An interview with two cyber defence strategists

What is important today?

Harald Reisinger, RadarServices and Simon Brickett, Computacenter
Simon Brickett heads the Cyber Defence Centre at the Computacenter headquarters in London. The company is one of the largest cross-manufacturer service providers for everything to do with IT for large and medium-sized, private and public organisations in Europe. Harald Reisinger is in charge of the Cyber Defence Centres of RadarServices in Vienna and – now – in Vaduz (Liechtenstein). The Managing Director of Europe’s fastest growing IT security company has recently started working closely with Simon Brickett and his team. In an interview together, they give an insight into the issues their customers are currently dealing with.

Mr. Brickett, Computacenter is the IT service provider for many large companies in Europe supplying customers with almost everything to do with hardware and software. What are the major trends they see in the security market?

Simon Brickett: There are many trends linked to the pace of digitalization and technology change and the evolving threat landscape. Our customers are looking for deeper, more advanced and integrated platform security solutions. They also want “best integrated” detection and reaction capabilities rather than “best of breed” to help with ROI from existing security investments. We are also seeing an increasing tendency to outsource because of the changes in compliance and data privacy regulation and the ongoing skills shortage.

Mr Reisinger, you develop such platform solutions in Vienna and have become Europe’s market leader with the in-house developed technology. What is important to your customers?

Harald Reisinger: There are particularly three factors in focus:

First and foremost, technology needs to be cutting-edge at any point of time. This is why we have built up an in-house research department right from the start of our company. The department is involved in machine learning and other trends concerning IT risk detection technology. Latest advances from global research are immediately put into practice.

Second, it’s a matter of trust. When you purchase IT risk detection technology, you primarily want security and no new risk. We have our software development team in-house. Each of our customers may review every line of software code in detail. No US provider offers such in-depth insights. However such transparency is very important to be sure that there are no backdoors in the software.

The third point concerns the “big picture” of IT security in an organization: we gather all security-related information – both from existing solutions and new tools – in one central cockpit. Data silos and blind spots are things of the past.

Cloud use is also a big issue for your customers. What are the security-related issues around the cloud that concern your customers?

Simon Brickett: Our mature cloud adopter customers are looking for more scale and better commercial models to optimise their investments. Here, as security is often wrongly considered a limiting factor, we are asked to help companies identify the right strategic security solutions to enable their business. Other less mature customers are still adapting traditional security models to new ways of working and are trying to understand the impact on data privacy, securing workloads and new threat vectors.

You work with many manufacturers worldwide. How far has “Security by Design” progressed in practice?

Simon Brickett: We work with most major vendors and we resell their products, design, build and implement solutions with their software, and manage services built on their technology. At every stage of these engagements we see vendors embedding security into their products. A good example is Windows 10 and O365 which comes with really exciting security features. There is still work to do, as all customers have different levels of security requirements, and we still see gaps we can help to close. For other vendors, security by design is more about enabling SecDevOps and working to ensure that implementing and operating security is an agile process.

“Security by Design” has become an increasingly important topic for IIoT – the Industrial Internet of Things. Machines have complex control systems and security sometimes rather a “black box”. How can you protect them from attacks?

Harald Reisinger: The manufacturing sector is highly digitalized and therefore depends on a constantly functioning Operational Technology. How secure each machine is, however, is often incomprehensible for the responsibles in a plant. It is important that security-related events and network traffic are continuously monitored – similar to the monitoring of an IT infrastructure. This is how anomalies can be detected early on and damages or a standstill are prevented.

Mr. Brickett, what do you think: Do we live in golden times for hackers?

Simon Brickett: I think that’s probably a fair assessment, with new threat vectors, Advanced Persistent Threats and the increasing numbers of potential entry points courtesy of the Internet of Everything, there is a lot more opportunity for hackers. But the good news is the good guys are getting better as well, not only from the technology point of view, but we are also seeing improving skills sets as well. But what I think the current trends do show us is that it is paramount for organizations to hire the right, highly skilled people. If they lack them, it’s better to think about sourcing alternatives such as Managed Security Services.