04 August 2021
IoT Security, The Largest Problem We Will Face This Decade
IoT Leaders with Nick Earle, CEO of Eseye and Peter Doggart, Chief Strategy Officer at Armis
04 August 2021
IoT Leaders with Nick Earle, CEO of Eseye and Peter Doggart, Chief Strategy Officer at Armis
In 2021, there will be 46 billion IoT devices connected to our networks.
By 2024, that number is expected to reach 83 billion. Currently, there are 1 billion IoT devices connected to our networks.
And by 2025, that number is likely to reach 56 billion.
Because each connected device represents a potential breach point, this influx will pose severe operational challenges for businesses.
In this episode, Nick spoke with Peter Doggart, Chief Strategy Officer at Armis, about IoT security and why it is one of the largest cybersecurity threats we will face this decade.
What they talked about:
Join us on the IoT Leaders Podcast and share your stories about IoT, digital transformation and innovation with host, Nick Earle.Contact us
You’re listening to IoT Leaders, a podcast from Eseye that shares real IoT stories from the field about digital transformation, swings and misses, lessons learned and innovation strategies that work.
In each episode, you’ll hear our conversations with top digitization leaders on how IoT is changing the world for the better.
Let IoT Leaders be your guide to IoT, digital transformation and innovation. Let’s get into the show.
Nick Earle (00:31):
Welcome to the latest edition of the IoT Leaders podcast with me, your host, Nick Earle, the CEO of IoT company Eseye. IoT Leaders is a podcast that attempts to demystify the intriguing, the exciting, but often baffling world of IoT.
Nick Earle (00:49):
And this week I’m delighted to welcome Peter Doggart, who is the Chief Strategy Officer for Armis and we’re going to talk about all things security in the area of IoT. So Peter, welcome to the IoT Leaders podcast.
Peter Doggart (01:05):
Thanks, Nick. Great to be here.
Nick Earle (01:07):
Okay. And I think we’ve got some really cool stuff to talk about. The world of security is full of horror stories and opportunities and intrigue, let me put it that way.
Nick Earle (01:18):
But first of all, let’s talk about Armis. And Armis a pretty hot company. I mean, I know that you guys have doubled your valuation in a year. I’m insanely jealous. You’re a $2 billion valuation company. And you’re a pretty unique security company as well, in what you do and the way you do it. So just give the listeners a little overview of Armis before we dive in.
Peter Doggart (01:44):
Yeah. Would love to. And really this goes back to one of my passions. And that is trying to figure out how we go see and secure every single asset on this planet. And fundamentally that’s why Armis was created, was to-
Nick Earle (02:03):
That’s a fairly modest mission statement.
Peter Doggart (02:08):
It was try and protect all these new devices. And the reason I landed here was, again, it’s a passion of mine, it’s probably one of the largest cyber security problems we will face this decade, and probably into the next decade as well. It’s really centered around all these new devices coming on to our networks, and fundamentally thinking about their risk to the business, and the potential consequences and impact to the business.
Peter Doggart (02:40):
And we certainly believe that this influx of new devices, these new connected devices, are going to cause, and are causing, massive operation headaches for almost any business.
Nick Earle (02:54):
Yeah. For those of us who aren’t directly involved in the security, internet security, cyber security area on a day-to-day basis, we take it for granted. We don’t think about it, which we’ll get onto, because that’s part of the problem. People don’t think about it, except for the bad guys.
Nick Earle (03:16):
But every now and then, you get these incredible public horror stories. I mean, I’m thinking just recently, since the time when we spoke about a week ago to prepare for this podcast and now, we’ve had the American pipeline example, of a pipeline-
Peter Doggart (03:35):
We had JBS. Almost every day now we’re seeing attacks.
Nick Earle (03:45):
Yeah. As a company, do you monitor to those attacks? Can you actually see that the momentum is increasing?
Peter Doggart (03:53):
Yeah. This impacts almost every … actually it affects every industry, from financial to manufacturing, to oil and gas, utilities. And we are currently tracking over 1 billion IoT devices, or just assets we call them.
Peter Doggart (04:12):
And over the course of the next four years, we have seen and extrapolated out thorough our research team, we’ll likely have about 56 billion devices by 2025, connected. And that’s an astonishing amount of devices.
Nick Earle (04:33):
That’s an astonishing number of potential breach points to an enterprise. And I mentioned at that the beginning, that you do this in a different way.
Nick Earle (04:47):
I know you worked for Symantec for many years, and you ran a lot of the partner programme. But traditionally the way, at least of which I understand it, we’ve tried to catch this ball that’s bouncing down the stairs, if you like, is to try and put some software on a device.
Nick Earle (05:06):
I mean, your phone has a bit of software in it, your corporate version of your phone, your corporate version of your laptop. Armis didn’t take that approach did you?
Peter Doggart (05:18):
No. And this comes down to a fundamental fact about these devices. And it’s also important to understand what’s happening. Why are we seeing 56 billion devices coming onto the networks in the first place?
Peter Doggart (05:32):
And part of the reason for this is we are seeing this pervasiveness because they are super low cost in the first place. We’ve got bandwidth galore everywhere, we’ve got low latency now, obviously with the work you’re doing, Nick, on the cellular side with millimeter wave technologies. And it’s just very very easy to go and pick up these devices off the shelf, hardware off the shelf software, package it altogether.
Peter Doggart (06:03):
But here’s the problem. The numbers of permutations out there are vast. And it’s impossible to put a security agent, we call the business onto these devices. It’s just practically possible. I think we’re tracking on the order of 15 million different permutations of devices out there.
Peter Doggart (06:23):
So just think about being a software security company, having to design and maintain 15 million different versions of an agent, and somehow working with thousands of manufacturers to get that software onto those devices. It’s just… it doesn’t work.
Nick Earle (06:42):
It’s an unsolvable problem. And so I guess just so our listeners understand, I think what you’re referring to is you have an increasing number of devices, trackers, but you also have different software on those devices. And they can be all configured differently as well.
Peter Doggart (07:04):
Yes, that’s right.
Nick Earle (07:05):
And so the number of permutations, if you’re going to then identify a problem, issue a patch, test the patch, distribute the patch, install the patch, the number of permutations that you have to go through is an exponential problem. And you’re using a linear… if you’re trying to put software on it, and I guess the way I would describe it is we’re using linear processes, you know, here’s a patch for that device. Well, it doesn’t work on this device because it’s different software, or it’s configured slightly differently. We’re using a linear solution, essentially to solve an exponential problem. In other words, you can’t keep up.
Peter Doggart (07:48):
No. And the old way of trying to solve for this problem just doesn’t work anymore. And in fact it’s becoming less and less relevant. The ratio of what we call these managed devices, like the laptops we’re on right now, Nick, we’ve pretty much solved that with security agents from people like Windows.
Nick Earle (08:11):
But they’re not like IoT devices.
Peter Doggart (08:11):
No, they’re not.
Nick Earle (08:12):
They’re pretty tightly coupled hardware and software, as is your phone. But IoT devices are not like that though, are they?
Peter Doggart (08:22):
No, no. And the only way to solve for that is an agentless approach. It’s basically looking at the world from a networking perspective. We can talk more about that a little bit later. But Armis pioneered this approach about five years ago to take a wholly different approach to security. And that is one of the world we’re moving to in security has to be agentless in order to scale. We cannot think of this in the old world. So it has to be cloud, and it has to be agents.
Nick Earle (08:57):
So let’s double click on this, because we’re now getting down to the hub of the approach which, as you say, will ultimately become into the issue of who has visibility of the network.
Nick Earle (09:11):
But before we get onto that, so the ball bouncing down the stairs, all the device configurations, the number of devices that have been adopted. You’re trying to put a piece of software on. The companies just can’t do it fast enough. In fact, it’s getting to the point where it’s getting less and less relevant every day, point you’re making.
Nick Earle (09:29):
So therefore the paradigm shift is agentless, which basically, in case there’s anyone who doesn’t know what that means, it means you don’t put a piece of software on the end user device. You actually have central control, central policy deployed automatically to everything that’s connected, without having to put some code in all of those things.
Peter Doggart (09:53):
Nick Earle (09:53):
Which I guess means that one of the first challenges you’ve got is identifying all these devices. Is that where we’re almost stumped?
Peter Doggart (10:03):
Yeah, absolutely. I would say a good strategy, a good security strategy always starts with visibility. You fundamentally have to understand what’s on the network, what’s in your domain and what’s entering your network. And here’s the scary thing. Many organizations around the globe do not understand what’s on their network, and it’s getting worse.
Nick Earle (10:27):
Yep, I’m sure they have no idea, I’m sure. You must find customers to… you ask them in advance, and then you say, well, actually we’ll put like a sniffer on, or whatever the technology that you use to identify them.
Nick Earle (10:42):
And the two are completely different, right?
Peter Doggart (10:46):
There are so many occasions where we walk into a client’s environment, and we just spin up Armis within a few minutes, and where the client thinks they’ve got 150,000 assets or IP addresses and whatever. And then at work, we go, “No, you’ve got 700,000.”
Nick Earle (11:04):
Peter Doggart (11:05):
And the little light bulb goes off.
Nick Earle (11:06):
I could imagine a lot of things go off at that point.
Peter Doggart (11:12):
It’s quite amazing.
Nick Earle (11:13):
Really? I mean, they can be that far apart?
Peter Doggart (11:18):
I mean, that was a very interesting case, but many are at least double, 40% more.
Nick Earle (11:24):
Peter Doggart (11:25):
And it just gets to the point we’ve let this attrit so much. And the technologies have not been employed, and the maturity has not kept up with IT security at the pace of the innovation of these devices.
Peter Doggart (11:43):
So you’ve got this gap forming that has become so large, it’s opening up this wound for cyber attacks. As you noted Nick earlier, we are seeing countless attacks almost on a daily, weekly basis now, very large ransomware attacks.
Nick Earle (12:04):
You know, I got this picture in my mind as you were speaking Peter, of saying to someone, “Is your house secure?” And say, “Yeah, yeah. I’ve locked all the windows.” And you say to them, “The doors there, but how many have you got?” “Well I’ve got 25 windows and four doors.” And you say, “Well, that’s kind of interesting, because I just walked around your house, and you’ve got 100 windows and nine doors.” “Have I? I mean, really? Oh.” But actually it’s a little bit worse, is that there are people adding new windows all the time. So you-
Peter Doggart (12:34):
It’s actually worse than that.
Nick Earle (12:36):
Peter Doggart (12:42):
So you can take that analogy one step further. There’s more windows being added, with a different variety from different manufacturers of windows.
Nick Earle (12:49):
Peter Doggart (12:50):
And the guys who are making the locks, well, they’re not so good.
Nick Earle (12:55):
Peter Doggart (12:58):
They’re exploitable. And that’s what we’re seeing, is the numbers are growing vastly up. But also the vulnerabilities or the exploits of these devices are increasing. Armis over the past numbers of years have released countless vulnerability releases. Ocean’s 11 was one we released about a year and a half ago. And this one was quite staggering. This was just as I was joining the Armis organization. And Oceans 11 basically, for those who don’t know, is 11 vulnerabilities in some of the largest operating systems that reside in these IoT devices. And those devices are things like firewalls, medical devices, operation technology sensors, manufacturing equipment, all running these operating systems from VxWorks, Nucleus, RedX, ZebOS, the list goes on. And using the window analogy, it allows the attacker to basically pick that lock within about two seconds, and come in. So it’s not only the number of potential ways to get in, but frankly, the security is very, very poor with these devices.
Nick Earle (14:14):
So my understanding is, so you use agentless, so you’re identifying the windows and the doors, the openings. You haven’t solved the problem yet. You then profile all the devices. So you then build a database of, this is what you’ve got, by the way, by type of device. And then I think you go into… you look at the network data, and now we’re getting into the solution that we’re coming up to, cellular devices, which is what this is all about, which is cellular.
Nick Earle (14:46):
But before we get to that, you actually look at the behaviour and the patterns of what’s happening on those devices. So you can start to build a profile, sort of anomaly detection, behaviour, et cetera, et cetera.
Peter Doggart (14:59):
Yeah, yeah. The system-
Nick Earle (15:01):
So this is normal, not normal.
Peter Doggart (15:04):
Yeah, exactly. The system works, if you’re familiar with Tesla and their self-driving software. What they’re doing is very similar to what we’ve been doing with devices. It’s really taking vast quantities of data in, understanding what these devices are doing within the context of their environment. So we’re seeing tens of thousands, hundreds of thousands, millions of times of a device on a network, and understanding how that device is interoperating. How it’s communicating. What does it look like? What’s normal behaviour, in a medical context, in a manufacturing context?
Peter Doggart (15:39):
And only by getting this vast quantity of data in the machine learning we have both unsupervised and supervised machine learning in the backend. Can you get to the point at scale where you can at high efficacy, fingerprint these devices? As you say Nick, down to operating system versions, what protocols they’re using, what applications they’re running, down to, if you like the PRCs and the manufacturing lines, we can actually see inside the cars, the modules, and see what messages each module, and the commands of those modules.
Peter Doggart (16:19):
So you can start to gather an amazing richness of data, agentlessly.
Nick Earle (16:29):
That no human could could ever do.
Peter Doggart (16:31):
Nick Earle (16:32):
So I get it, right. But as always, the ball keeps bouncing down the stairs, and the attackers get smarter and smarter. And there’s a whole class of devices that you can’t see, right? You know, there’s two companies, Armis and Eseye. We have done a joint announcement, a security solution. We’re going to talk about that in a second here. But cellular connected devices in particular, you can’t currently have visibility. You can’t see them. That’s right, isn’t it? Because they’re not-
Peter Doggart (17:07):
Nick Earle (17:07):
… connected to the enterprise network. They’re connected to somebody else’s network, the mobile network operator. But that’s a problem.
Peter Doggart (17:15):
Yeah, that’s right. And the whole nature of Armis is it’s passive. We don’t actively scan, as you’ve noted we don’t have agents. So we have to look at the traffic. We have to inspect on the wire. Which is good, because you get to the source of truth. But you need to have access to that traffic. And to your point on the cellular side, I don’t know how many MNOs there are in the world now, there’s-
Nick Earle (17:41):
About 820-something, according to the GSMA.
Peter Doggart (17:45):
Yeah, exactly. So you got a lot of MNOs out there, and traffic is being dispersed everywhere, across loads of different MNOs. How the heck do you get that data in a cohesive fashion? It’s really-
Nick Earle (18:00):
If you don’t have the network connection. You just receive the data, which may have an attack inside it. But you can’t look at the net flow data and you can’t analyze the data. So what we must do, help the listeners, what we’ve done we’ve announced is, now that everyone’s had a good understanding of what Armis do, as those regular listeners of our podcast will know what we do as Eseye, is that we actually run our own private network. And we actually federate those MNOs together into a private network APN access. We don’t use the public internet. We become the single eye of the needle, where we manage the connection. We do the billing, we do the device management. We do the support, et cetera, et cetera.
Nick Earle (18:48):
But basically we are with a single SIM, we are actually are providing localization, not just roaming, but localization and roaming across those 820 networks, delivering 99% global connectivity. And so of course the spark that caused us to talk was, you were saying, “Well, we’ve got with this great business, which the financial markets love, not surprising, given the problem that it’s solving. But actually there’s a bigger percentage of devices that are invisible to us because the edge is growing faster than the number of the devices, the laptops printers, PLCs, aren’t growing anywhere near the rates of IoT devices. And with 5G coming along, and people talking about 5G is a better version of Wi-Fi. More and more devices are going to be cellular connected. Which means the percentage of the estate that Armis can see is in danger of declining.
Nick Earle (19:55):
With our solution because every device, regardless of which MNO it is connecting to, every device goes through our network. We’re an the eye of the needle for all traffic. And so the collaboration that we’ve announced is that with an interconnect between, an API interconnect between Armis and Eseye, the Armis functionality is then enabled across cellular networks. And that was the genesis, wasn’t it, of why this would be a good idea. We enabled you to see cellular connected devices across any MNO. It’s good for your business, and it will be good for us because what we’re saying is this is the value of having a private network, not sending stuff over the internet.
Nick Earle (20:43):
Which, you talk about the MNOs, we’ve got a lot of MVNOs saying, “Well, we solve this problem. We aggregate it.” But they solve it by actually sending data over the internet. They’re not managing the network. Whereas we run a private network. Therefore we can give you that net flow information. And so therefore you can actually run Armis on all the devices that you talked about, plus the devices that are cellular connected through MNOs. And that’s the genesis of the cooperation, isn’t it?
Peter Doggart (21:13):
Yeah, no. I love this combination. And for the very first time, an enterprise can now see all their assets, be it if they’re on their corporate network, the devices at home, in the cloud, on Wi-Fi, and now cellular. So going back to our earlier statements, it’s all about visibility. It’s all about the assets. Where are the assets? Am I getting to a single source of truth, of understanding where my assets are and what they’re doing?
Peter Doggart (21:45):
And this combination allows us to go do that, and clean up the age old problem of cleaning up the CMDBs, the configuration management databases, which power, frankly, operations of any enabled company. And I love what you guys are doing because it’s providing very secure connectivity, reliably. And now we’re overlaying the asset visibility and security of the devices.
Peter Doggart (22:14):
And I think it allows businesses to innovate, as well. Because at the end of the day, this is what it’s all about is, you can go to one of these energy companies, Exxon, or BP or Shell with its EV chargers. And now we can have a secure, reliable connectivity constantly, and know what’s going on with every single EV charger in their estate, and map it back to their management systems and other systems in their own estate.
Peter Doggart (22:40):
So it really, it truly is an industry first. And so excited about what these businesses can go and do now with this now reliable and secure connectivity.
Nick Earle (22:50):
Yeah. We’re just about to release a bit of market research in the next few weeks, my marketing manager will kill me for saying this, but I’ll pre announce it because I can, we’re conducting some market research about what are the inhibitors. You know, the famous 50 billion things that aren’t connected. We’ve talked about it a lot in these podcasts. You know, we’ve only got to 11 billion things by 2020, not 50 billion. What were the inhibitors?
Nick Earle (23:10):
And there’s a ton of them, but number one of every list is security. And so for us, we’ve been saying, well, that’s why you need APN based access, encrypted tunnels, private don’t use the internet, the whole SIM… a security certificate being stored inside the SIM. But actually what this adds is that you then can have central policy definition with automatic deployment to the edge. Because what you do is bring the policy, and the policy can then be dynamically applied to cellular enabled, cellular connected devices.
Nick Earle (23:49):
Now that, if you’re a CISO, a chief information security officer says, “Well, I’ll let these devices be connected to my network.” But I damn well need to be sure that my policy, you talked about the configuration management, it could be a configuration policy, compliance policy of which IP addresses, DNS addresses can they access. That my policy, I want to define centrally and have auto deployed to the edge. But if you can actually define central policy and have it applied to everything that’s connected to your network, and things that are sending you data that aren’t directly connected to your network-
Peter Doggart (24:28):
Nick Earle (24:29):
…then from a CISO point of view you start saying, “Okay, then in which case I’ll trust the system.” Because people lose their jobs. They don’t just lose their jobs, companies can go out of business, I mean pretty quickly as we know from some of these security hacks that we’re seeing.
Nick Earle (24:47):
So that’s the basic premise, and we’re going to be rolling that out with pilots and things. Of course anyone who’s listening, they know which companies they can contact.
Nick Earle (24:57):
But I wanted to just pivot now, and just talk about the bad actors, the bad guys. Because so far, what we’ve been doing is talking about what the good guys are doing. But the bad guys never sleep, it seems. And it seems to me, Peter, that when you hear about some really sophisticated security hacks, you think, “Wow, that was really, really clever.” But in the area, and probably they really are, have to have a lot of knowledge to be able to get into that system. But actually in the world of IoT, it seems like it’s not just the number of windows. It seems like we have an active policy of flinging the windows open, and almost inviting people in. Because these devices, they’re not secured to begin with. I mean they’re really very unsecure, aren’t they?
Peter Doggart (25:54):
It really is. I mean, we are seeing literally people pick up these devices, which have default passwords built into them. Or back doors.
Nick Earle (26:03):
Peter Doggart (26:05):
And you may think, “Oh no, no, that doesn’t happen.” Oh, no, it does. And it’s happening at alarming rates. Because it’s not at the forefront of people’s minds, as they are designed these devices. They’re at the end of the supply chain. So they’re picking up hardware components that have been developed by another manufacturer.
Nick Earle (26:24):
Yeah, they’re in a rush to get it out.
Peter Doggart (26:26):
Yeah, from chip manufacturers way back when. And you can get the really simple attacks going, okay, we’ll now try the easy vulnerabilities, the remote code exploits. And we know there’s many, many vulnerabilities out there still. The Ocean’s 11 I spoke about, that was a year and a half ago. Guess how many of those devices have been patched?
Nick Earle (26:47):
Peter Doggart (26:48):
Nick Earle (26:50):
Peter Doggart (26:50):
There are the 2 billion devices-
Nick Earle (26:53):
After a year and a half?
Peter Doggart (26:53):
After a year and a half only 3% have been patched. And it really infuriates me in a way, because we’re not taking this seriously enough. And it’s going to take another colonial attack. It’s going to take another Irish hospital attack or a JBS, or you name it in the last couple of weeks. And we need to have a wake up call, and we need to get better to put our suppliers and ourselves more accountable for designing these devices more securely in the first place. Only then are we going to get to a better place. But we’ve been trying to do this now for how many decades? And it’s-
Nick Earle (27:35):
Yeah, I was going to say, those of us who’ve been around a little while, which I’ll hold my hand up, we have been saying this. But the problem just seems to get bigger and bigger and bigger with the explosion of the endpoints in the network. I mean, the kind of weird thing is if we think the problem’s hard now, and it is compared … way harder than it was three years ago, which was way harder than five years ago. But in three years time, I mean being a dedicated IoT company with 2,000 customers around the globe, several million devices under management, I mean, we say to customers, “You ain’t seen nothing yet.” You know, you got the 11 billion, 50 billion stuff that I quoted, but there’s this thing called massive IoT coming, and 5G. It’s expanding in two different ways. There’s going to be sensors that use some form of cellular connectivity that are going to be disposable. They’re going to be … you can print the circuit, print the battery. There’s going to be tracking on boxes, clothing, eventually I don’t know, the wrapper of a chocolate bar or something.
Nick Earle (28:53):
But I have already had a big conversation today with a company that’s looking at doing private 5G networks, where you’re talking about tens of millions of things in a campus or in a large factory. So in other words, the numbers, the rate of adoption is accelerating. It’s not linear. Back to the exponential/linear.
Nick Earle (29:24):
And so even though at the very least, you can’t put… If you said one of the lessons from this, A) you never know what… if I was to summarize, nobody has a clue what’s connected to their network, is what you’ve said.
Peter Doggart (29:39):
Nick Earle (29:40):
B) even if you did have a clue, you can’t put a piece of software on them, because it’s really old operating systems and there’s too many derivatives. There’s not enough money in the world to solve that engineering problem, because of all the permutations. So you can’t put software.
Nick Earle (29:58):
So C) to use an agentless technique, which is what Armis is all about, and the other world leaders in that. D) even then, there’s a whole bunch of devices that you can’t see, therefore you’ve got to be able to see the devices that are really growing exponentially, which are the cellular connected devices. Which is why you need to go through something like Eseye, which is the eye of the needle, through which all the network traffic flows for all of those devices, regardless of the MNO.
Nick Earle (30:27):
But then what we’re saying, as we get towards the end of the podcast is that, but even that’s not enough. Because ultimately it’s just growing so fast that actually it’s almost like we need to do something else that’s not just technology. It’s almost like we need to raise awareness, right the way back to the start of the supply chain. Because it seems like we’re constantly… You know, it’s like the argument on the National Health Service, is that no matter how much money you throw at the NHS, there’s never enough. But actually if we diverted some of it into disease prevention, from an ROI point of view, it’s money better spent.
Peter Doggart (31:13):
Nick Earle (31:13):
But the disease prevention is almost like thinking about how devices are made, by people that have no consequences of it, because they just make devices and sell them. And actually building in, and security considerations much more up front than it seems to be what we’re doing right now, because we’re building these houses, if you like, with the windows open.
Peter Doggart (31:37):
Nick Earle (31:39):
It’s not like we are thinking about they have to do it. No one is really selling the fact that their devices can’t be hacked. It’s not the way we’re selling things, right?
Peter Doggart (31:49):
Yeah. There is a slight silver lining. So I do want to end on a slight positive note. It’s not all bad. We do have the tools to help, at least, now. But also I think what we need to do is change organizationally how we think about this problem. You started to mention that. The IT teams, the security teams have been moving slowly together. They’ve really got to collaborate now. They’ve also got to extend their collaboration to the operational teams too, on the ground of the manufacturing centers, and bring them into the fold. And they’ve got to work with their R&D and suppliers as well, going as far back as possible, to fundamentally understand what the risks coming into the organization are.
Peter Doggart (32:39):
And the good news is that there are models out there. There’s the nest model. There’s the CMMC model that’s being more adopted now. And I know things like the federal government in the US is pushing all the suppliers to get to, you must be level three of this maturity model to do business.
Peter Doggart (32:57):
So we’re moving in the right direction. Are we moving quick enough? Oh no. But we certainly need to solve organizationally how we think about the problem. We need to enhance our maturity and how we think about cybersecurity. And I think fundamentally we need to take, I think the human out of the loop.
Peter Doggart (33:17):
So going back to, as we engineer these problems, as we engineer the hardware and software, particularly the software elements, we’re always going to, because we’re flawed, as humans, we’re always going to put in vulnerabilities and exploits into the code.
Nick Earle (33:29):
Peter Doggart (33:31):
So if we can … and it’s called shift left, in the world of IT here. But if we can shift left, and start to remove some of the human elements of doing bad things in the first place, to your analogy about prevention on the health care front, we can get to a better place. And there are lots of companies focusing on that part of it as well. Dev ops, dev sec ops, call it what you will.
Peter Doggart (33:59):
It’d be great if we can build a machine that builds these machines, that gets to the point where that machine is so clever it doesn’t have any exploits in there. But then you start to get into the big AI world of okay, the overlords are going to take over.
Nick Earle (34:23):
But in the meantime, what we’re talking about here is such a order of magnitude improvement on what we’re doing. Because essentially what we’re doing is we’re using software techniques to recognize patterns of usage and normal behaviour, and identify anomalies across millions and tens of millions of devices, almost real time, and devices that are connected to somebody else’s network, but ultimately they find a way of sending data to you.
Nick Earle (34:52):
That in itself is mind blowing compared to what, when you were in Symantec or when I was in Cisco, if somebody had said you’d be able to do this one day in the near future, we’d have said, “I don’t know what you’re talking about.” I mean, just being able to do what you’ve described is mind blowing compared to how we previously tried to solve these problems.
Peter Doggart (35:16):
That’s right. It’s night and day. I mean, the CIOs we speak to, and the CISOs we speak to, whilst they understand what this can do, and be a single source of truth for them and help them see everything, they’re at the shoulder soft and often.
Nick Earle (35:31):
Yes. “I can sleep at night.”
Peter Doggart (35:33):
It’s a huge relief.
Nick Earle (35:33):
Peter Doggart (35:34):
Nick Earle (35:36):
Yeah. You know, Peter we’d probably leave it there on that high note, and I wanted to just thank you. I would add that also for those people who do listen to this podcast who are often in many cases, and we do get the messages, considering, they’re in the early stages of IoT projects. I think there’s another lesson here, which is that you can add security and peace of mind and central security policy be employed cellular IoT devices at the edge to one of your checklists of things that you can look at. Which will probably mean that your project is likely to get approved. Because a lot of projects don’t get approved, because they get blocked for security concerns. So I think we’ve also made IoT adoption to be at least taken away one of the barriers or one of the main push backs that we get on projects, which is “No, it’s not secure. I know this is a business outcome, but it’s not secure, so I’m not going to do it.” So I think that’s a big improvement as well.
Nick Earle (36:31):
So we’ll leave it there. One last question to you though, if anybody listening to this wants to get in touch with you, what’s the best way for them to perhaps send you a message or ask you a question? Maybe is it LinkedIn, or what’s the best way they can contact you?
Peter Doggart (36:44):
You can certainly look at me at LinkedIn, Peter Doggart. And you can find me… I am the only Peter Doggart in cyber so that’s easy.
Nick Earle (36:55):
Okay. So that’s D-O-G-G-A-R-T?
Peter Doggart (36:57):
That’s right. Yep. Yeah. Feel free to communicate.
Nick Earle (36:59):
Great. Well, thank you, Peter. Thank you again for your time. Very, very interesting. We haven’t done a deep dive on security before. So that was really very good. I suspect that in a year’s time, you can probably repeat this, and do a retrospective look back at some real case studies and stories. And then that would be really interesting to see what people are doing with this. So that’s probably one of the goals of our alliance.
Nick Earle (37:21):
But in the meantime, thank you to you the listeners for listening. This was, as you know, the IoT Leaders podcast. And if you want to send any feedback and send it to me, Nick Earle, on LinkedIn. Or an email to iotleaders@eseye, that’s E-S-E-Y-E .com.
Nick Earle (37:42):
In the meantime, thanks again. Look forward to the next podcast. And as I say, maybe an update on this very exciting area where we know there’s a lot more to come in a few months’ time as this very exciting solution starts rolling out in the marketplace.
Nick Earle (38:01):
In the meantime, thanks again, Peter. Thanks to you, the listeners for listening. And this was the IoT Leaders podcast. Thanks very much and take care.
Peter Doggart (38:10):
Thanks for tuning in to IoT Leaders, a podcast brought to you by Eseye. Our team delivers innovative global IoT cellular connectivity solutions that just work. Helping our customers deploy differentiated experiences, and disrupt their markets. Learn more at eseye.com.
You’ve been listening to IoT Leaders. Featuring digitisation leadership on the front lines of IoT. Our vision for this podcast is to be your guide to IoT and digital disruption. Helping you to plot the right route to success.
We hope today’s lessons, stories, strategies, and insights have changed your vision of IoT. Let us know how we’re doing by subscribing, rating, reviewing and recommending us. Thanks for listening. Until next time.
Build the IoT estate that meet your needs now – and ten years from now. It’s why global leaders trust Eseye.