NotableTalks with Siang Tiong Yeo, General Manager, South East Asia at Kaspersky

24.04.22 06:53 AM By Aishwarya

NotableTalks about: #zerotrustpolicy #securehybridworkplace #cloudfirstpolicy #web3 #crypto #nft #blockchain #cybersecurity

NotableTalks By AnyTechTrial

NotableTalks about Zero-Trust Policy, Web3, Crypto, NFT, Cloud First Policy, Blockchain, Secure Hybrid Workplace, Data Security, and a variety of more hot topics. Stay tuned for more episodes of NotableTalks with cross-function thought leaders from around the globe.

Rapid Fire Round with 
Siang Tiong Yeo

What is Zero-Trust Policy & How it Impacts the Organizational Culture? What are the key areas to keep in mind while implementing Zero-Trust Policy?

Zero-Trust Policy

Over the past 27 years of your professional journey, you have been working in multiple disciplines, such as sales, people management, cyber security, software, and lots more. Today their’s a lot of buzz about Zero Trust Policy in context to cybersecurity and data protection, as an experienced business leader at a leading cyber security organisation, we would like to know from you, what exactly is Zero Trust policy, how do you see these policies impacting an organisations overall work culture and what should be the key focused area's while implementing the Zero Trust policy at an organisation?

Okay, so first of all, what is zero trust? Well, the phrase at all, you don't trust anything. You start from zero. So first, we need to understand why we get to this concept. If you trace through well, you will see Internet and connectivity progress. When we first started, it was just simply a connection within the office, everything is done within the four walls. And so basically anything that is connected, you can trust. As the web developed, there's a lot of interaction, and today we are in the web 2.0 where we see a lot of interaction, not just within the organization, inter-organizations as well. And the web of complexity is essentially quite complicated. I'll give you an example. Today, if you are in an airline company, your customer would interact with you. Through my first bought ticket, that airline reservation could be outsourced. He clocks in the knowledge that loyalty points could be outsourced. He selects his seats. He selects his meal. And the meal information goes straight to the provider for your food. So you imagine through the whole interaction with just one booking a seat and going on to the plane, there are a lot of parties that need to be interacting with you, which means even if you run an airline company, there's a lot of other companies that you need to connect directly with. And what that means is any point of compromise will lead to a compromise. Therefore you got to bring it back to the lowest denominator. So you start with trusting no one and it's a default-deny situation. If you're not trusted, you don't come in. 

If I want to trust you, there are a lot of things I need to do to make sure that you are trusted. And I need to know if there is a breach, how do I quickly fence it up and protect myself? So that doesn't mean that we are going back in collaboration. That doesn't mean we're going back in time. I mean, humans are social, we need to move forward with business being collaborative. And so it is a mindset, a mindset shift. A shift from a point that you need to then start with the lowest denominator and you build from there. So from the business perspective, they need to then start with that mindset and built up the system. And when they do that, they can then encourage a lot more collaboration with peace of mind. So if you are in SMB or Enterprise, when you're building up your IT infrastructure, first, of course, you start with the concept of zero trust and you build from there. So therefore every device needs to be protected. So you start with the device, then you start next to the plug that needs to be connected and then to the application that's running it and where the application is located. So the entire data box needs to be protected. Next is the data itself that needs to be protected. So the consideration will now not just emphasize endpoint security, it also emphasizes parameters, it also emphasizes on encryption and as well as application security. So the entire portfolio security needs to be taken care of. And of course, you need to also monitor and understand if there should be a breach, what else to do, and then you know how to take action. And that comes with the security posture that accompanies.

How can SMB's achieve a secure working environment to ensure cybersecurity?

Secure Hybrid Workplace

With remote working becoming a new normal for many employees, providing a secure working environment became one of the key issues for companies. Would you be generous enough to share some tips to guide our audiences in implementing a cyber secure hybrid working environment to safe guard against rapidly growing ransomware attacks and what could be the first steps for a SMB to start their journey to become cyber secure?

 Okay, so we talk about zero trust. Let me draw an analogy. When we first were hit by covid two years ago, what was the first response? We closed the border. That is almost the same as doing your parameter security. You've locked everything and your cocoon up and you trust whoever is inside the cocoon. But as we develop we need to interact, we need to progress with life, right? So slowly we open up, and we have VTL. What does VTL mean? VTL means if you are vaccinated you can come over. So there is a secure channel. Then we progress now to accepting that is a pandemic. Then you will now make sure that first of all you yourself as an individual, you put on your mask, you wash your hands regularly, you sanitize your hands, you make sure you have that safe distance. So that brings us to the individual. So the same concept is being transplanted to an IT environment. The initial response from a lot of companies has always been to build parameter security. 

But as I've explained to you, a lot of companies need to interact with one another to get the business going through these days. They cannot do IT in isolation anymore, which means you would pull that back to the same concept we are implementing the defence stuff. You start with the individual which is your device, and that will be the endpoint security you put onto your device, your laptop PC or even your mobile phone. So securing the device is the first thing you also need to secure your device in the cloud or in the data centre. The next thing you provide is a secure conduit, which is where VPN comes in and all that. 

Especially when you're working from home. You can imagine the connection from the data centre all the way. If I Spider well, tentacles reach into the home and anywhere along with this, you're travelling through a lot of unknowns. And therefore, it is important that you establish a secure channel.

So these are ways that if you draw from the physical world and you pull back and explain that understanding to the IT wall and then it's quite clear what it should be doing. So for the SMB, the first thing you need to do, of course, is secure the device. And it's not just the device in your hands, it's also the device in the cloud, the device in the daily centre, depending on where the important thing for a lot of SMBs when they outsource, they keep thinking that the security is someone else's problem. It's not there's a compromise. They are the ones explaining to the customer, not the provider. So they need to ensure security. If they need to ask what the providers are doing to secure the environment, sometimes it comes with extra charges and it's well worth to take note of those things. So back to the first principle, protect the items, the devices, the servers, secure the channel and then make sure you secure the data. Make sure the data is safe. So these are the three key steps they need to do. And last and most important of all is self-discipline. You need to understand, you need to maintain discipline. It's just maintaining discipline, you fall back on a disability, and you stand the risk. And that's why. 

What is Cloud - First Policy and how can it help organisations to achieve their business objectives?

Cloud-First Policy

We hear a lot of buzz about cloud-first policy these days. What exactly is cloud-first policy and how does it help to leverage the work experiences of the employees and achieve business objectives?

Okay, so first we need to understand what is cloud. A lot of people when you say cloud, they refer to the server that they can set up in the cloud. So someone effectively will be hosting the server they buy on a per-time basis. But it is not just infrastructure to define. We also see software as a service and these people also exist. So you can be buying say HR application. So as a company you need to maintain the basic cash stuff, payroll, bio, job history, promotion, day leave and all that. But if you notice, such functions are common across all the companies, with a little bit of variation in differences. So there are companies that provide HR application accessories, you just need to subscribe to them. Similarly, there are companies that provide sales force automation services. You subscribe, so that gives the company flexibility. Imagine instead of paying a long sum upfront to set up the entire infrastructure, having a team of IT people to even start building it. Now you just need to subscribe on a monthly basis, per user, per time basis, depending on how they charge you for transactions, anything.

So that gives you immediately as an SMB number one quick start sign up and you're ready to go. HR is not the core function your core function may be retail your core function may be a logistics business and HR is one of the best office functions that you need. But it can be of course. So quick start second effects immediately. This is on a monthly basis or transaction basis which means it mirrors how are you going to charge your customers? If you are charging a customer on a per transaction basis and you turn around you can pay on a transaction basis. That means a cash flow perspective. It's a lot clearer. There's no money upfront.

Thirdly, it's scalable. Today you scale from a 10 men's shop to a 100 man shop to a 1000 man's shop. It is the same infrastructure, it's the same way of operating. So that takes that mind of non-call function so that you can focus on your business. Most important to a lot of knowledge workers these days is they cannot access everywhere anyway as long as the net connection they get service. So cloud-first is this concept, whatever you can put on the cloud, put it on the cloud. So you take your mind off the non-call function and it helps you to scale. It helps you with your cash flow.

Prevention is possible.

Good News: Following simple cyber security advice can help you to avoid becoming a victim of ransomware.

Bad News: Unfortunately, in many cases, once the ransomware has been released into your device there is little you can do unless you have a backup or security software in place.

Good News: Nevertheless, it is sometimes possible to help infected users to regain access to their encrypted files or locked systems, without having to pay. We have created a repository of keys and applications that can decrypt data locked by different types of ransomware.

Click Here To Get Protected Now

What is Web3, Crypto & NFT, how is it going to impact normal internet users?

Web3, Crypto & NFT

Its widely believed these days that NFTs & Crypto currencies will drive the digital economy and Web3 is the future of the Internet. We would appreciate if you can explain to our audience about what exactly is Web3, Crypto, & NFT. How is it going to impact a normal internet users day to day engagement with technology?

Of course, there is a lot of literature, YouTube, everything on the net. You can read out more if you want to. But let me just introduce a basic context, which is number one, it's a distributed database,

This means it's not centrally helped, it's not helped by a central body. It's sort of scattered

data. So the first important concept, what that means is that no one absolutely controls the data and you are now the owner of your own data. Whatever you put in, put in is immutable. You cannot change it. So these are very basic concepts. Now you pull that out to a broader concept. What that means when it's distributed, means is then you can be collaborative. If this data is distributed among many parties, then many parties have the flexibility to input it into this database. And on that part of the database that they

Input. And that's transparency with that. So with the help of encryption technology, cryptography and all that, that's when the security comes in to protect the distributed energy database. So with this as a basic concept of blockchain, then you build the application on top of it. Now, cryptocurrency is probably the most talked-about application on top of the blockchain. But I keep telling people it is not blockchain. Blockchain is not cryptocurrency and cryptocurrency only. So cryptocurrency is an application to build a blockchain. So the common ones are Bitcoin Ethereum and Salona etc. Now, this monetary system is on the blockchain. Same concept for this. Your database ownership. Is now written into this database. So we now know you own the coins. Compared to today, if you own, you need to go to the bank and the bank is the one that proves that you own this amount and that essentially manages. So this kind of distributed nature allows for the democratization of money. That's cryptocurrency NFT is yet another application that is unlocking. NFT is a form of digital asset. So it records the ownership. Today if you own this digital asset, it shows the record that you own. That's it. Now, why is it so hot these days? It can be sliced into multiple ownerships. So you can share. Second, it is available which means you can now take this and so the securitization of this one thing.

The next thing is you can then freely use this as your asset with that the blockchain records as a proof that you only having said that cryptocurrency and NFT are not the only application for blockchain. The more useful use of blockchain that I've seen recently is vaccination records. Vaccination records are on the blockchain and so different Airlines in different countries can input that into the distributed database. So imagine if you travel your vaccination is easily accepted by a different country through assessing these distributed records. Another usage of blockchain is in the logistics arena, ETrade, trade declaration, documentation as the containers move from Port to Port,  all that. All this information is captured on the blockchain and in the different parts of Call, the different logistics companies can input the data. So you actually have a trace of what happens to the goods. These are very useful applications of blockchain. Web 3 is actually the next generation of the web and it will be built on the blockchain a lot of people feel very excited about this because we have seen the development of the web. The first generation of the web is the static web. Your static you post static pages. It's purely informative. Web 2.0 brings the collaborative front into it. That's when systems are connected, that's when you can interact with them and can make payments. So online shopping Is an application of web 2.0. Your interaction in social media is on 2.0. But guess what, you don't own the data. The moment you post something, the data goes to the social media company. Actually, they own the right to use it.

So that creates a lot of tension, especially in recent years. So everyone is talking about Web 3.0 because you're now looking at the third version of the Web when anyone can input and they own the data, the democratization data will not be good if you can interact and you can now own your data. And I think this is an interesting new work and with this, it encourages a lot more collaboration.

What is Blockchain & its impact on the business?

Blockchain Technology

With blockchain becoming one of the core technology across many industries, blockchain ledgers are now used by many companies and some governments to efficiently execute their operations with outmost transparency and accuracy. First, we would appreciate if you could explain to our audience about what is blockchain and some of its key uses cases, also we would like to know, what were the key changes you saw in the business landscape due to adoption of blockchain and how do you see the business eco-system changing in the near future with more blockchain use cases stepping in?

So I've given some examples of blockchain. So let me elaborate further on that. Now, if you see some of these key use cases spoken about, actually if I ever point out to you, you may not know this face on blockchain and that actually is where technology needs to get into as it matters, it fits into the background. Nobody talks about payment systems anymore, but you cannot expect to have some form of digital payment when you do your online. So it becomes accepted as a normal background. And that's what I'm seeing as the whole IT landscape matures to the blockchain. So with all these use cases as the first step, we will see more definitely. So you can see that the two key concepts that we spoke about, one is the democratization of data. You own the data and this is going to drive the shift.

The other concept that we talk about is the distributor nature and the collaboration that it brings up through the distributed nature.

 So collaboration democratization of data and actually through the use of blockchain, through the use of such cases, it is these two concepts that will surface at the front and as the technology merged into the background, these will be the two things that we begin to see. If you recall, I was explaining web 1 to web 2.0 to web 3.0. You can see from web 1, from static to transactional, the progress from static transactional. Can you snap your finger and recall at what point in time we shift? No one can tell. It's a gradual move, but together with the move, your idea, your mindset, shifts. The same thing, from 2.0 to 3.0, your mindset will shift. And that's when we will embrace it. And that is the beauty of technology, which is why I'm still in this for the last time for seven years. So back to its use cases. And I think I've explained what the concept is going to bring forward. I've explained that as well democratization of data and the collaborative nature that you were prepared for.

How to define cybersecurity budget?

Cybersecurity Solutions

How can a SMB or growth phase startup become cyber secure from early stage and most importantly, how should an organisation plan their cybersecurity budget?

So the basic start with the endpoint, then it progresses to encryption. In my opinion especially for startups. And I'm referring to those who are more information startup kind of company that is more reliant on technology. I would say these are the two basics. That is a must-have. What we are seeing in our cybersecurity. You were in the cleanup and the damage from such fallout is expensive.

So it is probably better to spend the money upfront and make sure that the basic protection is there. So the basic protection needs to be first starting with the endpoint, second with the encryption. These are the two that I will almost insist that anyone should have.

Of course, as the company progresses, always tougher between spending on security and spending on the business. Always argue that it needs to be in lockstep. There's no point in building a business that's not secure and you have to scramble to undo the damage. So if you look at security, it is get away. Looking at security is how you look at insurance. How much health insurance do you buy? Is anybody's question, right? But it also depends on your appetite.

And a lot of us will, especially when we reach this age. We actually wish that we would have bought health insurance when we were younger, when it was cheaper, when it was easier to start, it will last you longer. And so that is the same thing. I will see to a lot of stuff.

Full Episode: NotableTalks with Siang Tiong

Explore More Episodes Of NotableTalks By AnyTechTrial.Com

Snippet will be rendered in the published site.