Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based approach

607 views

Published on

This talk focuses on managing cybersecurity issues that surround today’s implementations of emerging technology, including shadow IT

Published in: Technology
  • Be the first to comment

  • Be the first to like this

(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based approach

  1. 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Surfing today’s emerging tech: A policy-based approach James Stanger, PhD CompTIA Chief Technology Evangelist @jamesstanger
  2. 2. SACON 2020 Ambient computing – a wave that’s already here • Context-aware computing – “Presencing 2.0” • Intelligent tech monitors people (AI & ML) • Information you generate and use moves from: • Individuals to edge / cloud / data center • Environment to environment • Machine to machine • Part of the 4th industrial revolution • The result? • Hyper-personalization - customer focus • Data analytics and business intelligence • Control (?)
  3. 3. SACON 2020 Emerging tech categories generating this wave through 2023 The above revenue drivers are also the building blocks of the ambient computing world
  4. 4. SACON 2020 Data / information has become the critical skill area
  5. 5. SACON 2020 Unprecedented connectivity of (smart) things • How is this data connected to 
 emerging tech? • How do we process this data into
 information? ICS DCS SCADA OT IoT Sensors / actuators / radios Gateway Data AcquisitionEdge AIData center Storage Application Network ServerML
  6. 6. SACON 2020 IoT / OT and next steps: Customer experience (CX) • The next steps are to: • Transform “emerging tech” into
 customer-centric solutions • Make the architecture more efficient How do we apply AI
 and ML IoT? How do we turn this into a customer- focused solution? What about 
 serverless / edge?Should we do this?
  7. 7. SACON 2020 Cloud – finally being used • After much talk, we’re seeing 
 actual adoption over the past 5 years • Another part of the “4th industrial 
 revolution” • Azure vs. Alibaba vs. AWS, and so forth:
 It depends on your business model • Where do charges occur? • Data in and out • Services used • Integration experience is at a premium • We need workers that can convert 
 technical speak into business terms and 
 make decisions
  8. 8. SACON 2020 Surprises in the cloud space • Two major surprise providers: • VMWare (Dell) • Red Hat (IBM) • Why? • Visualization: Can manage 
 multiple environments / providers • Network management: Using SD-WAN to route IoT device traffic • Abstraction layer: Helps avoid vendor lock-in • Customer focus: History of creating useful services • Emerging tech: Ability to integrate new solutions, including AI and blockchain
  9. 9. SACON 2020 5G and emerging tech • 5G – it’s finally here (mostly) • Capturing data where it is generated • Edge – microclouds, mini data centers • Cloud • More devices to support • The good, the bad, and the ugly of 5G Good Connectivity Speed Edge capability Bad Tampering Eavesdropping Monitoring Attack surface DDoS Ugly Privacy Traffic QoS Trust models
  10. 10. SACON 2020 AI / ML finds its place: automation • AI is often used as a subset of 
 automation • The use of tech to automatically: • Launch, under conditions • Respond to situations • Improve itself (and other “things”) • Communicate with other
 machines and other people • But now, it’s all about the 
 intelligence of things. Automation Artificial Intelligence Machine
 Learning Deep Learning KubernetesDocker
  11. 11. SACON 2020 Common realities when implementing emerging tech • Shadow IT / Bring Your Own IT • Skipping steps in the software development 
 or platform deployment cycle • Not managing devices properly • No encryption • No or poor authentication • Rapid deployment of new technologies 
 workers don’t fully understand • Organizations receiving data that they 
 aren’t properly securing
  12. 12. SACON 2020 • Because companies have at least two different perspectives • Information Technology (IT) • Business leaders Why does shadow IT exist? IT says shadow IT is: BAD Business says shadow IT is: GOOD
  13. 13. SACON 2020 The risks of shadow IT Customer
 dissatisfactio n Loss of information integrity Non- compliance Cost overrunsPerformanc e issues
  14. 14. SACON 2020 The result? • Upstream issues • Privacy issues • Penalties (e.g., GDPR, HIPAA) • Loss of consumer confidence • Attacks • Ransomware, credential harvesting • DDoS • Social engineering • Forms of “technical debt” • Organizations often can’t fix 
 problems that they 
 have created by using IoT, Cloud, 
 and other solutions • Security workers are asked to fix this problem Toxic IT? Code Complexity Monoculture s
  15. 15. SACON 2020 An applied example
  16. 16. SACON 2020 So, who is responsible?
  17. 17. SACON 2020 • IT workers
 need to
 solve
 these issues • They have
 the best
 perspective Complexity: The primary reason for increased sales cycles
  18. 18. SACON 2020 • The industry has
 moved from mere
 detection to issues 
 involving: • Privacy • New ways of 
 investigating
 risk • Selective attack
 surface reduction
 
 Critical areas within cybersecurity
  19. 19. SACON 2020 • Most companies
 can state a clear business
 case • But, the details
 remain a 
 problem • IT workers
 are needed
 to manage
 these factors
 ethically Issue Where IT can help Customer Confusion Clarify product capabilities (e.g., AI, BI). Find creative solutions. Help make the customer comfortable. Risk aversion The technical and business risks. Act as liaison. Help ensure privacy concerns are addressed. Budget constraints Provide accurate information concerning cloud- based services. Inhibiting factors for using emerging tech
  20. 20. SACON 2020 • Learn your business! • This isn’t a technical issue • Focus on how information flows in your organization • Cloud-based assets • Enterprise / installed • It requires: • The ability to breakdown IT silos • Communication with business units • Ability to analyze multiple sources • Formal documentation • Network diagrams Adopting a policy-driven approach to “surf” emtech problems Asset discovery Articulate risk level Identify policy Evaluate compliance to policy Change managemen t policy Continuou s monitoring
  21. 21. SACON 2020 • We need data / business
 intelligence analysts • Turn data into information • Identify trends • We also need security analysts • Moving from detection 
 to prevention • Threat modeling • Threat feed interpretation • Cloud-aware pen testing The need for analysts • Can’t secure 100% of the 
 company • Focus on critical resources (the 25%)
  22. 22. SACON 2020 Threat hunters ▪ Profiling specific
 attacks ▪ Can provide
 characteristics
 and context ▪ Situational
 awareness ▪ Provides focus ▪ Can also use 
 threat feeds Learn how the organization communicates Identify resources essential to the organization Investigate attack techniques hackers will try that specific to your organization’s resources Proactively investigate – monitor and analyze Recommend security controls
  23. 23. SACON 2020 • SolarWinds Service Desk • SysAid • ImmuniWeb Discovery • SolarWinds Network |
 Performance Monitor • Qualys • Many open source tools Asset discovery applications
  24. 24. SACON 2020 The indispensable IT worker ▪ Having only tech skills isn’t
 enough ▪ Workers need a combination of human and tech skills • Emotional intelligence • Presentation skills • Complex reasoning • Writing • Categorizing and summarizing • Anticipating issues • Complex reasoning • Conditional thinking • Multi-vendor situations • Integration Ethics: An increasingly important ski
  25. 25. SACON 2020 Cloud Seeding: A Cloud Computing Tutorial (CompTIA) The Skills needed to combat today’s cybersecurity
 threats (RSA) Automated Pen Testing
 (Admin Magazine) Two sides of the same coin: Pen testing and security analytics 
 What’s hot in network certifications (NetworkWorld) Escaping the Cybersecurity Metrics Matrix (CompTIA) Private Eye: Open source tools for automated pen testing Admin Magazine
 Thoughts about the help desk (YouTube) The Hunt for the Meaning of the Red team (CompTIA) The Internet of Things (IoT) and Technical Debt: Why It Matters (CompTIA) James Stanger, PhD jstanger@comptia.org +1 (360) 970-5357 Twitter: @jamesstanger Skype: stangernet
 My CompTIA hub:
 https://certification.comptia.org/it-career-news/hub/James-Stanger Thank You! Latest articles and blog entries: Putting AI and ML to work (CompTIA) What is the difference between IT security and cybersecurity? (CompTIA) Observations at RSA San Francisco 2019 (CompTIA) Moving to the Cloud:IT Infrastructure and Cybersecurity skills required (CompTIA) Where the Wild Things Are: Investigating Browser-based Brute Force Attacks (November, 2019, Admin Magazine) How Technical Debt Can Damage Business
 Agility and
 Competitiveness
 (ITPro, UK)

×