Security issues in the IoT will allow the big companies to dominate, according to Ron Gula, co-founder and chairman, Tenable Network Security
Tribal allegiances, a tendency towards large campus working, and real face-to-face communications are just some of the ways business is going to go, according to Ron Gula, co-founder and chairman at security company Tenable Network Security, speaking exclusively to SmartCitiesWorld.
Gula admits that his somewhat retrospective vision, may not be what people are expecting, given the plethora of entrepreneurial start-ups and IT SMEs that are closely aligned to the smart city and IoT landscape, but consolidation, he says will be a defining factor for business in the next decade.
“The biggest companies in the world, the ones that are the most successful, the ones that provide the biggest wealth for their employees and their shareholders like Amazon, Google, and Apple – they build these huge campuses,” said Gula. “They can get better efficiencies; they manage their own power, they own their own buildings, so that makes them more competitive.”
Tenable Network Security was founded back in 2002, and has a global customer reach of 20k customers and one million users.
The approach that the company takes is not detecting the bad guys per se, but tackling and dealing with what it believes to be the underlying issues around data security.
“The problem is that most people don’t really know what’s on their network. They don’t know how many computers they have, they don’t know how many users they have. They don’t know the configuration of these things It’s not negligent. It’s just they don’t know,” said Gula. He added, “It’s very difficult to figure out what’s on the network, if you don’t know what’s on the network how do you defend it?”
Gula believes that the unique message Tenable brings to the security landscape is that it takes a holistic view of a network as when it looks at network assets it focuses on their attending vulnerabilities and the defences put in place.
“They [customers] say I’m secure because I bought this great vendor but just because you bought an APT vendor or whatever doesn’t mean you’re secure. It might have been misconfigured and not deployed properly, or not deployed on 100 per cent of the network and when you look at the 20 to 30 different companies that everybody uses, they’re all going to be deployed a little bit differently. Everybody ends us with a random configuration,” he says.
Tenable works across the whole spectrum from mobile to on-appliance through to perpetual license through to the cloud. Customers such as the UK MoD (Ministry of Defence) aren’t behind a firewall but is on a separate system altogether with its own private cloud.
Gula observes that most companies today are caught between the old ways of doing – legacy and the future, and the issue is how this transition is to be navigated successfully. Are mistakes of the past going to be repeated?
He immediately connected with the idea of an ‘unstable goldrush’.
“Pick a vendor like Microsoft,” said Gula. “It has been beaten up over the last 20 years for having insecure code, so has Apple and they’ve done a tremendous job of being transparent, of having better code and better data.
“But now here comes a start up, they’re gonna put a little device in your house, and they’re gonna monitor your power consumption. They’re gonna have a cloud solution where all your data can go, plus a mobile solution so you can get to it.
“They don’t have the resources of Microsoft but they can come to market and have something that is available generally worldwide, and not have 20 years experience of securing things….that’s what we’re running into.
“In some cases you might be seeing a mobile app that’s a big security problem, but it’s four developers who wrote it, who had no idea about source code auditing and resilient networks,” he added.
The cloud allows the smaller guys to get at big resources to help deliver a mobile app for example. These environments and resources are secure, however, warns Gula, the last 10 per cent of code that someone wrote in Python or Lambda for arguments sake, they could be introducing security bugs into the network and not even realising it.
And security issues as we go further into digital ways of living, working and playing?
“What worries me is when we look at the IoT and home automation, mobile phones, cars and all the security vulnerabilities with these, is we haven’t learned from the last 20 years, we’re making those mistakes today so then what mistakes are we making with robots right now in the lab or drones for that matter? I’m very concerned over the information security and implication of these as things go on.”