FAST CHAT: The Zero Trust Journey

Presented in English.

Duration: 7 minutes 39 seconds

Available On Demand

Red Curry
Good afternoon. Good evening, ladies and gentlemen, wherever you are joining us from in the world today. I’m here with my friend and colleague and VP Marketing at Sequitur Labs, Larry O’Connell. Hi, Larry.

Larry O’Connell
Hey, Red. How you doing?

Red Curry
Good, good. Great to have you here with me. With all the hype today, around Zero Trust, Larry and I thought it would be a great time for a fast chat to discuss where the Zero Trust journey begins. Practical operationalization, what organizations are missing, where the focus needs to shift, and what Sequitur Labs is doing today from chip to cloud as it relates to supporting a Zero Trust Journey. I prefer to call it at “Least Trust Journey” actually, Larry

Red Curry
So again, welcome. Let’s get this thing kicked off. Larry, last week you and I spoke and you broke it down for me in a way I felt audiences haven’t heard about it before. So let’s start with is anything truly Zero Trust?

Larry O’Connell
Alright. Thanks for having me Red. Today, no. The short answer is we’ve come a long way when it comes to securing networks. There was a time, a long time ago, you could actually exchange messages with anyone as long as you shared a key and you didn’t actually know who it was you were talking to. Today, we have enterprise, carrier, industrial, consumer networks.

Larry O’Connell
They’re secure. The networks are secure. But inside all of those networks, there’s always some level of trust. Meaning once you get past the first gate, people will trust you are who you say you are and you can send anything you want. So there’s always that implicit level of trust in every network today.

Red Curry
Awesome. Awesome. And can you give me a practical or operationalized explanation of Zero Trust as opposed to the general ideas that we hear about today? You know what I mean?

Larry O’Connell
Sure. It’s the great–the greatest oversimplification of the time. And to try and simplify it here, we’ve been implementing security up til today that makes you prove you are who you say you are. And then you can communicate. And in the Zero Trust world, you have to prove yourself every time you communicate–every time you send a message.

Larry O’Connell
So that can be done with a cryptographic signature, for example. A good analogy is taking a flight. You have to identify yourself when you buy the ticket, when you check in, when you go through security, and then when you board the plane. All with various means of identifying yourself, whatever credential is needed for that particular step. So similarly, in a Zero Trust world, when you are exchanging data with various applications or even other devices, you have to quickly prove yourself every time you do something.

Larry O’Connell
That’s the essence of Zero Trust. It’s adding that extra layer of authentication.

Red Curry
Yeah, exactly. Exactly. And Zero Trust, Larry, where does that journey begin in your experience?

Larry O’Connell
Well, we think–and it’s our world–we think this is most important in the IoT. In traditional networks, the ones we’ve been talking about, you have a human being on one side, and that person controls the real level of trust that we’re interested in. Whether that be a username and password, or some two factor authentication, or something else. That the application cares about the human.

Larry O’Connell
In the IoT, we have devices and applications on either side of that network that do not have humans controlling them. And so the first thing that has to happen is something new, which is mutual authentication. Both sides have to prove they are who they say they are.

Red Curry
Yeah.

Larry O’Connell
Again, in a typical cloud TLS session, the web app doesn’t really care about the device.

Larry O’Connell
They care about the person controlling that device. So we’re already at a new level of security when it comes to the IoT or regarding that mutual authentication. But we’re still trusting each other after that. And you have devices that are unmanned that are out there on their own. And so it’s more important than ever that you have to get to that extra level of verifying the message.

Red Curry
Yeah. What do you see most organizations doing to get a Zero Trust architecture or getting there? What are they missing, Larry?

Larry O’Connell
Sure. This is in our world, in the IoT, this is a brand new concept for everyone. This is, this is new. And it’s a lot to to wrap your head around. In the IoT, the devices have to have some kind of way to produce the essentials for doing this sort of thing. And that’s generate a certificate, store other certificates from other apps.

Larry O’Connell
So their devices sign a message and then be able to verify someone else’s signature. That can be done. There’s lots of ways to do that today, whether you have a TPM or a secure element, or what we do with our product on an MPU processor, you just have to turn that into something actionable. On the application side, same functionality needs to exist.

Larry O’Connell
And so folks are trying to get their arms around what’s the easiest way to do this without building some kind of scaling nightmare, knowing that you do have to get to this level of authentication.

Red Curry
Yeah, yeah. You know, it’s clear the order of operations is totally out of whack right now. So where should organizations start focusing to really remediate dramatically increased vulnerabilities, right? Chip to cloud–and so obviously it’s not the network, but where should they start focusing and to start remediating those vulnerabilities that they’re seeing today and tomorrow?

Larry O’Connell
Sure. Well, naturally, we’re going to see a new wave of really interesting applications to attack this specific problem. But when it comes to dealing with it, you know, as an organization, it starts with the design phase. It goes all the way from the day that product is conceived, all the way to the day it’s taken out of service for the last time.

Larry O’Connell
Secure boot and loading application safely, updating firmware, updating application files securely. Protecting–falling back to a backup image in the event that the boot doesn’t work. Storing keys and certificates, protecting intellectual property, making sure you don’t get cloned in a factory, and protecting A.I. models, now they’re moving out to the edge. And then finally, you know, detecting threats and doing something about those threats on an ongoing basis.

Larry O’Connell
All of that needs to be considered, you know, when a cool, new product is being conceived.

Red Curry
Yeah. No, there’s no question and that is really good to hear. So I know this is a fast chat. Here’s the one thing I’m dying to ask. What is Sequitur doing now to really change the security game and stop the bleeding so we can start the breathing? Because right now, like you mentioned before, play cat and mouse, patches, Band-Aids.

Red Curry
“Oh, what do I buy? Where do I go? I want Zero Trust.” What does that really mean? Right? Buzzword. Bingo. So what is Sequitur doing now that really is changing the game–a lot different from everybody else?

Larry O’Connell
Awesome. Thanks. At Sequitur, we believe this is a classic-buy-versus make problem. Our customers are in the business of building amazing solutions across IoT markets. And whether that’s an industrial control system or a DIY home security system or an A.I. platform for video analytics, that’s their job. That’s where they’re going to go do. Implementing security the right way is not easy.

Red Curry
No.

Larry O’Connell
Even if you had all the money and people in the world, it’s not easy. And if your core competency is something else, even if you do it, you will always come up with some level of risk because it’s never going to be what you’re good at. At Sequitur, we live it and we have a solution that will allow you to implement the security you need and you will do it better and more cost effectively than–and with less risk–than any other way.\

Red Curry
I love it, man. This is a fast chat. So this is why I love these conversations. We’re quick. We’ve gone through it. I’ve troubled you enough for today. I know you got a busy day and a busy week ahead of you, but I want to thank all of our audience for tuning in again to another fast chat. Fast chats with Sequitur Labs and Larry O’Connell.

Red Curry
Larry, thank you. Thanks for being here and thanks to our audience for listening.

Larry O’Connell
Thanks, Red. And as always, thanks for listening.

Red Curry
Awesome. Cheers!

QUESTIONS?

If you have any questions, contact us at [info@secedge.com]Let us know how we can help you secure your Edge Devices!

Comments are closed.