Why antifragility is key in the age of connectivity, with Verizon

Why antifragility is key in the age of connectivity, with Verizon

Show Video

Welcome back to the Disruption Lounge. My name is Ben Beyer. I'm the executive editor for Fast Company’s Content Studio, and I'm really excited to have this next conversation about connectivity. It is something we are all familiar with. We're all connected in multiple different ways, but as organizations we also have to think about connectivity in a bit of a different lens too. But Fast Company is also a publication in a property that we're dedicated to the beat of innovation.

So, we're going to talk about innovation in connectivity, but also, how connectivity is rolling out from a security perspective to So, I am super excited to be here today with Chris. Chris is the director of the Verizon Cybersecurity Consulting. He is a long time veteran with with cybersecurity. He's on he's a member of the Biden Task Force on cybersecurity as well. And he's right there on the front lines of dealing with these issues, both with organizations that are clients but also with where things are headed next. So, Chris, thanks for joining me today.

Let's kick things off. Just give us kind of a sense of where we are with connectivity. I mean, there's a recent stat every like home has about 22 different devices that are connected. I imagine organizations that's about the site almost probably exponentially higher. So, we have connectivity from a big picture perspective.

Are we more hyperconnected than ever before? Yes, I'd say we're more definitely more hyperconnected than ever before, and I think we're only going to see it continue to increase. If you think of just over the last several years, the level of increase that we've seen and it's not slowing down. And with the introduction of things like 5G and all the various use cases that come along with that, we're only seeing more and more devices get connected. Right. Think of, you know, the edge of IOT.

You roll the clock back, you know, just a handful of years and it was kind of something people knew of, but not necessarily something that was well-adopted. I would challenge most folks, you you look around your house, you probably have more I.O.T. there now than you ever did before. And that's really just kind of scratching or skimming the surface of where I think we're going.

I mean, 5G came out and people just said, all right, it just in their minds it was just faster. But really, it's a broader spectrum of use cases now that can be applied. Are we now kind of seeing the really that sort of age of 5G kind of come to life beyond just what the promise was, but the reality? What are some of the things that are out there now that 5G is enabling to make happen? And then we'll get it a little bit more into the security piece of that and what that means.

Yeah, excellent. So definitely in terms of, you know, the 5G use cases, we're really starting to see that come to life. I know in the early days, I think people were kind of looking at it as well. It's faster, but how much faster do we need? It is faster, it is lower latency.

But we've also seen the adoption has really taking off. And so your point of the use cases, what we're starting to see is things like manufacturing, stadiums and venues, health care. And in fact what I find interesting about that is some of those industries are areas where I would say maybe historically we haven't seen them as being early adopters. Think of like manufacturing in many cases we thought of them as being industries that really did very little in terms of great innovation beyond their actual assembly lines. You know, it was it was largely stagnant for years or maybe even decades.

We're starting to see them now adopt things like private 5G, where they'll now set up their manufacturing facilities to be able to communicate real time with all of the apparatus that may be operating on that factory floor, integrating that with things like their supply chain in ways that maybe previously they tried to do with Wi-Fi, but it either required more antennas, more energy, more cabling. It created a lot more challenges that, you know, 5G is really help solve. You mentioned health care, an interesting use case because you're right, it's not typically thought of as a place necessarily beyond the innovations that are happening inside with the doctors themselves, but as a place that is thought of and this is always innovative as a as a, you know, organization. So, what are some of the now the new use cases that things like private 5G and 5G are allowing places like a hospital or a health care organization to be able to do what are the outcomes that are allowing are being able to happen? Yes, I mean, I think that's one of those areas that I'm very excited about because there's actually like real world health and lifesaving implications to it. Right. The ability to have the say, the diagnostic tools available anywhere in the world or the medical professionals anywhere in the world.

We've seen examples where you can actually have you can actually have a doctor put their hand in a piece of equipment that they can then manipulate apparatus that is hundreds of miles, thousands of miles or. Half a world. Away that maybe they otherwise would never have the ability to apply their medical expertise to. But they could do it essentially in real time and actually have haptic feedback of what it is they're actually touching.

And then also think about it from the diagnostic perspective of the ability for health care practitioners to get real time data from all around the hospital, whether a patient is moving equipment is moving, the connectivity remains robust. And so the point you mentioned earlier about security, all of this can't happen without security. If the tools are not secure, the technology's not secure, the doctors are not secure, we lose trust. So how are you able to enable the security piece? I think that's the interesting part, is like, listen, you want to have this environment where people are able to be connected, but then how do you balance that openness and connectivity with security to make sure that the right people are getting up and not the wrong people? Great question. I think the reality of it is when we look to build out our 5G network, security was something that we had to build in from the start. We we always looked for the most advanced technology that we could leverage for actually building out the network, but security was a fundamental component to that.

In fact, I was having a conversation with someone the other day and they said network and security is like peanut butter and jelly. They both go great together, but you're not going to have the sandwich apart. And so I think when we built out that 5G network, we had to have security built in right from the beginning, right to the radio right to the devices so that they could be continuously validated, secured, authenticated the entire time that they're on the network. And so for organizations that are thinking like, all right, I want to consider doing this, but what's what is what do I have to be thinking about when it comes to installing it? I've got an office, I've got a manufacturing facility. What do I need to do to think about this? And then how do I think about this with my workforce that oftentimes are BYOD? They're bringing their own devices. They got to manage that.

What what's the thought process there? Sure. Yeah. So, I think in that case, we've got a lot of different solutions for helping pretty much every type of enterprise across any type of industry. So, what I always encourage folks to do is obviously that's an area where they can reach out. We can take kind of the standard solutions and then also custom tailored to the needs, whether it's factory work, whether it is health care, whether it is BYOD type scenarios, whether it's, you know, vehicle to vehicle or machine to machine communication. There's all those different use cases that we can bring to light.

It's just a matter of understanding what the needs of that particular customer are and fine tuning the technology to meet those needs. And so you just hit on sort of vehicle to vehicle machine to machine edge computing. These are sort of some of the technologies that are being able by high speed connectivity, including 5G. So what does that future look like from you? What are you seeing in the innovation labs that you guys have? What are you looking at? What does that future look like and how to then the security plays a role in that, too? I mean, excellent point.

And it's interesting because we actually just opened our new innovation lab here in San Francisco just in the last couple of weeks. We actually had some first customers in there as part of the RSA Conference, was very excited to kind of show a tour of it, happy to bring you through some time and great to see some of those cases, those use cases really come to life. I'd say one of the things that's interesting, though, is show people they always get a kick out of it is the robotic dogs. So, we we partner with an organization called Ghost Robotics to enable these devices that they basically look like robot dogs, but they can go into first responder kind of situations. So, think of wildfires, earthquakes, you know, anything where the terrain might not be safe for rescue groups to go in right away, but we need to be able to assess where the rescue groups need to go, how do we prioritize their operations so that we can help save the lives of as many people as possible? So, leveraging 5G in that particular experience, we can actually have the robots move through that terrain, identify where we need to have the rescue efforts start, where we need to focus, what kind of other maybe technology or lifesaving apparatus we need to bring to that point and when what are the maybe the risks to people in that area and then actually deploy that. So that would be one example of some of the things that were showcased in that in that that innovation lab.

But there's there's countless others. Yeah. And I mean, we saw there was a parking garage collapse. Sadly, that was a tragedy in New York later last week. And the again, first responders brought out a robotic dog to sort of again help them try to again assess danger and need in that situation things that are helping being enabled by connectivity.

Before I jump into some conversations about sort of risk taking and other thoughts from an organization perspective, you talk a lot about zero trust. And so I think it's a term that maybe isn't quite as well known among organizations. Maybe the audience here what is zero trust? What do you what do people need to think about as an organization and why does that need to be important for folks? Sure. So, I think first thing I'd say is to anybody who's had the zero-trust conversation, zero trust is not a product. So anybody who says it is, it's not. It is a it is a concept that is an architecture.

And so when we have that discussion with organizations, we're looking to understand how do they establish an environment where essentially it's almost like never trust, always verify. In fact, that's a term one of our customers had used. And I think it's an important concept. The saying, look, how do we validate the individual and the endpoint to make sure that they are and should be trusted, allowed access, How do we authenticate and authorize them? And then also how do we continuously validate the security around them, right? It is not just about giving them initial access.

It is about continuously validating that they should maintain ongoing access. Their role, their use cases may change, their endpoint may go from a state of high security to low security. All of those things need to be considered in an ongoing fashion. And so the Zero Trust tries to care for that right from kind of the identity all the way through to the endpoint, the application and the data. And for that, who is leading that discussion at organizations? Who are you dealing with? Is it the CTO is the chief Security Officer who is the person that should be having that discussion internally? So most often there's going to be a combination of going to be probably the CIO, maybe a little bit of CTO and a lot of CISO and a lot of that's going to factor into the discussions around things like identity and access management usually is kind of the, I’d say, maybe the cornerstone or the pivotal starting point that a lot of organizations need to undertake. If you don't have strong identity and access management, you're going to struggle to do a lot of the other other pillars.

Gotcha. All right. We're going to shift a little bit to talk a little about kind of how you sort of manage and how you sort of lead within your sort of security structure, because I think it'll be interesting for the folks that are out here to understand a little bit about this concept of risk taking. Obviously, in security, the goal is to minimize risk by. But there's a different application now which is risk taking in terms of the thought process of how you operate, how you think about things and how you come up with new ideas, new innovation. So if you can share a little bit about sort of how your organization views sort of risk taking, how do you manage with that? What's your perspective? Sure. Yeah.

I think there is no business out there that can succeed without taking risk. And I think it's interesting because I talk with a lot of organizations and there's two groups that people often call the no group, and usually hopefully there's no lawyers in the room. Usually, it's the lawyers. And I know there's a lot of security people in the room and the security people, everyone says they're the no group, they're the group that tells me I can't do what I want to do. And so that's all about managing and understanding risk.

People oftentimes I find they say, no, they block the ban usually because they don't understand the risk. And in many cases, it's more about understanding and assessing the risk and then say how do we put controls around it to say, look, you can do this, you can do this much, or maybe this group needs access and this group doesn't. And so there's ways to establish controls that allow us to, I'd say, manage risk so that we can take the risks. The business needs to be successful and to grow without taking the risks that the business fears, you know, might might cause catastrophe.

Did you have to change your own mindset on this, you know, as your career developed to sort of, you know, evolve to this place where you're like, all right, it’s not about saying no, it's about trying to find options. Absolutely yeah. So, for anybody who doesn't know, I started as a technical practitioner. I was in the weeds doing incident response, helping organizations recover from breaches.

And when you're in the weeds, in the technical, the answer to everything is no. We say, Well, if you don't want that to happen again, just block this, block that block that none of those things will happen. But yes, sometimes and oftentimes forget that the business can’t survive or operate in a climate like that. So, I definitely feel that in that respect, I've evolved a lot and I say, look, we have to put ourselves in the shoes of the business we are advising and guiding.

We need to say, look, if we say no, it stops this bad thing from potentially happening, but what other positive things? Does it also inhibit the business from succeeding with? And we need to figure out what that balance is. So that is now something that we've worked into the workflow of all the consulting engagements we do. And how does that conversation happen above you? Because oftentimes it's like, okay, you can you can you share that with the the team and the staff, but you also have to convince the managers to realize, like, okay, this is the philosophy that I believe in and want to share it, to get that buy in from senior management. So what does that conversation look like? So I mean, that conversation I think is a really good risk conversation, but broadens to business terms. In fact, actually last RSA, one of the talks I did at the Moscone was around cybersecurity as a business conversation because I said the challenge that I often see is the cybersecurity people, even sometimes the CISO will bring the conversation forward all about fear, uncertainty and doubt.

Here's all the bad, horrible things are going to happen now. Give me this budget so I can go make sure they don't happen. And a lot of times the C-suite says, Look, everybody gives me the sob story or the catastrophe story to try to get budget that doesn't work, give it to me in real risk parameters. And so kind of elevating that conversation to the C-suite, to the ELT, bringing it to the board. I also think we're seeing a change in the regulatory landscape. You know, there's new guidance coming out from the FCC and others that are now saying, look, there needs to be more of a response and a posture around cybersecurity at the C-suite, maybe even designation of cybersecurity experts, if you will, at the board level.

And so we're starting to see that more kind of come into the conversation. I want to talk about sort of what the future may look like in a second, but I want to ask one more question. When I was just having a conversation about the role of Chief Trust officer or chief privacy officers, do you view that role as something that is kind of a piece of, you know, your consultancy as more and more organizations have to think about not only cybersecurity but privacy and trust alongside that? Yeah, absolutely. And in fact, actually, coincidentally, the talk I give this morning was around privacy. So but but yeah, they definitely go hand-in-hand.

I kind of see them as being like cousins in the industry. The trust and the privacy piece aren't going to happen if you don't have security, right? There's a lot of elements of privacy that are about how you handle people's data and how you handle information. But a lot of the ways in which you actually operationalize that are probably going to be based on the controls that the security team is building and monitor. And if we want to prevent, you know, unauthorized privacy disclosures or data breach events, a lot of that is going to tie into the aspects of what the security team is doing. So I see those two having to be linked. Yeah.

And last question. What's a common issue that a lot of the companies you're consulting on on this issue right now, what are they asking you about? You and I got imagines probably two letters right now that are sort of at the top of mind of everybody in this hall and this audience, but probably the organizations are dealing with. Yeah, A.I. is on the top of everybody's mind right now. And it's I think it's it's a tool. And like any tool, it can be used in great positive ways.

It can be used to help innovate and create new things that we never thought possible. But there's also the potential for it to be misused or even abused. And as a result, there can be negative outcomes.

And I think back to the earlier point you made about risk. I think that factors into it as well. You know, how do organizations handle, you know, the use of A.I. in their environments? What are they allowing their users to do? How do they put parameters around them? And again, it just comes down to understanding the risk. So what's been your personal experience with it so far? What have you noticed about it? What gives you hope and what gives you pause? So, I think there's a huge amount of hope and a huge amount of potential. I've had a lot of conversations with people around the conference who have successfully used AI in various forms, whether it's, you know, generative, large language models type AIs that we keep hearing about or other, you know, internally developed models.

And I think especially as it relates to the cybersecurity field, you know, you look around and there is still a massive shortage of jobs. So, I think there's a huge opportunity for A.I. to come in and help fill a void that right now we just don't have the people to fill, to fill. And so I think there's a huge opportunity for us to add automation and efficiency that maybe otherwise we we just can't get because we just don't have the people or the staff. I think there's maybe a low risk of automating out people's jobs because I think there's so much open, you know, talent out there that we're open roles out there that could be potentially needed with it or boost, you know, some of what we're doing today. Yeah, I mean, in the media world, it's like I get this conversation, Oh, well, we'll just have A.I. write stories or write things.

Sure, you can do that. Which should you do that? And the answer to me right now is no. Like there's a role for A.I. to write, write some simple things, but to write a really involved story to creativity that is going to separate your brain from others, I say no.

So but again, we'll see you next year. If I saw that same opinion or not, we'll figure these out. So looking out, I know you have obviously a future perspective because you got to look at what's coming next. 6G. What what are we what are we what should we be expecting from a potential 6G Anything's.

Any previews you can give us? I wish I could give you a preview, but I'd say right now we're really just super focused on 5G. I think we've seen an incredible adoption in the the pace of adoption of 5G is twice the pace of what we saw with 4G. And we've still only just kind of scratched the surface of what we can do there. So for right now, our focus is very much on the 5G, but maybe we will regroup next year. All right. So let me let me phrase it a different way. So you're you're sitting at home, you're watching Netflix.

In your mind, you're saying, all right, what's the science fiction show that I think would be enabled by a high-speed connectivity that doesn't necessarily have a number or G next to it? What does that look like in your in your science fiction creativity mind? Well, I think it. Comes in a science fiction creativity mind. I think we see more enhancements around security. I think we see more implementation of things like A.I., more maybe at the network level.

I think there's a lot of advancements that we can see that comes with it. And then obviously, like everyone's going to expect, there's going to be higher speed, lower latency, things like that that I you've come out with any new technology innovation and evolution. All right. You didn't quite get where I was hoping you were going to give us some insight, but you dodged it well, it was was good. All right.

The last question, advice about disruption, because I think a lot of, you know, organizations that are here, the constant fear is I want to be the disruptor. I don't want to be the disrupted. So, from your perch and securing, what does that look like? What sort of conversations are you having with it? What are the advice you're giving both your own teams so you're not disrupted but also the clients you work with? Yeah, great point. And I think cybersecurity, we always have to be looking ahead you know, I always tell people one of the areas that I focus very closely on is threat intelligence, and that is all about looking ahead. How can we know what's coming before it arrives so that we can protect ourselves? And I think cybersecurity is all about how well can we know if I want to see predict the future, but put predictive controls in place such that we're better protected for whatever the threat might come tomorrow? Right.

How do we consider what that looks like and start blocking and tackling that now? And that's I mean, that's something that we're always working with, with customers now from a backbone perspective, we're always looking to try to see if there is something that we can see evolving or emerging as it crosses, you know, traffic across our own network backbone. How can we take intelligence that we learn from that, feed that out to our own teams so that they can evolve and innovate what they're doing? But then also how do we push that out to customers so that they can block and tackle an event that maybe they've never seen before? That's really interesting. So, I mean, if you can share, like how does that work in your organization where it's like, all right, everyone's focused on the now, on the clients and the customers. How do you make sure that you you have a space where, oh, I'm seeing something that's interesting. Let me raise this up the chain, Commander, or bring this to the team.

How do you do that as an organization to make sure that it happens? Yeah. So, I mean, what's interesting is what we find is when we look at that kind of data and we look at the things that are predictive, usually what we also do is reflect back on what we've seen historically. About 80% of all the incidents and breaches we've ever seen have been links to other events. So, there is a lot of kind of predictive analytics that we can do that can allow us to understand what kind of that next step or future step might look like or where we might see a new threat emerging that maybe has not started doing the reconnaissance, started attacking. We're starting exfiltration.

We can actually start to get ahead of it. All right. There's a lot to tackle, a lot going on, a lot of innovation happening. But Chris Novak, thank you for sharing your perspectives with us. I think there's a lot of interesting things going to happen.

And maybe next year I'll get you to give us a little bit of a preview of what 6G might bring us, everybody a round of applause for Chris Novak from Verizon, thank you again for joining us.

2023-05-18 18:18

Show Video

Other news