Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
SACON
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Surfing today’s emerging tech: A pol...
SACON 2020
Ambient computing – a wave that’s already here
• Context-aware computing – “Presencing 2.0”
• Intelligent tech ...
SACON 2020
Emerging tech categories generating this wave through
2023
The above revenue drivers are also the building bloc...
SACON 2020
Data / information has become the critical skill area
SACON 2020
Unprecedented connectivity of (smart) things
• How is this data connected to 

emerging tech?
• How do we proce...
SACON 2020
IoT / OT and next steps: Customer
experience (CX)
• The next steps are to:
• Transform “emerging tech” into

cu...
SACON 2020
Cloud – finally being used
• After much talk, we’re seeing 

actual adoption over the past 5 years
• Another pa...
SACON 2020
Surprises in the cloud space
• Two major surprise providers:
• VMWare (Dell)
• Red Hat (IBM)
• Why?
• Visualiza...
SACON 2020
5G and emerging tech
• 5G – it’s finally here (mostly)
• Capturing data where it is generated
• Edge – microclo...
SACON 2020
AI / ML finds its place: automation
• AI is often used as a subset of 

automation
• The use of tech to automat...
SACON 2020
Common realities when implementing emerging tech
• Shadow IT / Bring Your Own IT
• Skipping steps in the softwa...
SACON 2020
• Because companies have at least two different perspectives
• Information Technology (IT)
• Business leaders
W...
SACON 2020
The risks of shadow IT
Customer

dissatisfactio
n
Loss of
information
integrity
Non-
compliance
Cost
overrunsPe...
SACON 2020
The result?
• Upstream issues
• Privacy issues
• Penalties (e.g., GDPR, HIPAA)
• Loss of consumer confidence
• ...
SACON 2020
An applied example
SACON 2020
So, who is responsible?
SACON 2020
• IT workers

need to

solve

these issues
• They have

the best

perspective
Complexity: The primary reason fo...
SACON 2020
• The industry has

moved from mere

detection to issues 

involving:
• Privacy
• New ways of 

investigating

...
SACON 2020
• Most companies

can state a clear business

case
• But, the details

remain a 

problem
• IT workers

are nee...
SACON 2020
• Learn your business!
• This isn’t a technical issue
• Focus on how information flows
in your organization
• C...
SACON 2020
• We need data / business

intelligence analysts
• Turn data into information
• Identify trends
• We also need ...
SACON 2020
Threat hunters
▪ Profiling specific

attacks
▪ Can provide

characteristics

and context
▪ Situational

awarene...
SACON 2020
• SolarWinds Service Desk
• SysAid
• ImmuniWeb Discovery
• SolarWinds Network |

Performance Monitor
• Qualys
•...
SACON 2020
The indispensable IT worker
▪ Having only tech skills isn’t

enough
▪ Workers need a combination of
human and t...
SACON 2020
Cloud Seeding: A
Cloud Computing
Tutorial (CompTIA)
The Skills needed to combat today’s cybersecurity

threats ...
Prochain SlideShare
Chargement dans…5
×

(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based approach

700 vues

Publié le

This talk focuses on managing cybersecurity issues that surround today’s implementations of emerging technology, including shadow IT

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based approach

  1. 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Surfing today’s emerging tech: A policy-based approach James Stanger, PhD CompTIA Chief Technology Evangelist @jamesstanger
  2. 2. SACON 2020 Ambient computing – a wave that’s already here • Context-aware computing – “Presencing 2.0” • Intelligent tech monitors people (AI & ML) • Information you generate and use moves from: • Individuals to edge / cloud / data center • Environment to environment • Machine to machine • Part of the 4th industrial revolution • The result? • Hyper-personalization - customer focus • Data analytics and business intelligence • Control (?)
  3. 3. SACON 2020 Emerging tech categories generating this wave through 2023 The above revenue drivers are also the building blocks of the ambient computing world
  4. 4. SACON 2020 Data / information has become the critical skill area
  5. 5. SACON 2020 Unprecedented connectivity of (smart) things • How is this data connected to 
 emerging tech? • How do we process this data into
 information? ICS DCS SCADA OT IoT Sensors / actuators / radios Gateway Data AcquisitionEdge AIData center Storage Application Network ServerML
  6. 6. SACON 2020 IoT / OT and next steps: Customer experience (CX) • The next steps are to: • Transform “emerging tech” into
 customer-centric solutions • Make the architecture more efficient How do we apply AI
 and ML IoT? How do we turn this into a customer- focused solution? What about 
 serverless / edge?Should we do this?
  7. 7. SACON 2020 Cloud – finally being used • After much talk, we’re seeing 
 actual adoption over the past 5 years • Another part of the “4th industrial 
 revolution” • Azure vs. Alibaba vs. AWS, and so forth:
 It depends on your business model • Where do charges occur? • Data in and out • Services used • Integration experience is at a premium • We need workers that can convert 
 technical speak into business terms and 
 make decisions
  8. 8. SACON 2020 Surprises in the cloud space • Two major surprise providers: • VMWare (Dell) • Red Hat (IBM) • Why? • Visualization: Can manage 
 multiple environments / providers • Network management: Using SD-WAN to route IoT device traffic • Abstraction layer: Helps avoid vendor lock-in • Customer focus: History of creating useful services • Emerging tech: Ability to integrate new solutions, including AI and blockchain
  9. 9. SACON 2020 5G and emerging tech • 5G – it’s finally here (mostly) • Capturing data where it is generated • Edge – microclouds, mini data centers • Cloud • More devices to support • The good, the bad, and the ugly of 5G Good Connectivity Speed Edge capability Bad Tampering Eavesdropping Monitoring Attack surface DDoS Ugly Privacy Traffic QoS Trust models
  10. 10. SACON 2020 AI / ML finds its place: automation • AI is often used as a subset of 
 automation • The use of tech to automatically: • Launch, under conditions • Respond to situations • Improve itself (and other “things”) • Communicate with other
 machines and other people • But now, it’s all about the 
 intelligence of things. Automation Artificial Intelligence Machine
 Learning Deep Learning KubernetesDocker
  11. 11. SACON 2020 Common realities when implementing emerging tech • Shadow IT / Bring Your Own IT • Skipping steps in the software development 
 or platform deployment cycle • Not managing devices properly • No encryption • No or poor authentication • Rapid deployment of new technologies 
 workers don’t fully understand • Organizations receiving data that they 
 aren’t properly securing
  12. 12. SACON 2020 • Because companies have at least two different perspectives • Information Technology (IT) • Business leaders Why does shadow IT exist? IT says shadow IT is: BAD Business says shadow IT is: GOOD
  13. 13. SACON 2020 The risks of shadow IT Customer
 dissatisfactio n Loss of information integrity Non- compliance Cost overrunsPerformanc e issues
  14. 14. SACON 2020 The result? • Upstream issues • Privacy issues • Penalties (e.g., GDPR, HIPAA) • Loss of consumer confidence • Attacks • Ransomware, credential harvesting • DDoS • Social engineering • Forms of “technical debt” • Organizations often can’t fix 
 problems that they 
 have created by using IoT, Cloud, 
 and other solutions • Security workers are asked to fix this problem Toxic IT? Code Complexity Monoculture s
  15. 15. SACON 2020 An applied example
  16. 16. SACON 2020 So, who is responsible?
  17. 17. SACON 2020 • IT workers
 need to
 solve
 these issues • They have
 the best
 perspective Complexity: The primary reason for increased sales cycles
  18. 18. SACON 2020 • The industry has
 moved from mere
 detection to issues 
 involving: • Privacy • New ways of 
 investigating
 risk • Selective attack
 surface reduction
 
 Critical areas within cybersecurity
  19. 19. SACON 2020 • Most companies
 can state a clear business
 case • But, the details
 remain a 
 problem • IT workers
 are needed
 to manage
 these factors
 ethically Issue Where IT can help Customer Confusion Clarify product capabilities (e.g., AI, BI). Find creative solutions. Help make the customer comfortable. Risk aversion The technical and business risks. Act as liaison. Help ensure privacy concerns are addressed. Budget constraints Provide accurate information concerning cloud- based services. Inhibiting factors for using emerging tech
  20. 20. SACON 2020 • Learn your business! • This isn’t a technical issue • Focus on how information flows in your organization • Cloud-based assets • Enterprise / installed • It requires: • The ability to breakdown IT silos • Communication with business units • Ability to analyze multiple sources • Formal documentation • Network diagrams Adopting a policy-driven approach to “surf” emtech problems Asset discovery Articulate risk level Identify policy Evaluate compliance to policy Change managemen t policy Continuou s monitoring
  21. 21. SACON 2020 • We need data / business
 intelligence analysts • Turn data into information • Identify trends • We also need security analysts • Moving from detection 
 to prevention • Threat modeling • Threat feed interpretation • Cloud-aware pen testing The need for analysts • Can’t secure 100% of the 
 company • Focus on critical resources (the 25%)
  22. 22. SACON 2020 Threat hunters ▪ Profiling specific
 attacks ▪ Can provide
 characteristics
 and context ▪ Situational
 awareness ▪ Provides focus ▪ Can also use 
 threat feeds Learn how the organization communicates Identify resources essential to the organization Investigate attack techniques hackers will try that specific to your organization’s resources Proactively investigate – monitor and analyze Recommend security controls
  23. 23. SACON 2020 • SolarWinds Service Desk • SysAid • ImmuniWeb Discovery • SolarWinds Network |
 Performance Monitor • Qualys • Many open source tools Asset discovery applications
  24. 24. SACON 2020 The indispensable IT worker ▪ Having only tech skills isn’t
 enough ▪ Workers need a combination of human and tech skills • Emotional intelligence • Presentation skills • Complex reasoning • Writing • Categorizing and summarizing • Anticipating issues • Complex reasoning • Conditional thinking • Multi-vendor situations • Integration Ethics: An increasingly important ski
  25. 25. SACON 2020 Cloud Seeding: A Cloud Computing Tutorial (CompTIA) The Skills needed to combat today’s cybersecurity
 threats (RSA) Automated Pen Testing
 (Admin Magazine) Two sides of the same coin: Pen testing and security analytics 
 What’s hot in network certifications (NetworkWorld) Escaping the Cybersecurity Metrics Matrix (CompTIA) Private Eye: Open source tools for automated pen testing Admin Magazine
 Thoughts about the help desk (YouTube) The Hunt for the Meaning of the Red team (CompTIA) The Internet of Things (IoT) and Technical Debt: Why It Matters (CompTIA) James Stanger, PhD jstanger@comptia.org +1 (360) 970-5357 Twitter: @jamesstanger Skype: stangernet
 My CompTIA hub:
 https://certification.comptia.org/it-career-news/hub/James-Stanger Thank You! Latest articles and blog entries: Putting AI and ML to work (CompTIA) What is the difference between IT security and cybersecurity? (CompTIA) Observations at RSA San Francisco 2019 (CompTIA) Moving to the Cloud:IT Infrastructure and Cybersecurity skills required (CompTIA) Where the Wild Things Are: Investigating Browser-based Brute Force Attacks (November, 2019, Admin Magazine) How Technical Debt Can Damage Business
 Agility and
 Competitiveness
 (ITPro, UK)

×