritization. Hey, have we identified what are the most critical business processes? And then put the right controls in place around that. And these are the non-negotiable processes. These are the non-negotiable applications. Everything else we can sort of play with, but these are the non-negotiables. And then there are processes in place to sort of get exceptions for that. But hopefully most don't see security as a stifler of innovation, but rather see it as an enabler of innovation.
Aubrey Lovell (07:58):
So Bobby, as edge to cloud technology advances, how do you reassure users that the data journey is safe?
Bobby Ford (08:05):
One of the things that we did not last year, but the year before is we developed the GreenLake shared security responsibility model. And in that model, what we laid out is, hey, depending on the cloud provider you choose, or depending on the service provider you choose or hardware provider infrastructure, you have to recognize that security is a shared responsibility. And as we become stickier in our relationships, whether that's because we're operating in this edge to cloud-like environment, or we're operating in which most organizations are, this hybrid world that you can't rely solely upon your organization and you can't rely solely upon the partners that you engage with. But that what's the workload that I'm moving? What's the work that's being done? Where is my data housed recognizing that I have to go through some sort of asset management, asset inventory? I have to do data management, data inventory and then workload management, workload inventory. And then once I understand that understanding, where do my responsibility stop? And then where do the third parties begin?
Aubrey Lovell (09:15):
Okay. Thank you so much, Bobby. We'll be back with Bobby Ford to talk about the balance of innovation and security in just a moment. So don't go anywhere. All right. It's our favorite time of the day. It's time for Today I Learned, the part of the show where we take a look at something happening in the world we think you should know about. And Michael, I believe that you have one of my favorite topics on deck for today.
Michael Bird (09:39):
Yep. Because I know that you love a space story, Aubrey, even when it's one close to home. So here we go. The crew of a NASA mission to Mars have emerged from their craft after a year long voyage that never left the surface of the earth. How does that work? Well, the four volunteer crew entered NASA's first simulated Mars environment, a specifically 3D printed enclosure at Johnson Space Center in Houston on the 25th of June, 2023, as the first run of the agency's crew health and performance exploration analog project. The crew lived wholly unsupported in the 1,700 square feet or 157 square meters habitat to simulate a mission to the red planet.
(10:29):
Conducting simulated Mars walks outside the environment, growing their own food and repairing their own equipment. The mission was kept as realistic as possible, including limited resources and a communications lag of over 22 minutes with the outside world. The mission was the first of three planned experiments to gather data on the psychological and physical realities of living and working in confined spaces under stress for long periods of time. The hope, obviously, is that when the day comes for the real thing, we will be ready. How cool is that, Aubrey?
Aubrey Lovell (11:06):
That is just absolutely fascinating.
Michael Bird (11:09):
Isn't it?
Aubrey Lovell (11:09):
It's just crazy the things that we can do. Even on earth, right? You don't have to be in orbit to accomplish that.
Michael Bird (11:14):
Exactly.
Aubrey Lovell (11:14):
Pretty cool.
Michael Bird (11:15):
Exactly
Aubrey Lovell (11:16):
What a great story and very fitting, given how this episode is all about tech innovation.
Michael Bird (11:24):
Absolutely. Right now it's time to return to our guest, Bobby Ford, to talk about how organizations can use innovative technology whilst also staying cyber secure. So Bobby, can you just talk to us about security versus risk management? What's your personal balance here?
Bobby Ford (11:40):
There's no such thing as absolute security in a business environment. I can say, something my barber told me yesterday, now this is a guy who's been a barber his entire life, and he said that he shares with his children the only way to stay safe online is to not go online. I'm like, "That's a great point because you can never be absolutely all the way safe online." There's risk involved. So there's always risk involved. And our job as cyber professionals is to make sure that we've deployed controls to help manage that risk. Let's say I invited you into a conference room and I said, "Hey, you need to secure this room." The first thing you would do is you would kick everyone out of the room. You would shutter all the blinds. You would lock all the doors, and then you'd say, "The room is now secure."
(12:27):
However, the room wasn't put there to be secure. The room was put there to be used. There has to be a functional purpose to the room. Now, if I invited you into that same room and I said, "Identify the most significant risk in this room," you may say, "I don't know who everyone is in the room, so I'm going to do an inventory, and everyone has to sign in." Once everyone signs in, you can say, "Okay, now I understand who's in the room." You can start looking for who's the most threatening individual in the room, or who has the high risk background. You may then say, "Hey, there are no locks on the doors, and at some point we may need to actually lock the door because there are confidential conversations happening in the room."
(13:06):
So then you deploy some locks and you methodically walk through this process of identifying what's the most significant risk and then deploying controls to manage that risk. That to me, is the difference between risk management and security. And it's one of the reasons why we changed our name here in HPE and we're now cybersecurity and digital risk management, and not just the global security organization because we were fundamentally shifting and recognizing that there's a huge difference between risk management and security, and that our business is the business of risk management... Technology risk management to be specific.
Aubrey Lovell (13:49):
So what are the most important tools for an organization or a leader in an organization to stay ahead of when it comes to cybersecurity?
Bobby Ford (13:57):
I don't necessarily know if it's a tool as much as its processes. And I'll try to answer the question both ways. Okay. So first off, I think that you have to identify... To me, it all starts with people, process, technology. I start with the people. Make sure that you have the right people in place. Make sure that you have a robust and a sound and a mature workforce. So start with the people. Then next into the processes. Again, I can't emphasize enough, you have to make sure that you have a process in place to identify what's most critical to the organization. What's most critical to the organization. And once you've identified what's most critical to the organization and you've developed that process, then you make sure that you put the right tools, right technologies in place to protect it. And on the tool side, I think it's less about leveraging separate security and leveraging secure technologies that have security features enabled.
Aubrey Lovell (14:57):
Thanks so much, Bobby. This has been a really interesting and insightful conversation, and you can find more on the topics discussed in today's episode in the show notes. Okay. So we're heading towards the end of the show, which means it's time for This Week in History, a look at monumental events in the world of business and technology, which has changed our lives. Michael, what do we have?
Michael Bird (15:21):
Well, the clue last week was it's 1963, stay right there. Aubrey, I didn't get it. Did you get it?
Aubrey Lovell (15:30):
I didn't have a clue.
Michael Bird (15:32):
No, no. Well, it was of course the launch of the first ever geosynchronous satellite, Syncom 2. So for those who get their orbits confused, geosynchronous orbit is one with an orbital period that matches the Earth's rotation on its axis. So that's 23 hours, 56 minutes and 4 seconds to the exact. That means it'll appear at the same spot in the sky at the same time every day. The satellite was an early showcase for telecoms fire space and featured the ability to relay phone calls, faxes, and even low quality video. In August, 1963, Syncom 2 hosted the first satellite phone call between John F. Kennedy and the Prime Minister of Nigeria, ushering a new world of high speed global communication, which is pretty awesome. Aubrey, I wonder if you and I are talking over satellite.
Aubrey Lovell (16:25):
We could be.
Michael Bird (16:26):
Although it probably is. It's probably undersea cables, isn't it?
Aubrey Lovell (16:29):
I don't know, actually. I've never really thought about that, but I'm sure that it is.
Michael Bird (16:33):
Just for listeners, we're on either side of the Atlantic. Aubrey's in Florida, I'm just outside of London in the UK, so who knows? It probably is undersea cables. But either way, it's pretty cool, isn't it?
Aubrey Lovell (16:43):
It is. And pretty historical when you think about it in terms of how we've advanced our technology and how we communicate so seamlessly in real time across the world. So it's pretty cool. And next week, the clue is it's 1774, and you'll be breathing easy after this discovery. Have any idea?
Michael Bird (17:05):
No. No. I mean, all the things that I thought of wouldn't be 1774. Those inventions would be much far newer, so not a clue.
Aubrey Lovell (17:12):
Yeah, that's pretty far back, huh?
Michael Bird (17:14):
1774. No, not a clue.
Aubrey Lovell (17:15):
Me neither.
Michael Bird (17:16):
I have to tune in next week to find out, won't I?
Aubrey Lovell (17:18):
Exactly. Yeah. I'm not picturing anything for that time period, but we'll see what it is next week. And that brings us to the end of Technology Now for this week, thank you to our guest, Bobby Ford, HPE's Chief Security Officer. And to you, our listeners, we really do appreciate you guys. Thank you so much for joining us.
Michael Bird (17:34):
Technology Now is hosted by Aubrey Lovell and myself, Michael Bird. And this episode was produced by Sam Datta-Paulin and Al Booth with production support from Harry Morton, Zoe Anderson, Alicia Kempson, Alison Paisley, Alyssa Mitri, Camilla Patel, and Chloe Suewell.
Aubrey Lovell (17:48):
Our social editorial team is Rebecca Wissinger, Judy Ann Goldman, Katie Guarino, and our social media designers are Alejandra Garcia, Carlos Alberto Suarez, and Anbar Maldonado.
Michael Bird (17:59):
Technology Now is a Lower Street production for Hewlett Packard Enterprise, and we'll see you at the same time, same place next week. Cheers.