Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Podcasts

 

RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have

By Byron V. Acohido

Companies have come to depend on Software as a Service – SaaS — like never before.

Related: Managed security services catch on

From Office 365 to Zoom to Salesforce.com, cloud-hosted software applications have come to make up the nerve center of daily business activity. Companies now reach for SaaS apps for clerical chores, conferencing, customer relationship management, human resources, salesforce automation, supply chain management, web content creation and much more, even security.

This development has intensified the pressure on companies to fully engage in the “shared responsibility” model of cybersecurity, a topic in that will be in the limelight at RSA Conference 2022 this week (June 6 -9) in San Francisco.

I visited with Maor Bin, co-founder and CEO of Tel Aviv-based Adaptive Shield, a pioneer in a new security discipline referred to as SaaS Security Posture Management (SSPM.) SSPM is part of emerging class of security tools that are being ramped up to help companies dial-in SaaS security settings as they should have started doing long ago.

This fix is just getting under way. For a full drill down, please give the accompanying podcast a listen. Here are the key takeaways:

Shrugging off security

A sharp line got drawn in the sand, some years ago, when Amazon Web Services (AWS) took the lead in championing the shared responsibility security model.

To accelerate cloud migration, AWS, Microsoft Azure and Google Cloud guaranteed that the hosted IT infrastructure they sought to rent to enterprises would be security-hardened – at least on their end.

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

By Byron V. Acohido

In order to extract value from the Internet, data sprawl first must get reined in. This has always been the case.

Related: Equipping SOCs for the long haul

What good is connecting applications, servers and networks across the public cloud if you’re unable to securely operationalize the datasets that these interconnected systems store and access?

Solving data sprawl has now become a focal point of cybersecurity. It’s about time. Much of the buzz as RSA Conference 2022 happens this week (June 6 – 9)in San Francisco will be around innovations to help companies make sense of data as it gets increasingly dispersed to far-flung pockets of the public cloud.

I had the chance to visit with Karthik Krishnan, CEO of San Jose, Calif.-based Concentric AI, which is in the thick of this development. Concentric got its start in 2018 to help companies solve data sprawl — from the data security and governance perspective – and has grown to 50 employees, with $22 million in venture capital backing. For a full drill down of our discussion, please give the accompanying podcast a listen. Here are a few key takeaways.

Crawling, classifying

Jeff Bezos solved data sprawl for selling books and gave us Amazon. Larry Page and Sergey Brin solved data sprawl for generalized information lookups and gave us Google.

In much the same sense, companies must now solve data sprawl associated with moving to an increasingly interconnected digital ecosystem. And addressing data security has become paramount.

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

By Byron V. Acohido

Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security.

Related: Log4J’s long-run risks

That’s changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mitigate a sprawling array of security flaws spinning out of digital transformation.

I visited with Scott Kuffer, co-founder and chief operating officer of Sarasota, FL-based Nucleus Security, which is in the thick of this development. Nucleus launched in 2018 and has grown to over 50 employees. It supplies a unified vulnerability and risk management solution that automates vulnerability management processes and workflows.

We discussed why VM has become acutely problematic yet remains something that’s vital for companies to figure out how to do well, now more so than ever. For a full drill down, please give the accompanying podcast a listen. Here are the key takeaways:

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

By Byron V. Acohido

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye.

Related: Microsoft advocates regulation of facial recognition tools

Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations.

Excising passwords as the security linchpin to digital services is long, long overdue. It may take a while longer to jettison them completely, but now there truly is a light at the end of the tunnel.

I recently sat down with Ismet Geri, CEO of Veridium, to discuss what the passwordless world we’re moving towards might be like. For a full drill down on our wide-ranging discussion, please give a listen to the accompanying podcast. Here are a few takeaways.

NEW TECH: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it

By Byron V. Acohido

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly.

Related: Stopping attack surface expansion

And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run.

Encouragingly, an emerging class of network visibility technology is gaining notable traction. These specialized tools are expressly designed to help companies get a much better grip on the sprawling array of digital assets they’ve come to depend on. Gartner refers to this nascent technology and emerging discipline as “cyber asset attack surface management,” or CAASM.

I sat down with Erkang Zheng, founder and CEO of JupiterOne, a Morrisville, NC-based CAASM platform provider, to discuss how security got left so far behind in digital transformation – and why getting attack surface management under control is an essential first step to catching up.

For a full drill down, please give the accompanying podcast a listen. Here are my takeaways:

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Related: Pursuing a biological digital twin

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services.

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

By Byron V. Acohido

Without much fanfare, digital twins have established themselves as key cogs of modern technology.

Related: Leveraging the full potential of data lakes.

A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. Digital twins enable simulations to be run without risking harm to the physical entity; they help inform efficiency gains made in factories and assure the reliability of jet engines, for instance.

As data collection and computer modeling have advanced apace, so have the use-cases for digital twin technology. And as part of this trend, development is now underway to someday bring “biological” digital twins into service.

This is very exciting stuff. It signals the leading edge of digital advances. In our immediate future are digital platforms capable of doing much more than deploying driverless vehicles or enabling joy rides into space. A day is coming when bio digital twins could help to prevent the onset of debilitating diseases and promote wellness.

NTT Research is in the thick of this budding revolution. A division of Japanese telecom giant NTT Group, NTT Research opened its doors in July 2019, assembling the best-and-brightest scientists and researchers to push the edge of the envelope in quantum physics, medical informatics and cryptography.

I had the chance to sit down with Dr. Joe Alexander and Dr. Jon Peterson who are heading up NTT Research’s effort to develop the computational models that would make possible a bio digital twin for the human heart. For a full drill down of our conversation, please give the accompanying podcast a listen. Here are a few key takeaways: