Accelerate 2017 Update General Sessions Overview – Day Two
The second day of Accelerate continued to raise the bar on both content and vision. Here is a quick overview of the general sessions:
Opportunities – Phil Quade, Fortinet CISO
Phil Quade recently joined Fortinet after three decades of service in the intelligence community, where he most recently served as the head of the Cyber Task Force at the National Security Agency. After examining key trends in the growth of cyber technologies, Phil provided the Accelerate audience with a unique view into where the accelerating transformation of the cyberworld is headed, along with the opportunities available for organizations willing to embrace change.
Phil started by arguing that the offense/defense American football analogy used by many to describe the tension between cyberdefense and cybercriminals no longer applies. In today’s hyperconnected world, cybersecurity no longer has ‘boundaries,’ there’s no time to regroup between each ‘play,’ and offense and defense must be on the field at the same time.
He then walked through several “inflection points” that are having a huge impact on the world in which we work and live, describing the critical catalysts for change that happened in the past, and then outlining emerging opportunities that successful organizations will need to be ready to capitalize on. In the following summary I will focus on the key opportunities that Phil outlined in his presentation.
Computing Hardware: The next important advancement in computing hardware will be driven by embedded hardware, such as those found in smart IoT devices such as cars and appliances, and the convergence of IoT and OT networks with IT which accelerates our ability to gather and respond to critical information, but also represents an entirely new surface area of potential risk.
Computing Software: Likewise, new software, such as highly sophisticated and interconnected applications and rich cloud-based services, are transforming how and where data and information lives and is used. From a threat perspective, security now needs to be able to mitigate risk at all places in the enterprise. Because of the distributed nature of data and resources, the best place to mitigate the risk of software vulnerabilities might be at an entirely different place in the overall enterprise than where we normally apply controls.
Communications: Expanded bandwidth has completely transformed human-to-human, human-to-machine, and machine-to-machine communications. It is critical, ubiquitous bandwidth. Emerging communications protocols, such as lightweight (low bandwidth and close range technologies, etc.) and multi-sourced communications are the next domains of the communication evolution, and will require new security solutions and strategies.
Information: Often, we talk about “data” when what we really mean is “information.” We have been producing information for a long time, but never at the current scale. And we have now begun to develop effective means to automatically share or inject it in ways that can dynamically affect our lives. The commodification of information, extracted from the volumes of raw data being generated by distributed networks and IoT, is fueling our transformation to a digital economy. In this new paradigm, we treat information both as currency and intellectual property. Securing this valuable resource, however, is increasingly difficult due to its highly distributed and auto-generated nature.
Immersion: The gaming world, with innovations in IoT and virtual reality, has begun to have a huge impact on our daily lives, especially in such areas as medicine, warfare, and travel.
Security Frontiers: Because technology now plays such a central role in how we live, work, and communicate, effective cybersecurity has become necessary to ensure our economic competitiveness, pursuit of happiness, and a government that can more effectively serve the people.
Intelligence and National Security: The lines between public and private life continue to blur. While the defense of the country continues to be the responsibility of government, the security of cyberspace increasingly needs to be a shared responsibility. Today, both the public and private sectors need to contribute and collaborate to the countries’ overall cybersecurity posture.
Threat: The nature of threats has changed, and can come from virtually anywhere. Individuals, organizations, and governments have friends, enemies, and even “frenemies.” And it is increasingly difficult to distinguish between them. And sometimes, our own worst enemy is our own personal bad or uninformed choices. It is critical, therefore, that we be able to mitigate cybersecurity risks no matter the source or actor. Unfortunately, most people don’t have the skills or information to do this effectively. Those with high-end cybersecurity expertise and capabilities will need to be leveraged more to help those will don’t possess those skills.
Perception of Security: Historically, security has been seen as a necessary evil; something that says ‘no’ instead of yes,’ and that puts a drag on innovation rather than functions as an enabling solution. Because security is more critical than ever, that perception needs to change.
Security Architecture: Fortinet’s fabric approach is a game-changer, and we need our customers to see that. The fabric is designed to reduce complexity and increase security at the same time.
Phil concluded that if the problem is speed and scale, the solution must be based on automation and integration. Fortinet has three things that organizations can count on: a compelling and transformative vision and strategy, a core technical advantage, and a very unique access posture.
Building the Cloud Future Together – George Moore, CSO of Microsoft Azure Compute, with Richard Hannah, VP of Information Services at Gibson Energy.
Simplifying with Cloud – Barry Russell, GM of Global Business Development at Amazon AWS
These were two different sessions, but the messages from Microsoft Azure and Amazon AWS were very similar: the cloud is radically transforming how organizations build infrastructure and even conduct business.
Some of the most interesting highlights from these presentations included:
Microsoft: According to IDC, more than 65% of enterprise IT organizations have already committed to hybrid cloud technologies, and 40% of partner revenue will come from cloud-related products and services in the next two years.
IoT plays a critical driving force in the adoption of cloud. Most on-premise networks not only have a security interest in redirecting their IoT traffic to the cloud, but many are simply unprepared to handle the volume. Microsoft Azure reported that it ingested over 21 Trillion IoT messages in December 2016, up from 1 Trillion in January 2015, and that they will soon be tracking IoT data in the Trillions of messages ingested per day.
One of the biggest issues standing in the way of cloud adoption, however, is that CIOs and CISOs lack visibility into the cloud, and control management is now very distributed, but with no real insight into the security state across cloud deployments. And enterprises are bringing on-premises security issues with them to the cloud, including disconnected point solutions, noisy alerts, and advanced threats.
The challenge comes down to trust. Cloud providers not only need to ensure inherent security monitoring and threat management capabilities, but also provide access to security vendor solutions that can be integrated with on-premises technologies in order to provide seamless visibility, policy distribution, and control across the hybrid physical and cloud environment.
Richard Hannah, VP of Information Services at Gibson Energy, then joined George Moore from Microsoft on the stage for a Q&A about how Gibson is leveraging cloud and IoT in their mid-stream energy business. Transporting and processing oil and gas from hundreds of extraction points to the end customer involves large volumes of data and communication. Richard explained how Gibson has improved its efficiency and recognized a significant ROI by utilizing cloud technology and services from Azure and Fortinet. Richard’s advice on moving to the cloud was for organization to put network design at the core of their planning process, and include security from the start to get it right.
Amazon: The most compelling information shared by AWS was the number of large corporations that aren’t just adopting cloud as an extension to their network, but that have actually fully committed to completely jettisoning their physical data centers and replacing them entirely with a cloud solution.
Obviously, this represents another significant challenge to network hardware manufacturers, who have already begun to see the dramatic erosion of edge computing and routing platforms. It also seems pretty clear that SDN, which has just barely emerged as a physical infrastructure alternative, may also begin its decline almost before it started.
Barry explained that the benefits of the cloud include the ability to dynamically spin up new resources to manage increased workloads, the advantage of only paying for those resources being used, rather than under or overprovisioning hardware boxes or software licenses, and the huge AWS Marketplace of networking, data management, analysis, and security tools, including a large suite of Fortinet solutions that can be integrated into the Fortinet Security Fabric architecture, available to users at the click of a mouse.
There are also growing opportunities for resellers to provide planning, design, implementation, and ongoing operational management services to customers who want to outsource their entire infrastructure, while earning commissions on those software services implemented in their customer’s cloud environment.
Capitalizing on Security Trends – Zeus Kerravala, Founder and Principal Analyst at ZK Research
The general sessions concluded with Zeus Kerravala, principal analyst at his ZK Research firm, providing an encouraging look at the future of a digital world.
He started with two thought provoking quotes. The first, from Marc Benioff, CEO of Salesforce, stated simply, “Speed is the new currency of business.” This fits nicely with one of Fortinet’s primary corporate messages, which is “Slow is broken.” Given the requirement for immediate critical business decisions based on the timely processing and implementation of data-driven information, speed is more critical than ever, including the implication that this needs to also include automation so that human beings can get out of the way.
The second quote, from Dan Schulman, CEO at PayPal, stated, “The biggest impediment to a company’s future success is its past success.” The conclusion is that CIOs must think differently if they want to compete, and survive, in the digital era.
Here are some more interesting data points from this presentation:
· IT has become increasingly more complicated, with changing traffic patterns creating new security risks. At the same time, the number of entry points into the enterprise will continue to grow exponentially. Because of these factors, traditional security methods are no longer sufficient.
· The problem with traditional security is that it is focused almost exclusively on protecting the perimeter of the enterprise, However, BYOD, cloud, WiFi, and other trends have increased the number of potential attack surfaces by 10X. At the same time, security teams continue to have a lack of visibility into the extended internal environment.
· Complexity is the enemy of security. Today’s enterprises have an average of 32 security vendors deployed, and most of these operate in an isolated silo. In addition, 90% of security spend is focused on the perimeter, but only 20% of breaches occur there. Which is part of the reason why it takes an average of 100 days to find a security breach. The current state of security is not scalable, and businesses are falling behind.
· Most security professionals are blind to IoT. The fact is that IoT devices are often deployed and run by the operational technology (OT) group, and IoT endpoints are often connected without the knowledge of the security team. And in most organizations, the IT and OT teams are not aligned.
· Security needs a rethink. It needs to be fast, simpler to deploy and manage, and address an increasingly borderless world. It also needs to not only be pervasive, but interconnected. Point security products create too many blind spots, making security more complex, not less. And as much as possible, security needs to be automated.
· The Fortinet Security Fabric was designed for the Digital World. Not only is the breadth of Fortinet’s portfolio unparalleled in the industry – covering cloud, physical networks, traditional and software based perimeters, the distributed edge, and applications – it is also based on a unique combination of advanced silicon + hardware + software which enables the consistent implementation of security everywhere. Silicon (SPUs) enables cost effective scalability. Fortinet solutions operate at digital speeds, in real time, providing broad and powerful security anywhere across the distributed network, and its open architecture enables the deployment of a broad and highly integrated ecosystem of security solutions.
Closing Party at the Marquee Nightclub, Cosmopolitan
I wasn’t planning on providing a review of the closing party, but I have been to dozens of these over the years, and have never seen a group of folks at a vendor party having such a good time. Good food, live bands, a great DJ, an open bar, and lots of dancing capped off a great event. To me, it was physical proof of something that an analyst said during the event: “Fortinet is cool again.” Of course, we always were. Now we’re just even cooler.