Privoro founder and CEO Mike Fong recently participated in a cybersecurity-focused discussion with fellow CEOs Vijay Balasubramaniyan (Pindrop) and Bipul Sinha (Rubrik), hosted by John Chambers of JC2 Ventures. You can listen to this episode of the Chambers Talks podcast through the link below.
One of the highlights of the conversation was Mike’s description of the interplay between the increasing rate of change in the technology industry and the increasing sophistication of attackers:
One of the things I think about is the fact that it’s a trillion-dollar technology industry, so the attack surface is gargantuan. And that’s one of the reasons why you hear this common trend of breaches – they never seem to stop. And, at any moment in time, it’s hard enough to defend such a massive attack surface, but the business pressure is so high to come out with new products and innovations that the rate of change on the attack surface is also high. So, the combination of those two business dynamics results in this perpetual, never-ending security problem. And it really won’t end with the current approaches. So, that’s one trend.
Number two is nation-states. So, economic security underpins national security. And enterprises need to understand that the world has evolved and they face very sophisticated adversaries. Yes, you need to build the fence and the wall and have the data recovery capability to keep out the average attackers, but, if you have IP worth protecting, there’s a chance that there’s some very sophisticated people coming after you.
And so, looking at those two things, the way I think about those trends is that you have to have a hardware anchor for true security to protect. Because you basically have to say: We’re going to have some things that won’t change, and things like identity, authentication, cryptographic fundamental foundations, if you can put those in a secure hardware foundation and then lever other security services on top of that, you can let high-rate-of-change stuff occur on other parts of the attack surface, but the attackers, even if they can penetrate that, can never get to the root stuff of what really matters.
So I think that is a macro trend, which you will see as things continue to evolve in the years ahead. Software-only security is critical, but the really sophisticated guys can come in below the application, operating system and kernel layers, and if they do that, they can bypass those protections. So you have to start with a hardware anchor.
(This quote has been edited for clarity.)