The evolving challenge of complexity in cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

DataSolutions’ Francis O’Haire discusses his role as group CTO and the growing importance of adopting modern zero-trust security approaches.

Francis O’Haire is the group chief technology officer (CTO) at Irish IT and security services reseller DataSolutions, which was acquired by US IT company Climb Global Solutions in October of last year.

In his position as group CTO (which he has held since the company’s inception in 1991), he says he has a dual role in terms of tech strategy: ensuring that the company is offering its partners the right technologies for solving their customers’ needs and ensuring that DataSolutions’ own IT systems are optimal and delivering the best possible user experience.

“The work I do as part of my first role helps as we, more often than not, end up using the technology we sell within our own infrastructure too,” he say. “I used to call this ‘eating our own dog food’, but have since learned to use the nicer phrase ‘drinking our own champagne’.”

What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them?

Cybersecurity is the biggest challenge at the moment, not just for us but for every organisation – so it’s one of my highest priorities. We are lucky enough to have some of the best cybersecurity solutions in the industry within our portfolio but, as a small company, we can’t deploy everything, so it’s a case of prioritising what best fits our needs and our budget. Before relying on any cutting-edge technologies though, we first focus on the basics like enabling multifactor authentication for any system that supports it and ensuring that all of our laptops are encrypted.

Having a small IT team means that we need security tools that are simple to manage, while still offering world-class protection. For example, a single CheckPoint cloud-based management portal allows us to manage the security of our on-premise infrastructure, cloud apps, email and endpoints.

What are your thoughts on digital transformation in a broad sense within your industry? How are you addressing it in your company?

Operating within the IT industry, we are often deeply involved in enabling digital transformation. Most of the time this is for our partners and their customers, but we do pay attention to how we can improve our own processes using technology too.

For instance, over the past couple of years, we’ve worked to improve our processes by adopting sales and marketing automation solutions. This has greatly enhanced the marketing services we bring to our vendors and channel partners.

One of the next phases of digital transformation for distributors like us is the implementation of cloud marketplaces where partners can purchase and provision vendors’ cloud services for their customers with minimal effort. With the recent acquisition of DataSolutions by Climb Global Services, I don’t need to think about developing these capabilities from the ground up as Climb already have a cloud marketplace. The next stage is to bring more of our combined vendors’ offerings onto the platform.

Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?

I think there are two ways IT can have an impact on sustainability. The first is the use of sustainable IT and the second is the use of IT to help with general sustainability goals.

In the first instance, the migration of IT systems to sustainably managed public cloud can help companies significantly reduce their energy consumption and carbon footprint by allowing them to use shared computing resources. Of course, it does move the energy consumption to the cloud data centre, but these providers can use renewable energy, efficient hardware and economies of scale to greatly reduce the overall environmental impact. I like to use the analogy of everyone driving their own car versus taking an electric bus. Even if all of the cars are electric too, the use of the shared resource (the bus) is much more efficient and impactful.

In the case of IT being a sustainability enabler, I see use cases in areas such as monitoring and managing smart grids, smart buildings or even smart cities in order to limit energy consumption. Furthermore, IT is already used for climate modelling and the growing capabilities of AI in this space will have significant benefits.

‘The perimeter approach to security that worked well in the 20th century is no longer adequate’

What big tech trends do you believe are changing the world and your industry specifically? Which of these trends are you most excited about and why?

I don’t think it’s any surprise that I would say generative AI is one of the biggest trends that may not be changing the world significantly just yet but is certainly getting everyone’s attention – especially in the tech industry. In 2024, we will definitely see more hype but also more practical uses and policies around its safer use. Many of our vendors have already integrated or are integrating AI into their solutions, with cybersecurity vendors using AI to identify and prevent complex cyberattacks. Digital employee experience vendors are also using AI to automate the detection and resolution of IT problems that lead to performance or stability issues which eat into users’ productivity (and will to live)!

As a lifelong fan of science fiction, I am certainly excited to see how AI evolves over the next few years. I just hope that we can learn from the past and promote its use for good, while minimising the potential for causing great harm. Science fiction has predicted both sides of that coin through the years. Like any transformative technology, people will use it to their own ends and it will be up to governing bodies and the AI technology companies to put policies and guardrails in place.

What are your thoughts on how we can address the security challenges currently facing your industry?

One of the biggest challenges when it comes to cybersecurity is the complexity that has evolved due to the need to use an increasing array of products and services to secure our businesses. This is largely due to the underlying complexity of our IT environments and the broad attack surface that this creates.

With the growing adoption of cloud and the more dispersed nature of our workforces, the perimeter approach to security that worked well in the 20th century is no longer adequate. In the same way the moats and castle walls of the Middle Ages gave good protection then but would not stand up to a modern attack, traditional firewalls and VPNs are no longer suitable now and invariably need to be augmented with lots of other layers of security tools.

Modern, more flexible and (arguably) simpler zero-trust approaches such as secure access service edge, zero-trust network access and micro-segmentation need to be adopted. These technologies ensure that access to applications and data, no matter where they reside, is governed by simple, identity based policies that are easy to manage while delivering levels of security and visibility that legacy approaches cannot.

Compounding this challenge of growing complexity is the global lack of cybersecurity skills within the industry with an estimated 4m roles remaining unfilled in 2023. Outsourcing to a managed security service provider which is in a better position to attract and retain highly skilled cybersecurity engineers is a good approach but ultimately, more students and tech people in adjacent areas need to be encouraged to pursue careers in this lucrative and extremely interesting market.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.


Click Here For The Original Source.

National Cyber Security