Cybersecurity in the New Paradigm

Prior to COVID unfolding, I wrote about some of the top security-related trends I felt executives should pay attention to, and on February 26, I asked a panel of CEOs and investors to share their thoughts on the trends they’re focusing on in the year ahead.

The panel, which took place in San Francisco, adjacent to the RSA Conference, featured some of the top industry minds, including;

• Sri Dronamraju, BMO Financial Group’s Chief Information Security Officer

• Fran Rosch, CEO of ForgeRock

• Jim Dolce, CEO of Lookout

• Samir Kumar, Managing Director of M12

• John Hurley, Director of Information Security Strategy and Innovation at BMO Financial Group

• Deepak Jeevankumar, Managing Director at Dell Technologies Capital

• Prasad Parthasarathi, Director & Domain Leader for Cybersecurity in Cisco’s Corporate Development and Venture Investments Group

• Sanjay Beri, CEO of Netskope

Here are some of the takeaways from the event.

Dronamraju began by saying it’s important to stay ahead of the bad guys by continuing to invest in new capabilities. Currently, hackers spend more money penetrating or infiltrating companies than organizations spend defending themselves. “That's the number one challenge facing the industry today,” he said.

The industry also needs to continue producing more talent, he said. At the moment, there’s more demand for people who can work on security issues than are available.

Ultimately, by investing in new technology and upskilling our people, “our security operations are able to consistently protect our customer data and assets,” he said.

Trend #1: Always evolving technology

Dronamraju’s comments echoed the panel’s, who agreed that investing in innovative technology is a major focus for executives and Chief Information Security Officers (CISOs).

Rosch, whose San Francisco-based company manages digital identities, said that companies want their tech to do more for them. CISOs are increasingly interested in using artificial intelligence and machine learning to combat hackers, especially when it comes to protecting data and identities.

“From an identity perspective, you sit at the intersection of a ton of authentications, a ton of log-ons and a ton of access requests,” he said. “It’s a great opportunity to be able to leverage that technology to remove the need for rules or manual approvals, and to leverage AI and machine learning so it’s smarter and so they don’t have to get new tools.”

Lookout’s Dolce pointed out that it was only a few years ago that people used firewalls to protect against hackers. Now, they’re using a host of cloud-based solutions. While that’s made it easier to quickly adopt and implement new technologies, it’s also caused a lot of confusion, as businesses end up buying many programs they don’t end up using.

Security tech, he said, will evolve to the point where companies use a single platform that comes with multiple pieces of software, rather than having to piece together several different programs on their own.

“You’re going to (use) platforms where you can add different kinds of modules to be able to bring new capabilities and services,” he said. “You’re going to see companies offering platforms rather than individual point products.”

Trend #2: More attention to physical

It’s not just software that companies need to keep top of mind. M12’s Kumar said that more companies must consider how their physical environment impacts their chance of an attack.

While that might involve thinking about how people get into a building or whether staff are allowed to take their company laptops home, it’s also about considering how vulnerable smart technology, like a WiFi-enabled thermostat or a voice assisted device, might be to an attack.

“This is going to become more and more of an issue,” said Kumar. “Many Internet of Things (IoT) vendors lack when it comes to security, both at the hardware and software level. If you think about the role of IoT security, whether it’s in smart cities or in physical systems, I think that is a problem that has not been really tackled yet.”

Trend #3: Simplification

One trend that was discussed at last year’s panel and is still relevant today is simplifying a company’s security tech needs. Dolce said that many companies use a hodgepodge of security tools. Many companies end up paying for things they don’t use or they’re not making the best use of what they have. Companies are now starting to think about simplifying.

“CEOs… are in the midst of all this transformation. And they're simply looking to consolidate these technologies,” he said. “And so these cloud native solutions have to evolve into platforms where you can add different kinds of modules to be able to bring new capabilities and new services, and combine these modules and these capabilities into a platform-oriented solution. You’re going to see companies offering platforms rather than individual point products.”

Trend #4: Security from the start

For Jeevankumar, the speed at which a company can adapt to change is important, too.

“There’s always a fight between what is time critical and what is mission critical,” he said. The CISOs he talks to are interested in what he calls “the intersection of the developer lifestyle code and cybersecurity.”

Dell Technologies Capital wants to work with innovative tech startups that have developers who can react to cybersecurity issues quickly.

“We’re looking for startups that are innovative, not just in technology, but also in a go-to market that can straddle between the developer go-to market and cybersecurity go-to market,” he noted.

To this point, Cisco’s Parthasarathi postulated that DevSecOps, where developers think about software security from the start, “is gaining religion.”

“Increasingly, security controls will be injected into the code at inception and security hygiene will be applied in production as well as run-time environments,” according to Parthasarathi.

Trend #5: Creating better cultures

Another issue for companies is creating the right culture for innovation, said Netskope’s Beri.

Some of the traditional brand-name security companies ran into trouble over the last few years because people stopped wanting to work for them. Having a strong company culture that permeates every part of the business, from recruiting and evaluating to who you take on as an investor, is critical to success.

“The single biggest thing I would say is stay true to the culture you want across your board, your investors, your team, your employees,” Beri suggested. “It pays big dividends and your customers who see it, they see how you work and they want to work with you.”

Rosch added that timing is important to success, too. Delivering products that people want is a must, but, of course, that’s easier said than done.

“I've tried to do innovation and been too early to the market, or I’ve been too late. But that timing is really important,” he said. “It’s great (we’re) in the identity space, because so many companies are prioritizing that.”

Trend #6: Build companies to last

One problem in the security startup space is that entrepreneurs are too eager to sell, which can impact innovation, said Dolce. He hopes to see more people building strong companies for the long-term.

“You don’t sell a company – you get bought,” he said. “You come to work every day and you build a company to last, and you focus on the business model and the metrics; you grow your revenue, you grow your gross margin, make it profitable, you build good innovation – innovative technologies to bring to market. And if you do that job well, then perhaps along the way, somebody may notice you.”

There are other trends to consider – BMO’s Hurley says that educating employees on cybersecurity issues will be even more of a focus in the future – but, ultimately, it’s the companies that create innovative products and the ones that can leverage new technologies that will ultimately beat the bad guys.