Why Today’s Security Is Not Secure
January 20th, 2020 |
Interviewer: I’m here with Babak Pasdar of Acreto, and why don’t you tell me a little bit about what you guys do?
Babak Pasdar: Sure! Acreto delivers cybersecurity for distributed and mobile technologies. The challenge today is that everything is distributed or mobile, so when you’re looking at a network that supports a number of different technology types, IoT types- these networks have IoTs that are tied into cloud applications that are managed by another application. So it is not unreasonable to see the IoT, the network that the IoT runs on, the people who manage the IoT, the application, the infrastructure that supports the application and the people who manage the application, and finally the beneficiary of all of these to all be third parties from each other. So, when you put a security device at the edge of a network and you’re protecting communication between two points, it’s a very binary function- it’s on or off; and all of this creates a web of exposures where the application owners have privileged access into the network through the IoT, the IoT has the privileged access into the application, and quite often that application is tied to thousands, hundreds of thousands, and millions of other customers. So, this is a problem that you really need a quantum computer to analyze a risk on. We address that problem! So everything today, even if it is on a common network and it’s completely contained, it’s still distributed- and we deliver uniform and consistent security, not just for the IoT, but for the entire ecosystem of that IoT- the IoT, the application, the management platform, and the people, no matter where they are, anywhere in the world.
Interviewer: And it seems like, I mean almost every day we hear of some sort of big corporation getting hacked or some sort of security breach. I mean, what’s the reception been like from the real estate community about this?
Babak Pasdar: Yeah so, I think everybody realizes that the traditional cybersecurity model doesn’t work. We’ve had 30 years of failures, so it’s time to not just put a fresh coat of paint on what we used to do (by the way that dates back to the medieval times- the castle, moat, drawbridge approach to cybersecurity and putting on armor to go out), that dates all the way back to medieval times! So we have cybersecurity that is founded on concepts from medieval times. But IoTs, clouds, SaaS, have introduced a whole new compute dynamic and putting a fresh coat of paint on a traditional approach to cybersecurity just doesn’t cut it. And the reception has been incredible so we’re very, very excited! Because ultimately, people realize the problem; but so far there has not been a good way of addressing it and they are comforted by the fact that Acreto has come out with this whole new security model.
Interviewer: And you know, obviously, security- it’s not a one-time thing. It’s not a product you can just sell and be done, you know? Talk to me about how you partner with your clients to kind of have an ongoing security protocol.
Babak Pasdar: Yeah, that’s a great question. So, today customers spend 90% of their effort in keeping the lights on their security products, right? You have to select, acquire, implement, integrate, operationalize, troubleshoot, manage, and then every three years you got to refresh it. So that’s not sustainable, and they only allocate 10% of their effort to actually operating security. So we’ve turned that model on its head- we allowed a customer to only spend 10% of time on the security infrastructure because we eliminate all hardware, all software, or licensing. We are security that you can turn on rather than have to build out, and because of that you can only spend 10% of the time on the security infrastructure and 90% of time on managing your security. Along those lines we’ve also made it just super simple, so you don’t need to be a cyber subject-matter expert, you don’t even need to be a robust technologist to be able to roll-out and implement the cybersecurity. You can turn our platform on and get a global security infrastructure in a matter of minutes and you can manage it because it’s really, really simple. So if you understand your business needs, if you understand your requirements, and if you understand what’s important to you, you can manage this platform.
Interviewer: Yeah, I mean I think that’s a great point because a lot of people in real estate don’t have a technology background and you know, how do you reassure them? I’m sure every cybersecurity firm says “we’re the most secure, we have the best protocols,” how do you assure them that this is something that will be secure and they won’t get hacked?
Babak Pasdar: That’s another good question! So absolutely, one of the challenges customers have with a lot of the existing approaches to security is that these technologies talk about monitoring all the different IoTs, monitoring all the different platforms, and notifying the customer. So, this is a model that I call the “you’re screwed” approach to cybersecurity. The challenge is, that creates a scenario where a customer has to spend a lot of effort and energy on incident response, so when you’ve got 750,000 IoTs and you do some kind of a roll-out that creates an exposure and some percentage of those IoTs get compromised, even if it’s half a percent or 1%- that creates an incident response requirement that could last months and months and months, and that’s not really viable or sustainable. So what we do is we mitigate real-time, so the reason customers are comforted by it is because every day they see what could have been and what was avoided in real-time, and they understand what their exposure is, and they understand what the attack surface is, and they understand what could have happened, and we mitigate it.
Interviewer: Yeah, that’s great! I mean everybody wants to know what could have happened and why they can feel more secure with a product like yours.
Babak Pasdar: Yeah, absolutely. And one of the things we’ve done is we’ve taken our platform and made it sustainable, right? We always hear about sustainability- well, the average life of an IoT infrastructure is 8 to 20 years, right? Enterprise is only 3 to 5 years, and IoTs are distributed, they’re mobile, they barely have enough juice to do what they’re supposed to do, much less security, and one of the problems is that securing IoTs through traditional methods means having many, many, many different refresh cycles for the security- so how many new security infrastructures do you have to roll-out for the same IoT platform over a course of a 20-year lifetime? 3, 4, 5? So that’s not really viable, and a lot of customers choose to assume risk, much less go through that pain and effort, especially when you’re dealing with distributed IoTs. Acreto is guaranteeing a 20-year sustainability for security, so we guarantee that our platform is just as viable in year 20 as it was on day one! So this is reassuring to customers who now realize that they don’t have to go through all the gyrations or they don’t have to assume the risks in order to have a platform that is in line with the business longevity of the technologies they use.
Interviewer: Great! Well thank you so much for talking to me and stay safe out there!
Babak Pasdar: My pleasure, thank you!
Acreto is the first cloud-delivered, end-to-end connectivity and security platform that can connect and protect any technology, on any network, anywhere. Acreto SASE +Plus delivers Secure Access Service Edge (SASE) functionalities for access technologies such as devices, networks, IoT / OT and third-parties; while Acreto Secure Application and Data Interconnect (SADI) connects and protects application delivery infrastructure such as clouds, SaaS, data centers and co-locations. Acreto SASE +Plus is SASE plus SADI — one platform with one interface from one provider for all of your technologies around the world. Learn more at https://acreto.io or @acretoio.