Clicky

Cybersecurity and the Role Hardware Plays in the Enterprise Security Journey – Futurum Tech Webcast Interview Series
by Shelly Kramer | March 17, 2021

On this episode of the Futurum Tech Webcast, Interview Series, I was joined by Dell Technologies’ Rick Martinez and John Boyle for a conversation about navigating the hardware security journey. Rick is Senior Distinguished Engineer, Sr. Director at Dell Technologies and John is part of Dell Technologies’ Cyber Security and Supply Chain Defense Product Management team.

Enterprise-wide security requires a shield, or a security posture, that follows and protects devices throughout all aspects of the hardware journey, encompassing the external supply chain, internal implementation, and ongoing end-user operations and device management.

Four Keys to Navigating the Hardware Security Journey

Our team at Futurum partnered with Dell Technologies to develop the white paper: Four Keys to Navigating the Hardware Security Journey and this conversation covered some of the key insights in the report. This was a long-term research initiative that began in 2019 and concluded in mid-2020.

We wanted to better understand the level and types of threats encountered by companies today, and the measures, practices, and policies those organizations employ to address these threats throughout the entire security journey.

Our research included an in-depth study of over 1,000 technology and security pros directly involved in the planning, implementation, management, or operations of security, risk, and compliance activities related to device-level security.

The demographics of our survey group included:

US Federal Government – 29%
State of Local Govt & Education – 30%
Defense Industrial Base – 17%
Critical Infrastructure Sectors – 22%
Commercial Industries, 2%

Our conversation in this roundtable discussion centered on the four key insights derived from this research

  • Understanding you are the target —security threats can come from all directions, both internal and external, malicious or accidental, found in your end-user devices and throughout your partner ecosystem and supply chain. And they can be in software and in hardware.
  • Security is built from the ground up —and needs to be a foundational part of business operations. Security breaches must be detected to be observed, and organizations with a security framework in place may be better able to identify and stop attacks. Below is data from our report.
    Cybersecurity and the Role Hardware Plays in the Enterprise Security JourneyCybersecurity and the Role Hardware Plays in the Enterprise Security Journey
  • Every security journey needs guardrails and frameworks — 75% of enterprises that utilize a security framework say they have experienced a security breach in the past. Conversely, enterprises that do not utilize a security framework say they have not been breached — ever.

Cybersecurity and the Role Hardware Plays in the Enterprise Security JourneyCybersecurity and the Role Hardware Plays in the Enterprise Security Journey

  • Security paradise is found by the dashboard lights — really! We believe that it’s hard to identify what you can’t see. When it comes to the enterprise security journey, dashboards are mission critical.

What’s ahead in the industry as it relates to hardware security and what are security teams focused on? We shared insights around that in our conversation, and here’s a look at what our survey respondents shared with us.

Cybersecurity and the Role Hardware Plays in the Enterprise Security Journey

Our survey respondents shared what initiatives their organizations were focusing on over the course of the next 12 months. Those things included:

Cybersecurity and the Role Hardware Plays in the Enterprise Security Journey

Rick and John and I wrapped up our conversation sharing thoughts on what executives can do to prepare their businesses for the current threat landscape as well as future changes. They also shared some use case examples of what Dell is doing for customers and how that is working.

You can watch the interview here:

Or grab the podcast here:

And we hope you’ll download the research report: Four Keys to Navigating the Hardware Security Journey for tons more information and insights to help you plot a strategy for your own enterprise security journey.

You can find and connect with Rick Martinez on LinkedIn here, and find and connect with John Boyle on LinkedIn here. And of course, if we’re not yet connected on LinkedIn, let’s fix that! You can connect with me on LinkedIn here.

Disclaimer: The Futurum Tech Podcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

Read more analysis from Futurum Research:

EU Case Against Amazon Appears To Be Running Out Of Steam

More Security Woes For Microsoft’s Exchange Servers As Threat Actors Get Busy — Patching Is Urgent

How To Create More Meaningful Connections In A Remote World – Futurum Tech Webcast Interview Series

Transcript:

Shelly Kramer: Hello, and welcome to this episode of the Futurum Tech Webcast. I’m your host, Shelly Kramer. And this webcast is part of our Interview Series. We’re here today to talk about security. Enterprise-wide security requires a shield or a security posture that follows and protects devices throughout all aspects of the hardware journey. That encompasses external supply chain, internal implementation, ongoing user and user operations, and device management. So sometimes when we talk about security we forget about the hardware part of the security journey, and that’s what we’re here today to talk about. Our team at Future, partnering with Dell Technologies to develop a white paper. Four keys to navigating the hardware security journey. And I’m joined here today by Rick Martinez and John Boyle from Dell Technologies for a conversation about navigating that hardware security journey. So Rick, welcome. Tell us a little bit about yourself.

Rick Martinez: Thank you. Thanks for having me. I work at Dell Technologies in the experience and innovation group, and you can kind of look at this as a CTO group within our client organization. So in the experience and innovation group, I developed strategy for Dell PCs. So I’m looking usually three to five years out, looking at the threat landscape, making sure that we’re protecting our customers mitigating against the latest threats. I’ve been at Dell a little over 24 years, and I’ve kind of gone from the bare metal up. I’ve done motherboard design, BIOS, BIOS security, and now security strategy. So definitely well-invested in this area.

Shelly Kramer: Absolutely. Well welcome, it’s great to have you. And John, you and I have known each other for a very long time.

John Boyle: Yes, we have.

Shelly Kramer: Tell us a little bit about yourself.

John Boyle: Well, I’m John Boyle. I work very closely with Rick in our team, which is the Client Solutions Group and I’m in product management. And so we work on the solutions for our devices below the operating system. We focus in supply chain. We focus on endpoint security. And I started with Dell around 2011, been in the industry for about 30 years through a lot of work with Oracle and other companies. But the work we do, very excited. Always work with Rick and our customers, and very important and happy to be here.

Shelly Kramer: Awesome. So let’s start off by just kind of giving you some background about this research survey and report that we did. This was a long-term research initiative. We started in 2019. We finished it up in mid-2020. We wanted to better understand the level and types of threats that companies were encountering and the measures and the practices and the policies that they were employing in order to address those challenges of security challenges, and really kind of get a view of the entire security journey. And our research included an in-depth survey of over a 1,000 technology and security pros who are directly involved in the planning, implementation, management, or operations of security, risk, and compliance activities related to device level security.

Our demographic of the group included U.S. and Federal Government, state and local government in education, defense, industrial base, critical infrastructure sectors, and commercial industries. And we focused on four key insights that we derived from our research. And that’s really where we’re going to start. And for that, Rick, I’m going to throw it to you and talk a little bit about that first insight that we landed on in understanding that you are the target.

Rick Martinez: Sure. So, especially for things that we do at Dell, Below the Operating System Security, hardware security, firmware security, things like that. A lot of customers have historically thought that that’s an area of nation states, espionage, IP theft, things like that. But the reality is, we found that a lot of customers are being targeted by these advanced or sophisticated adversaries. And so it’s pretty much something that everyone needs to take into account into their threat model and into their security plan.

Shelly Kramer: Absolutely. John, do you have any thoughts there?

John Boyle: Yeah, I think that when we initiated this with you, my focus, one of the requirements was, let’s try to get a broad sampling. A lot of times there’s, and a 1,000’s a pretty good sample if you look a lot of surveys. There’s a lot of assumption around, security means this let’s say to a certain segment, it doesn’t really apply as much to another segment. But we talk about the governments are definitely an area we want to hear from. Defense, industrial base, like the companies like Lockheed for instance. And then what people don’t really think about is critical infrastructure, like financial services, right? So we got a good sampling. And one of the things that Rick’s touched on is that everybody’s a target, and whether they’re the direct target or the end goal, or whether they’re part of that target, the path to the execution, we all need to be aware that there are vulnerabilities we need to pay attention to.

Shelly Kramer: Absolutely. Absolutely. And you know, it seems like Daniel and I just did a webcast earlier today, and security is just, is and should be top of mind for every person from every part of the organization from the boardroom down. And it’s just every day there’s another major hack, critical infrastructure problems. I think we read recently about an attack on a wastewater treatment plant. I mean, they’re just, utilities are a target. Governments are a target, healthcare is. It’s just there almost isn’t anybody that’s not a target. So it really is a very big deal these days. So talking a little bit, moving on through our key insights, and another one of those is that security is a journey that begins in the supply chain and, John, you’re kind of my supply chain expert. So talk a little bit with us about supply chain and what you’re seeing there?

John Boyle: Well, to put it in the Dell perspective, our view of supply chain is that, first of all, everybody has a different view of when they think of supply chain, like trucks moving around the country. From our view, I try to just compartmentalize it in four phases that Rick and I and our team is focused on. Where the parts source from, the assembly. Who’s making those? Who’s part of that process? And so the manufacturing part of it’s very important, and we had a lot of questions about that.

The next phase is, how do you assemble your products? And that could be the actual physical device itself. Again, where it’s done, who’s doing it, but also on the digital supply chain side, because there’s the physical aspect of our devices, but there’s the digital aspect like our BIOS, our firmware, software on top of the operating system. All that is part of the digital supply chain that also we’re worried about who were having code on those products and areas so that everything is secure through that assembly and build process.

The next thing is that we also do a lot of customization. So any customizations you do, you need to have some of the same processes in place. In the factories, [inaudible] of data from people knowing who’s getting shipped what. Making sure that the BIOS says the same as it is every stage of the way. And then the delivery and shipping is a big concern for customers, especially the big changes we’ve seen after COVID with the delivery models they have.

And finally, we get to the traditional part of the end user’s use of the devices or technology, which people don’t really consider part of the supply chain, but as the customer life cycle. Through that whole life cycle of let’s say a Dell product or another product you’re getting updates and patches. And eventually you want to have a way to securely, an eco-friendly way to end of life those solutions. And so that’s how we view the supply chain, as broad as that, and the digital security, the physical security, and then the personnel security of the teams involved every step of the way. And so it’s a very broad and deep focus that we have.

Shelly Kramer: Yeah, absolutely. Rick, do you have anything you want to add there?

Rick Martinez: Yeah, I like to borrow a phrase that a colleague once said in a meeting, it kind of offhanded was, “Everything that we do is supply chain.” It’s not just Dell. It’s your customers, your customers’ customers, the end users. It’s all part of some aspect of somebody’s supply chain. So it kind of drives the discussion to a very broad set of audience. So everybody’s part of the supply chain and you need to be talking about it like that.

John Boyle: Yeah, and there’s one quick thing on there. A good example of that one, Rick, is the discussion we’re having around the fact that everybody inside the company is part of supply chain. And that includes an example of the let’s say some code that a development team is creating on the development side of the cloud build process. Before they push it to the say the tenant, they are part of that supply chain, that digital supply chain. Or anything that pushes to an end point, making sure that those processes are secure and the people working in those processes are just as conscious of their obligation to the supply chain as people in the factory.

Shelly Kramer: Yeah, absolutely. You know, I’m looking at one of the data points from our survey around how significant a concern hardware supply chain threats are to organizations and what our respondents told us. And not surprisingly, 39% of people told us, “Validating what was ordered versus what was actually received is probably their most significant concern.” That makes perfect sense, where the components are made. Today of course that, especially with COVID and supply chain problems and things like that, where things are made, 35% of people said that that was a significant concern. Who makes the components? Brand reputation, credibility, trust, that makes a lot of sense. 34% of our respondents told us that was important. Who’s assembling the devices? Who is assembling them and where are they assembled, and how the devices are packaged and shipped? And who’s delivering the devices from the manufacturer?

So I think that, so customers are telling us that this is really, really important to them. So I think that’s an important thing for anybody listening to this conversation to just think about it, it is brand trust. It is credibility. It is having faith and confidence in every part of the supply chain that people look to when they make a decision about what vendors they want to work with. And none of this is surprising, right?

Rick Martinez: That’s right. And specifically for PCs, one of the things that’s changed recently is the work from home, right? So now a lot of our customers are buying systems and they’re not necessarily sending them to their IT department or to their loading dock. They’re going directly to end customers. So yeah, the whole component of validating what was ordered versus received, I think that’s going to be huge, because you no longer have a central place in most companies to do that work for you. Sometimes it’s happening at somebody’s … Their porch, or their apartment, or their house.

Shelly Kramer: Right. Well, I will say that I have twin 15-year-olds who are high school freshmen who are armed with Dell computers. And I don’t know their, I’m going to fail at the language, because my computer doesn’t do this. It’s a tablet, so it flips over. It’s not a tablet, but if, what’s that called?

Rick Martinez: A 2-in-1.

John Boyle: 2-in-1.

Shelly Kramer: And they love it. I mean, doing their geometry homework and everything else. And I do go through a lot of pens, stylus things, that’s yeah. I need a lifetime supply of those. So let’s talk a little bit about security and the fact, another key insight from our research study was that security is foundational. It’s built from the ground up. And I will say this, I mean, if I’ve had a dollar for every time I’ve said the word security is foundational, it has to be the foundation of every single thing that you do, I would be a very rich person. This is not a newsflash, okay? But we do, it is a reality and it’s sometimes not a reality in throughout the enterprise. So it is important. So talk with us a little bit about, who wants to take this one, Rick, John? Who wants to take this one?

Rick Martinez: I’ll start, and I think John can chime in.

Shelly Kramer: Go ahead.

Rick Martinez: As an OEM or a system manufacturer, we are very much aware that the systems that we ship to customers and that they deploy in their enterprise really is the foundation of security of their enterprise. And you can’t build a strong security strategy or solution on top of a shaky foundation. So we take that to heart. We’ve been investing in our BIOS Security and Below the OS Security for over a decade now. We’re just now kind of coming out and talking about it more, which I think is great. It raises awareness of the importance of that foundation, but there’s definitely a lot of things that we have built into the system to kind of solidify that, so that customers have something strong to build on top of.

John Boyle: And I think that from a different angle, a lot of the conversations I’ve had with customers over the past couple of years, one thing is that it’s okay to think about your security strategy and say, “I need to know what I don’t know.” And so a product is not going to be your single source of a security solution. One of the things that Rick and I talk to a lot of times, and there’s a great paper on this concept is that every successful attacks starts at a point, and there’s a successive series of things that need to happen called the kill chain for that to execute.

And so, one way to think about it, to answer the question we have with customers is, don’t think of like, “Can this solve my security problems?” But what barriers can you put into place? How can you improve your security posture so that you do as much as possible in partnering with a technology partner like Dell for instance, that can help you prevent a successful kill chain from executing?

And so people are part of that process and products are part of that process. The supply chain is part of that process. But there’s been some very significant conversations we’ve had where you would just expect people to say, “Well, they must be on the ball with security.” But people are looking to have the conversations and have the guidance to really get ahead and look to the people that are providing solutions, not only as solutions providers, but as technology partners and security partners in the thought leadership of what we should be doing.

Shelly Kramer: Right, absolutely. What I think is interesting as I was looking through our data in the report, you don’t know what you don’t know. And we found that 44% of organizations said they’d had at least one hardware level or BIOS attack during the prior 12 months. External attacks are the most common, and experienced by 56% of all overall. Who’s been hit with the most attacks? Not surprisingly at all, the U.S. Federal Government tops the list at 67%. And I think look at the SolarWinds hack, look at what’s in the news today. I mean the Federal Government across the board is a very, and has been for a long time a very attractive target.

The other thing that I thought was really, really interesting is that it is actually a matter of perspective. And you have to be able to have a way to detect security breaches to know that they’re happening.

And I know that when we ask people who did not have some kind of a security framework and a dashboard in real-time insight into what was happening, those are the people who said, “Yeah no, we haven’t had any breaches.” And just because you don’t know about them doesn’t mean that they’re not happening. So I thought that that was really interesting, 54% of people who had a security framework said that they’d been hacked within the last 12 months, 21% of people who had no framework at all said, “Oh yeah, no, we don’t have anything going on.” So again, you don’t know what you don’t know, and if you don’t have insight into your systems, you have no idea.

Rick Martinez: Yeah. And I think that’s why that 44% of organizations having at least one hardware or BIOS attack is actually probably a little bit low-

Shelly Kramer: Yeah, I know.

Rick Martinez: … because as you mentioned, there’s not a lot of tools out there to detect this stuff today. So the fact that they’re 44% is probably a little bit conservative.

Shelly Kramer: I agree.

John Boyle: I think the other thing is that a lot of ways people look at security as let’s … It’s pretty easy to identify when the door is broken open to your house. One of the viewpoints we take is, imbuing in Below the OS stuff to also be able to identify the behaviors that align with potential threat so that you can find out before somebody breaks the door down to your house that they might be thinking about doing so.

And so again, there’s that forward-looking threat intelligence, preventative perspective, but then one of the key things that we always run into is that once you discover something, there’s the importance of the mean time to detection, like how fast can you detect something? And then that gap between mean time to resolution. And so it’s just kind of, there’s a lot of solutions that we’re working on that we also interface with. And we just look at the industry that there’s some that are in front of the curve as far as threat assessment. And there’s some that really are meant to get ahead of like, “Did I get attacked? How fast can identify that and how fast can I kind of lock it down?” So.

Shelly Kramer: Right, absolutely. So I want to talk a little bit about guard rails and how every security needs, every security journey needs guardrails and frameworks. You want to talk with us a little bit on that point, Rick?

Rick Martinez: Sure. So, the two frameworks we’ve talked about in the paper are the NIST Cyber Security Framework and the MITRE ATT&CK Framework, and really for me this gives us a good jumping off point for conversations with customers, right? So even though kind of Below the OS threats and things like that aren’t necessarily accommodated by those frameworks, they do align to the different sections. Protect, detect, respond. We can talk to customers about specific BIOS things in those contexts. So it puts it into a common language and it helps it kind of stick with our customers.

Shelly Kramer: Right, absolutely.

John Boyle: I think that one thing that’s called out there is obviously it aligns with a lot of discussions we have that there’s a lot of entities out there that understand, they understand NIST, they understand MITRE. They may have a Band-aid to let’s say align with one of those at a certain date. But the communication we’ve had is it’s definitely challenging. I think one of the things that’s interesting maybe to call out, even with the conversation with Daniel sometime is that when you think about digital transformation and some of the pillars he calls out and you guys discuss, organizational silos are a real barrier to-

Shelly Kramer: Everything.

John Boyle: Yeah, with these standards, you can talk about security. And so if you talk about security standards, looking at what’s silos and how you can get the groups talking together and aligning on these standards, that is a form of digital transformation.

Shelly Kramer: Absolutely.

John Boyle: And so security is definitely relevant to that in my eyes.

Shelly Kramer: Absolutely. You’ll get your argument from me there, I’m kind of the security geek. I’m kind of the security geek our team. So, absolutely. So what’s ahead for the industry? When we asked our survey respondents what initiatives they were focusing on over the course of the next 12 months? Here’s what they told us. That they were, 53% wanted to improve advanced threat intelligent capabilities. Good. 48% said they wanted to use and implement cloud-based security services. Those are the top two hot buttons for the people that we surveyed over the course of developing this research. 35% said they wanted to mobile security capabilities and improve hardware security. That was a tie. 34% said they wanted to use or implement managed security services. Makes perfect sense. This stuff is hard to do by yourself. 32% said they wanted to improve incident response and forensic capabilities.

Another 32% verify supply chain, source IT components, and 31% wanted to improve security analytics capabilities. So across the board these were very high level concerns for a lot of people. And so, if you’re thinking about these things, know that you’re not alone. And many other people are out there looking for, planning these same kind of initiatives. So I mentioned a minute ago dashboards, and the fact that truly paradise, as geeky as it is, paradise is found by the dashboard light. So John, talk a little bit with us about the importance of dashboards and detecting issues?

John Boyle: So I think we asked this question, because a lot of times with many solutions, not just security, my experience as a product manager, people want to create reports. They want to create dashboards and they want to create alerts. And the reality with the customers is, is they get a lot of alerts. If they have all the solutions they have in their environment, times all the alerts that all the solutions provide, part of the problem is parsing through those and focusing on the most critical alerts to pay attention to. And so the dashboard question was more focused on identifying, like what’s the primary things they use to manage the flow of information, whether they’re alerting and security, that sort of thing. Because we were trying to zero in on, how can you align with what they are you’re using?

Or is there common standards or preference, because one of the complaints, or I guess friction points with a lot of customers using many solutions is that there’s many dashboards. And so the dashboards are important. And then the filtering and prioritization of alerts are important. That whole concept I spoke earlier, which is mean time to detection, and mean time to resolution. So there’s a lot of good advancements in that, but I think we got some good insights as far as what people felt like some of the things they were using. Like they’re probably using one or two dashboards primarily, which is kind of what I hear, but definitely not 10.

Shelly Kramer: Definitely not 10.

John Boyle: Definitely not 10.

Shelly Kramer: Definitely not 10. Rick, do you have anything to add there?

Rick Martinez: Yeah, and as we started kind of innovating in sensors deeper and deeper below the iOS, the last thing that we wanted to do was to contribute to alert fatigue. So, as John mentioned, finding out what customers are using, what they like best from a dashboard perspective, and being able to provide integrations of our new technologies and new data streams and alert streams into those common tools, I think is important to again, not create additional fatigue or additional client agents on the box and things like that.

Shelly Kramer: Super important. Yeah, I think we’re all alert fatigued, for sure. So I want to talk a little bit for our audience today about, what can people do to prepare for the current landscape and future changes? I mean, what we know is that we live in a world that’s a fast and furious world. Technology is advancing at a more rapid pace than ever before. That is not going to stop. The threat business is a very lucrative business. From a global standpoint, there are people whose jobs it is every day to figure out how to break into stuff and how to steal information and everything else. So what do you, for executives and business leaders listening to this conversation, watching this conversation, what can they do to prepare?

Rick Martinez: So I always start with threat models, right? And even executives can threat model. Start thinking about your own businesses’ threat model. Think about your assets, potential incentives that adversaries have to target you and your business. But I think the most important part, especially after this research and the great things that came out of it are that nothing is really out of scope these days. And nothing is a just a nation state thing anymore, right? These are attacks that are targeting everyone. As we mentioned, those need to be within scope of your threat model. And you need to identify those and be able to have some kind of mitigation or some kind of plan for that.

Another thing that we’ve seen that I think is really important is that most technologies and most technology areas don’t really have a crystal ball. Security kind of does, right? A lot of these more sophisticated adversaries that are at the leading edge of some of these attacks, while they’re not targeting everybody today, they probably will in the future. So that gives you kind of a good roadmap, a good lens to kind of use to think a little bit further out on that model and those mitigations.

Shelly Kramer: Yeah, absolutely. John, do you have anything to add?

John Boyle: Yeah, I think that, especially since we did this survey and then we’ve, I haven’t seen Rick in person in a year, so it’s this whole … That’s as far as the change that we’ve had since we’ve done this survey. The lift and shift has been a little bit different and it brought new questions. And so with things moving so fast, not only this, the threat assessment and threat modeling, but I think that organizations should not view where did they get their security products, but with those providers, who’s their technology partner and security partner? Because the relationship should be there to have a two-way conversation about how to address unique situations with hardware or software, or the flow of information. And I guess that doesn’t come from just the product alone.

The other thing is, is that people have a part in this and education is a big, big thing. So understanding how you take an attack for instance, a digital attack, and you really break it down and you look at the kill chain, understanding what made us successful that you can evaluate your environment proactively. That’s an ongoing process, because as you said earlier in the conversation, brands are built over time with a lot of effort. And some of these things have really hit brands in a hard way, very fast. And so it’s worth to be proactive. It’s like preventative medicine, you know? Go to the doctor before something’s wrong. So I think that that’s a big message.

Shelly Kramer: Yeah, I agree. And I think that what we’ve seen with a shift to work from home as a result of navigating a global pandemic that perhaps has raised some awareness is that no longer is my work confined to my office. And now everybody’s working on their laptops, or their desktops, and they’re using routers and they’re using their mobile devices, and sometimes their personal mobile devices. And my husband and I were at a volleyball tournament out of town this last week, our 15-year-old twins play club volleyball. And my husband works for a Fortune 100 company. And one morning we were, probably Sunday, we walked into the convention center where the girls were playing volleyball.

And one of the fellow members of the team looked at my husband whose backpack was on his shoulder. And he said, “Why are you carrying your backpack?” And my husband said, “You know what? I learned a long time ago, never ever to leave my laptop. I don’t leave it in a rental car. I don’t leave it in a hotel room. Where I go, my laptop goes.” And it’s funny because the person that he was speaking with-

John Boyle: I’ll agree.

Shelly Kramer: … was a business person who travels for business and probably uses a laptop. And he kind of was like, “Hmm, I never really thought about that.” And that’s a mantra in my family. Nobody leaves anything behind. But it’s those simple little things, and a similar excuse also involve, or a example rather also involving my husband, we were talking about his companies have [inaudible] in Seattle and about how he’s able to get quicker responses from corporate these days as everybody has shift to work from home, because it used to be when he had a problem at six o’clock in the evening, which is four o’clock Seattle time, sometimes the, or later rather, sometimes the response would be, “I’ll have to answer you in the morning because I don’t have my computer.”

Well, now everybody has their devices with them. And so I think that’s really important from a security threat landscape to understand how significantly our work lives have changed over the course of the last year, and how those threats have increased as well. So being able to have dashboards, technology solutions, a strategic plan that maps out that threat landscape is probably more important today than it was a year ago.

John Boyle: Yep. I think it’s funny you mentioned the backpack, because I take mine everywhere too, and I know Rick does. But pre-COVID, think about airplanes. We’re sticklers for having the screen guards so that at any given angle you can’t see what we’re doing if we have our laptop open. If you think about, if you close your eyes and you think about your last flight over a year ago, that how people had their laptops and devices open, and they have no screen guards and they have company information up. And so there is a, that whole concept of definitely control what you can control, and then you have to manage what you really can’t control. But there’s a lot of little things there in the control of organizations to do beyond the technology. And so when you partner with a good technology partner, technology and the solutions, plus those little things that let’s say we see a lot.

In the COVID shift though we have examples where just quickly, insurance and healthcare and financial services, where you had a lot of call centers, 50,000 employees being lifted and shifted in two weeks. And so the focus this last year was on enabling those people with devices. Making sure they had performance. And then the other thing we heard is a priority, which I would say that it should be an ongoing evaluation after the enablement and making sure everything’s performing well is the security piece. And so those were the new three things and three themes, the research that I was doing this last year is enable, perform, and security. And we would say that a good focus in the current environment and hopefully soon to say post-COVID is focusing on that security piece after the shift.

Shelly Kramer: Yeah, and really wrapping up our conversation. The reality is, is that security must be foundational in every single part of the organization. With hardware, with software, building a culture of, we talk a lot about digital transformation and how success revolves around building a culture of innovation. Really business success, business continuity, business resiliency, business security really revolves around creating a culture of security, awareness, practices, constant evaluation, strategic planning. And I think that across the board, what we see success today is being really reliant on is smart partnerships. Realizing that that business is more complicated than ever before and that’s not going to change.

So it’s the partnerships that you make with the trusted vendors that you know can help you along the way where you can also, the beauty of working with somebody. If I’m working with Dell Technologies on this as part of a managed services offering or something like that, I get the benefit of all of the things that you’ve learned in working with other customers. I’m not trying to reinvent the wheel. And so I think that that’s probably an important takeaway as well, is that who you use as a vendor partner makes a lot of difference, so. Agree?

John Boyle: Agree.

Shelly Kramer: Because we can argue about it, but I don’t think you’ll argue with me.

John Boyle: Nope, that’s what customers have told us is they want a good partner for technology and security and other things, a two-way conversation.

Shelly Kramer: Absolutely. Absolutely. Well, gentlemen, it has been a true pleasure hanging out with you today. And I want to reiterate that this research paper will be linked in the show notes for this conversation. And if you’re thinking about your hardware security journey. If you’re thinking about hardware. If you’re thinking about, as you’ve made this shift, what’s going to happen as we move out of these initial work from home days and we shift, some of our employees go back to the office, some of them are hybrid, some of them stay at home. What are we doing to keep devices secure, data secure, everything else?

And so I think you’ll really enjoy this report. So we’ll link it. I’ll also link both Rick and John’s LinkedIn profiles in case you want to stalk them on LinkedIn, I highly encourage that. But anyway, thank you very much both of you for joining me. And to our audience, thank you for listening to or watching this conversation. It’s always great to, for me it’s always great to talk about anything related to security, and I know it is for you too, as well. So with that, we’ll sign off and we’ll see you again soon.

About the Author

A serial entrepreneur with a technology centric focus, Shelly has worked with some of the world’s largest brands to lead them into the digital space, embrace disruption, understand the reality of the connected customer, and help navigate the process of Digital Transformation. Read Full Bio.