"In this issue of “The 10 Most Trusted Companies in
Enterprise Security” Insights Success has shortlisted
those enterprise security providers which are providing
solutions that are systematically profile and
contextualize security threats with a level of detail and
granularity that has never been achieved before."
The 10 most trusted companies in enterprise security 2019
1. +
Seok-woo Lee
Founder & CEO
Future-Bots
Catching-up With The
Robotics For Better Future
Data Center Security:
Controlling Possible Threats
Digital Revolution
Volume 11 | Issue 07 | 2019
Ready to Open a New Era of Total Connected Car
Security Solutions with AUTOCRYPT
Penta Security
Systems
10
The
Most
Trusted
Companies in
Enterprise
Security,2019
2.
3.
4. Changing Aspects
of Security
ecurity is what we need to protect ourselves, our
Sprivacy and personal belongings from an unknown
threat. It is all we know in general sense but why a
company needs security and what security concerns it has?
These days, from an enterprise’s perspective, security is a
broad and very challenging issue. Whether, it is physical
security or a data security, breach in any of two can lead a
company into vulnerability.
So how the enterprise security services are helping
organizations with security breach and why it is necessary
to consult with them? Today all the organizations are driven
by information, and data becomes the most important asset.
Most of the companies are transforming their businesses
into e-business where it is crucial to preserve integrity,
availability and confidentiality of information due to
sensitivity and value of business data. The amount of data
organizations have today is huge and they find themselves
overwhelmed in the face of unauthorized access as
networks are opened when connected to the internet. The
data contains consumers’ information as well as
organization’s critical information such as operation
records, financial aspects, cash -flow information, health
care and administration.
This data and information is lifeblood of an organization
and any damage to it can be fatal to their continued viability
as a living entity. In such situations enterprise security
services play crucial part and ensure that the originality and
accuracy of the information is preserved, and it shall never
be exposed to unauthorized approach.
Individuals or organizations leverage technology to use to
meet or complete desired goals and it is difficult to foresee
all threats and vulnerabilities that surface in the process. In
other words, the enterprise security is reactive where no
Editor’s Desk
Enterprise security is not
any more a requirement
its a Necessity.
5. technology or security system can fully assure
protection from threat. But there are several security
service providers are who can guide and provide their
deep insights in security solutions and help to avoid
any major data breach.
In this issue of “The 10 Most Trusted Companies in
Enterprise Security” Insights Success has shortlisted
those e ecurity providers which are providingnterprise s
solutions that are systematically profile and
contextualize security threats with a level of detail and
granularity that has never been achieved before.
The cover is featuring Penta Security Systems, a
leading provider of web and data security products,
solutions, and services. Penta Security’s web security
product responds fast to proxy deployment, inline
topology, cloud, and other web-related environment
changes. The company’s data encryption product also
responds fast to DBMS, file systems, cloud, and other
data management-related environment changes
including log and images, the unstructured data. It has
been expanding its offerings in order to meet the
demands of encryption in different areas, with its data
encryption products.
Also, makes sure to scroll through the articles written
by our in-house editorial team and CXO standpoints of
some of the leading industry experts to have a brief
knowledge of the sector.
Happy Reading!
Rohit Chaturvedi
6. COVERSTORY
Ready to Open a New Era of
Total Connected Car
Security Solutions with AUTOCRYPT
Penta Security
08
7. C O N T E N T S
ARTICLES
16
AI: From Artificial
to Authentic
Maestros Insights
34
Challenges in Cloud
Computing
Leadership Viewpoint
22
28
Helping Businesses
to Improve Customer
Engagement
Callsign
Protecting Critical
IT Infrastructure
Cimcor
Catching-up With The
Robotics For Better Future
Future-Bots
18 32Data Center Security:
Controlling Possible Threats
Digital Revolution
24
Tech Evolution
How VideoAmp Evolved the
Company Culture and Process
to Increasethe Number of
Engineers Employed
10. Ready to Open a New Era of Total Connected Car
Security Solutions with AUTOCRYPT
Penta Security
Systems
The
10TRUSTED
Enterprise
2019Security
Most
Companies In
12. oday, businesses and the internet are united, as
Tbusinesses are run on the internet. The market
demands applications of both safe and stable
foundation of technology as well as applications of fast and
new technologies. Nonetheless, applications of enterprise
security must never be compromised regardless of the
circumstantial changes and by taking this into consideration,
Penta Security Systems, a leading provider of web and data
security products, solutions, and services, was incepted.
Below are highlights of the interview conducted between
Penta Security and Insights Success:
What led to the inception of Penta Security?
When I was eager to pursue my entrepreneurship desires back
in 1997, the internet started to gain popularity. In this stage
where things were rapidly changing and most certainly in the
connectivity sector, it made me realize that everyone will
sooner or later be placed in a situation where connectivity
security is inevitable in their lives.
After the foundation, the company focused on utilizing the
merits of this county, South Korea. It was not easy to
establish Penta Security as an OS or a networking technology
provider as some of the firms in the US were already taking
the lead in the world. This is the reason why I have decided
to focus on developing security for the developers. In South
Korea, there is a relatively high number of application
developers, therefore we thought we could listen to their
demands, reflect them on our products, and eventually create
something that is developer-centric. As expected, ‘Web
application security’ has become inevitable for the businesses
because their most important assets, the data, went on the
applications. As a result, compared to the existing system and
network security, ‘data security’ became the most important
part of maintaining the businesses nowadays.
From ‘things’ to ‘vehicles’ and now ‘blockchain’ that’s
enormously and innovatively impacting our decision-making
processes, we are coping with big and important changes as
an IT security firm. We strongly believe that security must
keep up with rapid technological changes and by taking the
lead, Penta Security has been expanding its security offerings
from IoT to all sorts of mobility environments.
How do you diversify the organization’s offerings in web
and data security to appeal to the target audience?
Today, businesses and the internet are united. Businesses are
run on the internet, which now are the applications. The
market demands applications of both safe and stable
Cover Story
13. foundation of technology as well as applications of fast and
new technologies.
In terms of applying security to the rapidly changing
environment, Penta Security is confident to stress that
developing the methodologies in order to keep up with the
changes is one of the biggest and important goals of the
company.
Penta Security’s web security product responds fast to proxy
deployment, inline topology, cloud, and other web-related
environment changes. Data encryption product also responds
fast to DBMS, file systems, cloud, and other data
management-related environment changes including log and
images, the unstructured data. We have been expanding our
offerings in order to meet the demands of encryption in
different areas, with our data encryption products.
From then on, we focused on providing different solutions to
different audiences. To begin with, we managed to provide
‘detection’ solution to compensate the security features the
developers might have missed, then ‘encryption’ solution to
protect critical data assets, and finally, ‘authentication’
solution to allow users to identify themselves in the
interconnecting network. Our offerings have managed to
expand and diversify in IoT, automobiles, trains, and ships as
well, via associating these main security features.
In result, Penta Security has registered 95 international and
domestic patents and gained 58 international and domestic
certifications. Moreover, won 37 product awards including
the latest ‘Cybersecurity Excellence Awards’, ‘Gold Winner
of Database Security 2018’, and TU-Automotive’s ‘2019
Best Auto Cybersecurity Product/Service’ with our
authentication, detection, and encryption solutions.
Give a detailed description of the featured person’s
influence over the company and the industry.
Security must be at the head of IT and its transformation in
order to let the technologies develop each and every part of
the business. Therefore, as the CEO and Founder of an IT
security company, I believe it’s most important to provide a
clear vision and role of security to the employees. Letting the
professionals do their jobs, whilst the entrepreneur leads the
direction is what I believe managing and running a successful
company really means.
Security is not only deeply engaged within the industry, but
also with national policies. Even with the slightest misleading
regulations, the result and the impact can be beyond our
control. Therefore, we strongly believe that IT security firms
must take part in the process of policy making. In order to
achieve this, we have been actively participating in
developing national industries by weighing in our
opinions. We’re also engaged with technology institutes
as we believe educating the next generation’s
professionals is one of our important missions as the
leader in the industry.
As per your opinion, what are the web and data
security roadblocks or challenges organizations
facing today? And what is your advice to overcome
them?
The biggest obstruction is the existing custom that only
focuses on finding the vulnerabilities and in turn,
patching them temporarily, assuming that the initial
issues had been resolved. I definitely agree with the effort
at least, however, looking ahead to building an immune
IT system from the start is what actually matters the
most.
We must let security become an important part of
building the IT system - especially when we live in such
a hyperconnected society. The whole concept well
explains Penta Security’s philosophy and vision, which is
‘Secure First, Then Connect’.
Secure
First,
Then
Connect
“
“
14. It is also very common to face situations where policymakers with big influence that lack a good
understanding of new technologies end up developing wrongful IT policies. There are times when
industry revitalization agendas produce actual regulations and results that stand in the way. In order
to prevent social resources from standing in the way of developments, Penta Security is putting a
lot of resources to educate, inspire, and promote base-level, easily understandable IT security to
non-professionals out there.
How does Penta Security cope with the volatile technological trends to boost its growth?
When trying to respond quickly to the changes, there is always a mix of old and new ways. This is
not just about the conflict of the old and new, but it's about efficiency. Penta Security puts its best
effort in solving the decline of efficiency in structural and procedural ways. If we feel the need to
focus on developing and applying new, innovative, and disruptive technologies, we form a new
team or a department as well as new labs for in-depth developments in order to meet the needs of
new business opportunities. We alternatively separate the company through spin-offs if necessary,
as we truly believe that responding fast to the changes is what makes us ‘Penta Security’ as a
whole.
Could you throw some light on your mission and vision statement?
The concept of realizing an ‘Open Society’, which I deliberated when starting the company, have
become the company’s vision. As mentioned, trying to fix the problem only after an incident
occurs, is the worst way of realizing security as we can imagine. Modernization is all about
communicating, interchanging, and sharing. We cannot grow and develop without these in an open
society. If we want to feel secured even with our doors wide open, we must give trust and trust
others who enter our safety zones. Penta Security is the company that can provide that trust and we
strongly believe this is what ‘Trust for an Open Society’ really means to us. With Penta Security’s
security solutions, businesses can trust and freely manage businesses in their own disruptive ways.
What are your company’s future aspirations? What strategies are you undertaking to
achieve those goals?
What IT security meant to other industries back in the days weren’t much at all - in fact, it was just
seen as a component part that supports the entire IT system. We wanted to build an IT security
company that resolves any issues related to IT security from the first step, and that starts when
building the initial IT system in a business. We thrive to build a safe platform and an infrastructure
based on the concept of ‘Security by Design’. As a recent example, there is automotive security.
In addition to automobiles, we are planning on expanding our desires to trains and ships, by
providing security to all sorts of mobility environments.
The established IT was all about connecting users to the central system. However now, different
devices are connected to each other and ‘connected car’ is a typical example. With our whole-
system approach to security, we believe it enables an era of hyper web integration and connectivity.
Therefore, we aim to drive safer transport through our efforts in smart mobility, provide automotive
security for connected and electric vehicles, automotive blockchain technology, and a mobility data
intelligence platform.
We’re going through a big change where the method of connectivity has become completely
different compared to the past. This, it is not an overstatement to say that blockchain, a new
computing system that drives innovative changes in decision-makings, is leading this change.
This change not only impacts other industries but mostly, impacts the security industry and of
course, Penta Security as well. Running different technological labs, subsidiaries, and teams in
each security sector in order to put ourselves out of the comfort zone, is what we constantly aim to
achieve, with our best effort.
17. Address :
Country :City : State : Zip :
Date :Name :
Telephone :
Email :
Che should be drawn in favor of:que INSIGHTS SUCCESS MEDIA TECH LLC
Global Subscription
1 Year.......... $250.00(12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00
3 Months ... (03 Issues) .... $70.00 1 Month ...... (01 Issue) ..... $25.00
SUBSCRIBE TODAY
18. With so much attention focused on Artificial
Intelligence (AI), it’s worth remembering that
one size does not fit all. There are specific
business-related pain points in mind when a company
decides to deploy AI technology, so making the right
choices can be a tricky task.
For example, several months ago, an AI related
breakthrough was announced – a robot learned and
demonstrated the ability to perform a perfect backflip.
While it is well acknowledged that the invested research
and development for this mission was huge and the
commercial potential for some applications is enormous, it
is somewhat unclear how this specific innovation or the
core models and algorithms of it, can serve other industries
and verticals. Herein lies the problem.
Gauging AI success in one field in many cases can be
meaningless for another. To make things worse, even when
trying to go deeper into the technology and attempting to
evaluate, for example, which Machine Learning algorithms
are utilized by the product, or what are the number of
layers in the Deep Neural Network models mentioned by
specific vendors, in the end it will be possibly pointless as
it does not directly reflect the solution deployment
‘success’ implications.
Nevertheless, it seems that the market ignores this reality
and continues to evaluate AI-based products by buzzword
checklists using familiar and related AI terminology (e.g.,
AI:From
Artificial
to Authentic
About the Author
Mr. Jay Klein drives Voyager Lab’s
technology strategy and core intellectual
property. He brings more than 25 years of
experience in data analytics, networking
and telecommunications to the Company.
Before joining Voyager Labs, he served as
CTO at Allot Communications where he
steered Allot’s data inspection and
analytics core technology offerings, and as
VP Strategic Business Development at
DSPG, where he was responsible for
strategic technology acquisitions. He also
co-founded and held the CTO position at
Ensemble Communications while founding
and creating WiMAX and IEEE 802.16. He
also served as the CTO and VP of R&D at
CTP Systems, acquired first by DSP
Communications and later by Intel. Jay
Klein holds a BSc in Electronics & Electrical
Engineering from Tel Aviv University as well
as numerous patents in various
technology fields.
Maestros Insights
www.insightssuccess.com16 2019|November
19. Supervised, Unsupervised, Deep Learning etc.). While
checklists are an effective tool for comparative analysis it
still requires the ‘right’ items to be included.
Unfortunately, what typically is absent are the items which
are important to the customer, from a problem-solution
perspective.
Introducing Authentic AI
Given all of this, there is a need to change the narrative
around AI technology and solutions to something
meaningful and authentic that reflects the real-life
challenges and opportunities that businesses are facing.
This is the time to introduce Authentic AI.
The Merriam-Webster dictionary defines ‘Authentic’ as
both ‘worthy of acceptance or belief as conforming to or
based on fact’and ‘conforming to an original so as to
reproduce essential features’. This is not about ‘Fake’ to be
contrasted with ‘Real’. It’s about the essential features of
AI which need to be acknowledged, and hence, redefine
the ‘checklist’. Often, these essential ‘authentic’ features
are hidden and only surface when a CIO/CDO is faced
with a new problem to be solved. This is seen especially
when the AI aspects of a proposed product or solution are
fully explored by asking questions such as:
- Is the AI technology utilized by the product aimed
specifically for my problem, optimally (e.g.,
performance, cost, etc.)?
- Is it capable of addressing the complete problem or
only a part of it?
- Can it be assimilated into the existing ecosystem
without imposing new demands?
- Can it address the compelling environmental
conditions of the problem space?
These issues can be grouped into three different ‘classes’ -
‘Original’, ‘Holistic’ and ‘Pragmatic’:
Original – How innovative is the solution? This can be
quantified by assessing the following:
- the invention of new algorithms or even new models
and
- the use of complex orchestration techniques or
- through the capability to handle complex data formats
and structures.
While there is no need to re-invent the wheel repetitively
for any problem, there are distinctive characteristics which
require optimizing.
Holistic – How complete is the proposed AI technology? It
takes into account the capability of handling the end-to-end
aspects of the solution, the competence of harmonizing the
operation of the various AI components of the solution and
the ability to adapt to ever changing conditions of the AI
application.
Pragmatic – Can the technology solve real world
problems in their actual and natural space in a
commercially viable way? This means that for example the
data sources can be processed in their most native format
(both unstructured or structured) as well as provide
insights or results matching the pragmatic needs of the
specific market expectations. In addition, the ability to be
quickly deployed and rapid to act are assessed.
All of these elements should be used to systematically
assess and evaluate AI-based products and solutions to
assess their authenticity and therefore effectiveness in
specific use cases.
For example, many home-loan mortgage evaluation and
recommendation systems utilize a somewhat isolated
machine learning based applicant classification method,
one of many other processes included within the solution.
The AI in this solution cannot be considered Authentic AI
to a high degree as it ‘scores’ low on the ‘Original’ and
‘Holistic’ classes as it isn’t innovative ‘enough’ (from an
AI sense). In addition, the AI component itself does not
cover on its own the end-to-end aspects of the solution
(hence affecting the overall performance and precision). It
could be considered to be ‘Pragmatic’ to some level if it
can handle the required data sources of financial
institutions or the customer applications natively, and if the
solution ‘output’ are the explicit results required as a
specific recommendation (e.g., loan conditions). However,
the deployment timeline (time-to-market) and commercial
aspects need to be evaluated as well. This is just one
example of many others, covering all kinds of variations.
Perfect backflips may grant you a gold medal if you are a
gymnast but if you are a master chess player don’t expect a
winning move.
www.insightssuccess.com17 2019|November
20. Better
FUTURE
for
Catching-up
with the
ROBOTICS
obots have always been
Rpictured as a man-made
advanced technological
creativity, which do and will favor the
human species for future. As robotics
is vibrantly globalized, soon it will be
mainstreamed in various fields and
sectors. Currently, there are numerous
enterprises worldwide which are
implementing robotics into industrial,
healthcare and commercial use.
Whereas, robotics have experienced a
lot of up’s and down’s during this
tenure, but with the time, it held a
stronghold in the digital world.
Whenever the discussion arises about
the applications of robotics, the
industrial sector has bespoken
benefits’. Robots have become more
affordable, smart and productive over
the years. The sectors like agriculture,
construction, warehousing and
logistics, and customer services. By
investing more in robots, an enterprise
www.insightssuccess.com18 2019|November
21. will be solving certain problems more
accurately and efficiently. Meanwhile,
utilizing robots will help enterprises to
push their limits in order to fill up the
productivity voids.
With each slippage of time, the
technology is upgrading so does the
robotics. The advancements in robotics
field will be a boon to the enterprises in
order to increase growth and
productivity rate. There are certain
parameters that should be considered
while implementing robotics in the
enterprise, such as
Following up Parameters before
Reaching the Depth of Robotics
Modifying; as per the user’s need
Generally, robots used to require
advanced training in order to operate
comfortably. It’s not an issue for the
big enterprises as they acquire the
skilled people to deal with, where the
small enterprises are not so gifted with
loads of assets initially. But, with the
new advances in robotics technologies,
it has become easier for small ventures
to invest in robots for increasing the
productivity generating more revenue.
Just by giving wireless commands
from an IOT, demonstrating tasks to
the robots gets easier. Nowadays, there
are numerous varieties of robots to
carry out multitasks, thus as per the
user’s need, one can invest in robots
for the industrial purpose.
Easily Compatible
Unlike the big manufacturing robots in
huge industries, there are various
collaborative robots which are
specially designed to work alongside
and to assist human workers in a
variety of tasks. Earlier it was sort of
stressful for an enterprise to allot
specific man-power for certain task,
but by implementing co-bots such
issues are resolved. As the size and
shape of co-bots are getting more
compact, it may benefit the enterprises
in various terms.
Easy to Develop
Earlier robots were not able to program
easily due to the incompatibility
between the user interface and
hardware. But, now Robotic Operating
System (ROS) is dominating the
industry by providing solutions for
varied robots in order to perform the
task without lagging. It’s an open-
source framework which helps
developers to redirect the programming
in different ways. This open-source
framework is dominating the growth
towards the constructive direction.
Amplifying the Range of Applied
Robotics
st
The 21 century—is the era of
implementing new ideology and
technologies in various sectors. While
technological disruption has
collectively affected every possible
Future-Bots
www.insightssuccess.com19 2019|November
22. sector, robotics is still unaffected. From past few years, the
technology, as well as its implementation, has increased
substantially. Have a look on such few areas for possible
applications.
Obliging Enterprises through Robotics
Cobot’s: Assisting Humans
Unlike big manufacturing robots, collaborative robots are
designed to work with employees in enterprises and
corporates. The design is smart enough to assist humans
and also, compact enough to handle. Generally, the small
and medium-sized enterprises (SMEs) are slightly boon by
implementing co-bots in day to day life, as they are easily
adaptable, easy to process and most importantly it’s
affordable. According to some experts, there’s a possibility
of enormous growth in the business, if Co-bots are
implemented widely. The main motive of industrial robots
is to the prioritized safety of employees and workers, yet
the chances of accidents are always at high risk. Whereas,
co-bots works as a service robot; they come in various
shape and sizes easing the workability and reducing the
liability of employees. In order to get sanctioned as service
robots, any co-bot has to pass certain testing parameters by
robot manufacturing companies, factors such as easily
compatible with other devices and programs, safe in
use, easy to command, and processing at a faster
rate. Currently, co-bots are used for processes
like machine tending, packaging, and material
handling. In spite of industries, co-bots are
used in various sectors such as in farming,
hospitals, healthcare and facilities, and
labs. It does come under robot-as-a-
service format.
Cloud Robotics
Imagine an enterprise with
robots that are totally independent
to the user commands, in other
words, no external programming
may require in order to process robots
for the various tasks. In accordance to
that, a User Interface to be exact might not
be needed in the future, as machine learning is
already on its verge to get explored. Currently, in
order to carry out certain tasks robots are been told to
what to do using the interface whereas, cloud robotics
directly twitch compatible code from the clouds which
are required for the tasks. To work alongside with
humans, robots must be deep learning the subjects
simultaneously able to point out problems and provide
solutions right away. Meanwhile, it will be a boon for the
enterprises if the employees will get to interact with robots
as a personified object rather than a machine. Soon, there
with personal robotics cloud which will help robots to take
and give information directly. Depending on the robot, it
can process various functions such as lifting, leveraging,
handle vision, object recognition and other, thus certain
robots acquire such skills and will provide information to
the cloud. Then, this information helps other robots to get
enlightened. In simple words to say, robots will teach other
robots for the better good of the enterprises. On the other
hand, as robots are getting more and more evolved, filtering
of essential information from rest will get much easier. This
will comfort both big and small enterprises to manage big
data more precisely.
With the emergence of advancement in robotics, they are on
the verge to touch skies already. If considering the above
possible factors, this evergreen era of robotics is less likely
to get saturated due to technological disruption. As the
technologies are growing faster, the enterprises must to
catch-up with them accordingly. It’s high time to implement
new technologies especially of the robotics as its utilization
is not only subjected to warehouses but also, towards the in-
house enterprise work. Hopefully, there’s a possibility of
robot-oriented industries in the future.
www.insightssuccess.com20 2019|November
23.
24. Helping Businesses to Improve User Engagement
Whether it’s their employees
or customers, organizations
often struggle to find the
right balance between security and user
experience. Callsign, a Computer &
Network Security company provides
user-friendly identification and
authentication solutions, that help
businesses balance the two, whilst also
reducing costs.
Below are the highlights of the
interview:
Give a brief overview of Callsign, its
uniqueness, and its vision.
The digital world is based on a simple
premise – trust. When we’re
interacting with a person or entity –
whether it’s a business or some other
transactional interface – we need to
know with no uncertainty they are who
they say they are, doing what they say
they are, where they say they are. This
is exactly where Callsign helps.
We are an identity fraud, authorization
& authentication company, solving the
challenges that organizations face in
getting their users on to & interacting
with their digital platforms.
We do this using real time AI driven
identity and authentication solutions,
that confirm the user really is who they
say they are, no matter what their
location.
Describe Callsign’s cutting edge
security solutions which address all
the needs of your customers?
As organizations strive to secure their
systems, the aim is to do so in a way
that doesn’t hinder employee
productivity. Ideally, using policies that
allow for a tailored, contextual
approach to workforce identification.
What’s more, today’s employees are
increasingly prioritising privacy over
convenience, so that’s got to be
factored in, too.
Our Intelligence Driven Authentication
Platform consists of three modules –
Intelligence, Policy & Authentication.
Our intelligence engine uses multiple
data points to create a confidence
score, telling us how likely it is that
someone is who they say they are. If
the confidence score is high, we can
safely reduce friction and if it’s not,
authentication is dynamically adjusted.
This orchestration is achieved using
the Policy Manager. Organizations can
build dynamic, natural language
policies and journeys that adapt, in real
time, to contextual intelligence. As a
result, Callsign’s Policy Engine can
dynamically adjust to the type of
hardware, connectivity and even
preferences of individual users (for
example if facial recognition is not
enabled). Because the policies are fully
transparent and written in natural
language, leaders in risk, compliance,
user experience can understand them
as well as technical peers in IT and
fraud making the solution much easier
to manage and utilize across
businesses.
In all, the entire process is designed to
determine what kind of authentication
journeys are best used in which
circumstances, based on what action is
being performed, by who, where, and
how. Meaning organizations aren’t
isolating swathes of user’s with
either / or choices of biometrics, or
additional password checks and can
adhere to privacy requirements such as
GDPR and CCPA.
What technologies are you
leveraging to make your solutions
resourceful?
Collecting thousands of data points
across device, location and behavior,
we use statistical modeling and
advanced machine & deep learning
techniques, to create a unique identity
profile of that user so that the policy
engine can deliver the appropriate
authentication journey.
This level of intelligence enables us to
deliver passive authentication as much
as possible – and only calling for
active authentication when appropriate
or required. This means we can deliver
improved levels of security for
organizations whilst improving the
user experience, with on average over
80% of authentication steps removed.
www.insightssuccess.com22 2019|November
25. A scalable “banking grade” user
friendly, identity fraud, authentication
& authorization platform.
“
What are the challenges faced while providing security
solutions and how is Callsign serving to tackle them?
Identity is the gateway to all things digital, yet the most
common authenticator in the world was invented in the
1960's – the password. This, and every other authentication/
authorization solution since then represents identity proxies,
not identity. Many solutions were designed to identify
fraud, not prove identity. Callsign is the first solution that
builds unique individual digital profiles, collecting
thousands of data points, and verifying and learning with
each interaction.
Privacy is also an essential part of the Callsign platform.
Today, it’s important that users are given the right choice,
control & consent around the use of their data. With
Callsign’s Intelligence Driven Authentication (IDA), clients
can allow their users to determine just which datapoints can
be collected, empowering users to actively participate in
securing their digital identities.
Additionally, Callsign IDA serves all users who span a
broad range of socio-economic and geographic
backgrounds, as well as capabilities such as users opting out
of biometric authentication, or even those without a smart
phone.
What according to you could be the potential future of
the enterprise security industry and how does Callsign
envision sustaining its competency?
As security in general evolves as a core business function,
leaders need to balance risk and user experience to agree
the appropriate business risk tolerance.
Many current methods focus on a zero-trust approach that
relies on user’s regularly authenticating, often with fairly
rigid methods. By using thousands of data points in real
time to determine identity, Callsign safely removes
authentication friction for employees – ensuring solution
adoption and boosting productivity.
It also removes the costs incurred by tokens that are lost or
need replacing. Plus reduces reliance on passwords, and
therefore the cost of support calls when they’re forgotten.
About the Leader
Zia Hayat is the CEO and Co-founder of Callsign. Zia
has a PhD in Information Systems Security from the
University of Southampton and has worked in cybersecurity
for both BAE systems and Lloyds Banking Group.
Alongside overseeing the company strategy and inputting
into the research and technology roadmap, he works with
executive levels of organizations to examine how digital
identity can be made more secure, simpler to use and most
critically, maintaining the privacy of individuals.
Collaborating with industry and academia he is helping
drive awareness and innovation to anticipate the challenges
of tomorrow. This could be driven by users' desire to have
choice and control over their digital identities, and/or the
bad actors increasingly garnering greater levels of
sophistication around attacks.
—Zia Hayat
CEO & Co-founder
The
10TRUSTED
Enterprise
2019Security
Most
Companies In
www.insightssuccess.com23 2019|November
27. Ÿ “Promoting out of hand” is another variation of this
where you don’t put someone through the normal due
diligence because they already present. In our case,
individual contributor (IC) engineers don’t go through
the rigorous reference checks that new managers do.
Ÿ “Hiring under duress”, or lowering your bar simply to
meet headcount goals. I strongly advise to hire fewer
“full-full stack” senior engineers vs. a bunch of junior or
mid-level career developers who require more time,
nurturing and precious attention units from your senior
staff.
Process
This is a moving target, and one which has definitely been
an ongoing series of blogs. In the early stage, we “over
prescribed scrum.” Something that a very early stage
company can do, along with too much agile processes too
soon.
For example, prototypes and proof of concepts should not
have a rigorous definition of done, with endless unit,
functional, and end-to-end tests because the product’s
requirements will probably zig-zag wildly.
Conversely, having too little process when you are
supporting enterprise customers can also be a problem. I
spent my prior days as an IC and
VideoAmp turns 4 years old this month. So many
memories, and so much growth. Let’s reflect on
some of the worst decisions and associated
learnings that have been fundamental to our growth. Why
the worst you say? Because when you accelerate your
learning rate in a fail-fast environment, it then allows you to
make fast decisions vs. the analysis paralysis predicament.
Reflection
One of my favorite wildcard interview questions for
managers is: “Describe the failure you’re most proud of.”
This sometimes catches people off guard, so I’ll share mine
first to get the conversation going. Inevitably it comes down
to choosing because there are so many.
You can’t talk about growth and success without talking
about these failures. Unless you’re some kind of hybrid
AI-robot-space-alien who’s absolutely perfect, there’s going
to be mistakes. What’s important is that as a leader you own
your mistakes and be transparent about them.
Hiring
Finding the right people is the single most important aspect
of growing a startup. The biggest mistakes in hiring have
been:
Ÿ “Hiring out of hand”, or short cutting the normal
processes because the candidate is well known by other
engineers in the group.
Tech Evolution
www.insightssuccess.com25 2019|November
28. contractor retrofitting and scaling CI/CD pipelines and
training engineers how to write better tests.
The challenge is right-sizing this all along the way, and the
trigger points on when to change may not be obvious. I say
this because we grew headcount by 22 engineers from Oct
2017 to Feb 2018, and in the process we did not modify our
simplified Kanban approach to a prescribed Scrum process
quickly enough. Growing pains emerged, to say the least.
Now we’re in a spot where we can withstand a magnitude
scale of growth with roughly the same squad and tribe-level
process.
Management
Riffing off rapid growth of Brains in engineering, we didn’t
scale management fast enough. Almost all startup
engineering orgs start very flat, with all ICs and no
management. You have “tech leads” who may split their
time doing light managerial functions, but they all write
code and dive into the operations.
The biggest fail here in scaling the ICs was not scaling the
org and management structure to follow. At ~44 engineers
and data scientists, we have a duty to deliver on our mission
to provide an environment where they have the opportunity
to do the best work of their lives and be worth more in the
marketplace.
Without this vital management structure, there is a vacuum.
Do not bolt this on later, build it as you go. We took
inspiration from Spotify’s model of engineering
organizational scaling.
Growth & Career Pathing
We’ve talked about all of these fails, how about something
that has worked well for us?
When doing initial contact with a candidate, I often ask
“why are you in market?” I have seen countless folks who
are looking because their current management does not
have their growth and career pathing in mind. In extreme
cases, they can do a day’s work in four hours, feel like they
are under-challenged, and have not learned anything in
years. They work in an environment like the movie Office
Space.
Taking an opposite approach is to engage in the growth and
pathing of every individual. We do this by:
Ÿ aligning the growth of the individual with the
company’s growth.
Ÿ having management check in frequently on the success
of this, and
Ÿ setting up formal quarterly check-ins on measuring
these goals. Google adopted this early on from John
Doerr in the form of OKRs, and there are great
platforms out there which can formally measure and
track these objectives.
Career pathing is a longer-term concern. I ask candidates
from the start “so what’s the next job after VideoAmp?”
This often catches them off guard, then after careful thought
most reply with a role 1-2 levels beyond where they’re at
now. It’s our goal to help steer them in whatever path they
currently see.
Many earlier-career engineers think management is their
ultimate path, but I have found that many will stay on a
tract of engineering excellence. Whether it’s a Principal
Engineer or a VP of Engineering, the goal is to orient the
new challenges in a manner which grows them in that
direction, even if we can’t fully realize their ultimate
pathing goal while at the company.
By paying careful attention to these details, we have found
our annual retention rate in the high 90%.
www.insightssuccess.com26 2019|November
29.
30. Founded in 1997, Cimcor
Inc.is an industry leader in
developing innovative
security, integrity and compliance
software solutions. The firm is on
the front lines of global corporate,
government and military initiatives
to protect critical IT infrastructure
and has consistently brought IT
integrity innovations to market.
When Cimcor was started, it had a
focus on process automation and
control. The company was
responsible for creating and
implementing mission-critical
applications in both the
manufacturing sector and utilities.
It identified the need for
corporations to ensure that critical
systems continue to operate
appropriately, despite cyber threats
or even human error. The CimTrak
Integrity product line was created
in response to this identified need.
Over the years, Cimcor has
expanded the scope of its product
line beyond manufacturing &
utilities to meet the needs of the
broader enterprise and rapidly
growing cloud infrastructures. Its
vision is straight forward; to detect
change throughout the enterprise.
However, the implementation of
this vision is quite complicated. Its
dedicated team of engineers has
created the most advanced integrity
monitoring system in the world. Its
next-generation file/system
integrity monitoring product that
goes far beyond the standard
detection of other tools in its
marketplace focuses not only on
change detection but also on
maintaining system uptime.
Powerful features such as self-
healing/remediation capabilities,
reinforce the company’s
commitment to not only providing
information about changes to your
IT infrastructure but helping you
manage it proactively.
An Integrated Solution
As a comprehensive security,
integrity and compliance solution,
CimTrak is easy to deploy and
scales to meet the needs of the
largest of global networks. With an
automated detection process,
flexible response options, and
auditing capabilities, CimTrak is a
powerful compliance, information
assurance, and security tool.
CimTrak provides total system
device and integrity monitoring.
Organizations use the CimTrak
Integrity Suite to monitor their
servers, workstations, network
devices, active directory/directory
services, databases, POS systems,
Protecting Critical IT Infrastructure
Docker/Container Security, and
cloud security, for unexpected
change.
An Inventor
An elite team of Cimcor is led by
its President and CEO, Robert E.
Johnson. Robert is an inventor and
has led the development of several
patented and patent-pending
technologies. As a result of his
passion for technology, he has
authored numerous articles,
contributed to books about
technology, and developed several
commercial software packages. He
has appeared on CNN, World
Business Review, and Inside
Indiana Business as well as
Bloomberg Radio.
Actively involved in the
community, he has served on
numerous boards including the
Purdue Technology Center of
Northwest Indiana, the Methodist
Hospital Foundation, Board of
Advisors for Purdue University
Northwest Computer Information
Technology department, the
advisory board of the Department
of Computer Information Systems
for Indiana University Northwest,
and Board of Advisors for
Westwood College.
www.insightssuccess.com28 2019|November
31. The CimTrak Integrity Suite monitors and
protects a wide range of physical, network,
cloud and virtual IT assets in real-time while
providing detailed forensic information
about infrastructure changes.
Robert E. Johnson
President & CEO
The
10TRUSTED
Enterprise
2019Security
Most
Companies In
www.insightssuccess.com29 2019|November
32. Mr. Johnson’s contributions to security and innovation
have been commended and written into the
Congressional Record of the 112th Congress. Under his
leadership, Cimcor has been felicitated by various
recognitions and awards. In 2015, Cimcor, Inc. was
selected by the Indiana NW-ISBDC as Exporter of the
Year in Technology. In that same year, Cimcor, Inc. was
selected by CyberSecurity Ventures as #82 in the global
compilation of the top 500 information security
companies to watch. In 2017, Cimcor moved up to #75
in the global CyberSecurity Ventures Top 500
compilation and Mr. Johnson was inducted into the
NWI Times Business & Industry Hall of Fame, an
accomplishment that has been documented in the
Congressional Record of the 118th Congress. In 2019,
Cimcor was named to the HOT 150 Companies to
Watch in 2020 by Cybercrime Magazine and named in
the Top 25 Cybersecurity Companies of 2019.
Constantly Innovating
According to Cimcor, the challenge within this
particular industry is the rapid pace at which technology
and malware evolve. In 2018, there were 1.2 million
new variants of malware created every single day.
Helping organizations cope with zero-day exploits and
malware trends requires Cimcor to innovate constantly.
Succeeding in such a fluid and ever-changing threat
landscape requires the company to foster a culture of
continuous learning and serial innovation. This
corporate culture has enabled Cimcor to continuously
improve its security and compliance software,
providing users with change detection in real-time,
coupled with remediation ensuring an organization’s
system is in a secure state.
Real-time Integrity Monitoring
Cimcor, Inc. has a patent on real-time integrity
monitoring with remediation capabilities. CimTrak has
been developed by its talented engineers. Its tech stack
is centered around C/C++, Angular, and Go. All of its
communications and data at rest is encrypted and
compressed. The company uses FIPS 140-2 certified
cryptographic methods. In addition, all communication
is encrypted via TLS 1.2. When communicating with
external devices, Cimcor uses a variety of secure
protocols including SSH V2. This multi-protocol
support allows the company to connect and monitor a
range of servers, network devices. Its focus on
application portability has enabled Cimcor to tightly
monitor Windows, Linux, Solaris, AIX, MacOS, and
HP-UX. There are facilities to monitor databases,
Active Directory, LDAP, and a variety of network
devices such as CISCO, Juniper, Palo Alto, Checkpoint,
and more. It even supports the monitoring of cloud
services such as Amazon AWS, Google GCP, Microsoft
Azure, Docker and Kubernetes.
Two Major Shifts are yet to Come
Cimcor envisions two major shifts in the enterprise IT
space. It expects a continued shift of IT infrastructures
into the cloud and an increase in hybrid cloud/brick-
and-mortar infrastructures. The other shift is the
dramatic increase in IOT and Industrial Internet of
Things (IIOT) devices. CimTrak is uniquely positioned
to help protect assets both within the enterprise and in
the cloud.
Testimonials
“CimTrak works great. It is easy to use and the
support team is fantastic.”
—Mike, Direct Mail Processors.
“What I like about CimTrak is that it is so easy to
set up. Within a half-hour, we were up and running,
with Tripwire®, which I’ve worked with in past
organizations, it was pretty intense to set up. We
looked at a few others. Many didn’t offer the same
benefits. They are nothing like CimTrak.”
www.insightssuccess.com30 2019|November
33.
34. Data Center Security:
The rise in cyber-crimes is one of the main causes of
Data center outages. As per the recent survey
conducted by industry insiders, cyber-crime caused
22 percent data center outages in 2015 opposed to 2 percent
outages in 2010. Adding to all these, now most of the data
centers are re-evaluating their security policies after the
recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in
many ways. However, the costliest loss is service
interruption and loss of IT productivity. So, the
organizations are now realizing that traditional security is
no longer secure enough to secure any data center. A recent
study has found that 83 percent of traffic travels east/west
within the data center, which stays undetected by the
perimeter security. In this environment, when an attacker
infiltrates the perimeter firewall, then can jump across the
system with ease, extract information and compromise
valuable data. Additionally, data centers can fail due to
trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way
possible from any kind of cyber threat? Don’t worry we’ve
got you covered, with the points below.
As the first step, one should Map the Data Center and flag
the hackers within the virtual and physical infrastructure.
The CSOs and CIOs with a system map of their systems
can react to any suspicious activity and take steps to stop
data breaches. Being able to visualize different traffic
patterns within a network helps to understand threats, that
eventually elevates the level of security.
Understanding and measurement of traffic flow within
the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south,
protected vs unprotected one can get to know about a threat.
Additionally, vulnerable zones and unprotected traffic need
to be monitored for a better result.
Firewall rules need to be defined and implemented as per
requirements. Additionally, one should allow traffic only
after thorough verification and selectively allow
communication to ensure maximum protection. The key is
to identify, what;s legal and secured and what can be
blocked to enhance security.
One needs to Build a Team with executives who
understand how traffic flows within the premises and can
access & secure information, take necessary measures to
secure important assets along with the implementation of
roadblocks for the attackers.
Security must move as fast as a data center’s technology
adoption and integration. Security Strategy Should
Change Alongside the Technology and it should not be
treated as an add-on option. Additionally, businesses also
should ensure that their virus protection, signatures other
protection features are up to date for better protection.
Businesses should Identify and Place Controls over high-
value assets, which will help to reduce risk. However, older
security solutions are completely blind to new threats, new
security companies have produced latest solutions that
protect data in the virtual world.
Access Restriction also needs to be imposed. Every
business should thoroughly check a person’s background
before giving the access to a prized possession. Access to
the main site and the loading bay must be limited,
Controlling Possible Threats
Digital Revolution
www.insightssuccess.com32 2019|November
35. additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to
safeguard the employees and the data center.
Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function
helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a
great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other
than administrative purposes for better security.
A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to
make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked
thoroughly.
Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and
communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit
the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must
undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of
security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance
footage helps when it comes to securing a data center.
Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or
natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the
disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive
visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with
lesser outages.
www.insightssuccess.com33 2019|November
36. Challenges in
Cloud Computing
The Clouds keep rolling in for enterprises. In the
2018 State of the Cloud Survey performed by
RightScale, they found that 96% of respondents
now use the public, private, hybrid, or a mix of cloud
computing models. To add some additional complexity to
the mix, from the same survey, organizations are already
running applications in 3.1 clouds and experimenting with
1.7 more for a total of 4.8 clouds.
Businesses report the key advantages of moving workloads
to the Cloud are flexibility, agility, easy access to
information, and cost savings. All of these great advantages
though come with a price. Just like any migration project,
there are a lot of moving pieces and a lot of places a
company can run into issues.
There are really three silos of challenges that both cloud
migrations and operating in the Cloud fall into.
– Planning – Without a well thought out plan, your
migration is destined to have a rocky road to operational
readiness.
– Risk Mitigation – It is key to understand all the risks,
technology and business, that moving and operating in
the Cloud creates. Adding risk mitigation to your initial
plan will help ease the transition and make a surprise
free environment when services go into production in
the Cloud.
– Governance (Cost and Security) – The ease of use,
agility, and elasticity of the Cloud are great benefits,
but, they can also lead to runaway costs and a lack of
adherence to security best practices.
At CCSI we break the migration and operation in the Cloud
into 5 key areas.
– Discovery
It is a critical start with a full understanding of what
exists in the environment today. All applications,
services, and supporting infrastructure should be
inventoried and documented. This will ensure nothing
gets left behind and that there is a clear understanding
of the current steady state infrastructure.
Challenges in
Cloud Computing
– Assessment
Once a complete inventory is created, each application
and service can be evaluated to determine if it should be
moved to the Cloud. If it is to move, is it best suited for
public, private, or hybrid deployment or would it be
better to move to a SaaS (Software as a Service)
solution. Perhaps it can be decommissioned because
there are duplicate services, or it is not being used
anymore. It may also be determined that the application
or service is not a good target to move. Perhaps it is a
legacy application that can’t support more modern
infrastructures.
This is also a good time to start reviewing Cloud service
providers that may fit the requirements of your
applications, your infrastructure, and your budget.
– Migration Planning
Now that we know what we are moving and where it is
moving, we can start to put together a plan. During the
migration planning phase workloads are prioritized for
the order they are going to be moved, a budget is put
together, a business case is made for each workload that
is to be moved, and pilot migrations are performed
where further design, performance, or reliability testing
is needed. Once this stage is complete, a full migration
roadmap along with buy in from all the interested
parties within the organization should be secured.
– Migration and Testing
Once a workload is migrated, full testing should take
place. Testing for performance, load, security, resiliency
and reliability should be performed. This is one of the
most critical steps. It is much easier to mitigate issues
BEFORE going into production.
– Go Live
This is probably the shortest but scariest part of the
process. After all the hard work, the plug is pulled on
the original system and the new system in the Cloud
goes live. All support processes should be transitioned
to support the new cloud infrastructure and all
documentation should be updated. After any issues are
Leadership Viewpoint
www.insightssuccess.com34 2019|November
37. ironed out, a post migration review is
always valuable to see if there are any ways to
improve the migration process for the next workload.
Now that your organization is officially “in the Cloud”, the
challenge of governance begins. For effective cost control
in cloud computing services, it is important to understand
the different factors that impact an organization’s cost.
Cloud cost management tools should be used to help
discover the source of these inefficiencies. Unplanned costs
are often due to a lack of visibility of current consumption
and past trends. When organizations used on premise
infrastructure, they financed it with fixed upfront CAPEX
investments. Cloud consumption is an OPEX subscription
model based on utilization. A shift in the approach to
operational management is now needed. Optimizing for
cost is as important as optimizing for performance.
Cloud-based governance tools can track usage and costs
then alert administrators when costs are greater than
budgeted. These same tools can be used to ensure corporate
security policies are being applied to all workloads and that
best practice security frameworks like Center for Internet
Security (CIS) are being applied.
As cloud services move deeper into the organization, it’s as
important as ever that technology leaders make informed
decisions about which products, services, and payment
models deliver the
best results and have
adequate planning in
place - but it’s not easy.
About CCSI
For more than 40 years, Contemporary Computer
Services Inc. (CCSI) mission has been to help solve
modern business challenges with technology solutions that
optimize cost, reduce risk, simplify operations, and increase
performance. CCSI provides the highest quality of service
in the industry for the full spectrum of technologies–from
containers to PCs, network infrastructures, managed
services, IP telephony, cybersecurity, cloud services, SD-
WAN, to storage solutions. At CCSI, we believe that
technology exists to make our lives - and our businesses -
simpler, more productive, secure, and ultimately more
profitable. Let’s Grow Together. Learn more at
www.ccsinet.com.
Joe Goldberg
Cloud Program Manager
CCSI
Joe Goldberg is the Senior
Cloud Program Manager at
CCSI. Over the past 15+ years,
Joe has helped companies to
design, build out, and optimize
their network and data center
infrastructure. Joe is also ITIL
certified. Joe can be contacted
via Twitter handle
@DevOps_Dad or by email
jgoldberg@ccsinet.com.
About the Author
www.insightssuccess.com35 2019|November