NETWORK SECURITY
“ Vendors are consolidating
security functions into single dividends as customers look to reduce their
platforms and introducing vendor footprint. Enabling the ‘Zero Trust
pricing and licensing options Enterprise’, responding to a security incident,
to make packaged solutions and partnering to deliver better security
outcomes are its bread-and-butter through
more attractive” a world-class partner ecosystem.
Simon Croker is the Senior Director for
SUSAN MOORE Systems Engineering at Palo Alto Networks,
COMMUNICATIONS UK&I, having previously been with Juniper
DIRECTOR OF ASIA PACIFIC, Networks for 14 years. In his role, he is
GARTNER responsible for all of the technical pre-
sales engagements on the territory. Croker’s
eight years with the company has seen
So, does a mult-ivendor approach really him witness its growth from a single-point
result in inconsistent and subpar security? product company to a portfolio company
And are there ever benefits to multi-vendor around cybersecurity.
or this ‘best of breed’ approach?
At Palo Alto Networks, a world leader The myth of the single pane of glass
in cybersecurity, its expanding product When Croker is asked about the recent
portfolio across network security, cloud buzzwords around a ‘single pane of glass’,
www.bookshq.netsecurity and security operations is paying
where there’s supposedly an avalanche of
technologymagazine.com 101
Wherever work happens,
cyber threats are watching.
cost efficiencies, better “There is systems…it can number
visibility, and potentially 150 and counting. A point
better security around having no mythical product solution to fix
one platform, Croker thinks nirvana of a these individual elements
there’s a misunderstanding in adds to the complexity,
the industry for those outside single pane the management and
cyber circles. of glass” the overheads.”
“I think there's this naive
image in a lot of people's SIMON CROCKER Are multiple point
minds, the layman's SENIOR DIRECTOR products contributing to
mind, that a business, for FOR SYSTEMS ENGINEERING, the cyber talent crisis?
cybersecurity, has a handful PALO ALTO NETWORKS, UK&I Croker explains that
of vendors, big household technology specialists
names, to handle their web can sometimes want to
gateway, email system, and so on, but the experience the ‘greener grass’ of working
actual reality is that they've got hundreds.” for a vendor like a cloud service provider,
With this way of thinking, consolidation but it creates a problem for business
means bringing a dozen or so vendors down as end-users as they struggle to recruit
to a couple, but in truth, Croker adds that cybersecurity-aware professionals who
“many of the larger enterprise businesses can handle the sheer number of point
have hundreds of solutions”. solutions.
“Everywhere from the manufacturing “So that's where this consolidation
www.bookshq.netfloor through to the office, the door entry
comes in. Palo Alto may go in there
102 September 2022
NETWORK SECURITY
and say, ‘Right, we're going to do a “The governance risk and
considerable consolidation for you, let's compliance teams need
say, 20 different point products down a bigger voice around
to two or three’. Using our portfolio, that what's going on in some
would have a massive impact in a positive of these organisations”
way to that customer’s security, posture,
simplification, ease of management.” SIMON CROCKER
SENIOR DIRECTOR
Croker adds: “There is no mythical nirvana FOR SYSTEMS ENGINEERING,
of a single pane of glass, but we can provide PALO ALTO NETWORKS, UK&I
a single management for our solutions –
just not for the other 110 that you've got in company does know where to play and
your network!” how to strengthen consolidation around
everything from the endpoint and the cloud
Security posture needs tightening to the network.
According to Croker, “the governance
risk and compliance teams need a bigger “We have good collaboration through APIs
voice around what's going on in some of and automation with other vendors. We are
these organisations”. not one of those vendors that want world
domination. We work with a whole host of
“While a CIO may have views on security
posture, the GRC need to look at the risk
of having way too many solutions in a
business around security, because the
more complexity that you
bring into that business, and
into that architecture and
your security posture, the
bigger the likelihood is that
there's going to be a mistake
made. Especially when you
have overworked human
intervention. These are the
little chinks in the armour that
the adversaries will exploit
for sure. Tightening up that
security posture is what
is needed.”
Benefits of a multi- www.bookshq.net
vendor approach?
Palo Alto Networks don't
profess to be able to
do everything within
cybersecurity, but the
technologymagazine.com 103
NETWORK SECURITY
Point Products
“In a point product approach,
endpoint protection technologies
are divided so that one tool can effectively
carry out a particular role such as backing up
and storing relevant information for backup
software options. Because the software is
more specific, businesses expect that the
solution will smoothly execute their tasks
to near perfection, especially when they
subscribe to industry-leading solutions.
For businesses looking for an added layer
of security to their IT network, combining
the services of multiple vendors is the
perfect approach.”
Complete Cyber Security Suite
“The more scalable integrated cybersecurity
suite is a robust blend of endpoint protection
technologies and an ecosystem of tools and
partners. It serves as a protection against
malware and other cyber threats. Other
capabilities include encryption facilitation,
antivirus, unwarranted access prevention,
and DLP, which fortifies overall security
and cuts down organisational expenses. It
is an integrated and centralised method of
safeguarding different endpoints like laptops,
servers, smartphones and other IoT devices
linked to the establishment’s IT network.”
www.bookshq.netDora Tudor, Cyber Expert, Heimdal Security
104 September 2022
CLOUD AND CYBER
“C ompanies no longer have to unsecured APIs,
businesses could
decide between application prevent multimillion
dollar security incidents.
security and performance” “Companies no longer
have to decide between
ANKUR SHAH application security
SENIOR VICE PRESIDENT, PRISMA and performance,” says
CLOUD, Ankur Shah, Senior Vice
PALO ALTO NETWORKS President, Prisma Cloud, Palo Alto Networks.
“By adding Out-of-Band WAAS to Prisma
Cloud, we are empowering customers with
vendors, integrating with solutions like email flexible security options that fit their evolving
systems or web applications firewalls (WAF), application needs”.
the other sort of components that you would Palo Alto’s friendly manner of approach to
need in your cybersecurity posture. We can integration with third parties demonstrates
definitely add value to intelligence feeds into willingness to collaborate but also to share
that,” says Croker. intel. Without this, Croker suggests: “You're
An example of this is Palo Alto’s new just going to get a patchy response and
Web Application and API Security (Out- inconsistent reporting to the same system.
of-Band WAAS) functionality. Through You are not going to get false positives.
comprehensive detection and prevention You're going to just end up in a mess to be
of web application vulnerabilities and honest. So that's why we collaborate.”
www.bookshq.net
technologymagazine.com 105
MANAGING RISK
AND BUILDING
CYBER RESILIENCE
WRITTEN BY: PRODUCED BY:
DOMINIC ELLIS TOM VENTURO
www.bookshq.net
106 September 2022
BURNS & MCDONNELL
www.bookshq.net
technologymagazine.com 107
www.bookshq.net
108 September 2022
BURNS & MCDONNELL
WHEN IT COMES TO GOVERNANCE,
RISK MANAGEMENT, CYBER SECURITY
AND REGULATORY REQUIREMENTS,
BURNS & MCDONNELL OFFERS AN
UNRIVALLED RANGE OF SERVICES
ACROSS THE US AND GLOBALLY
B urns & McDonnell is an
architectural engineering
firm that services all critical
infrastructure sectors within
the US and internationally.
A record-breaking year of growth in 2021
saw it record US $5.7bn in sales, support
nearly 17,000 projects and grow by nearly
650 employees, consolidating its strong
position among the nation’s leading design
and construction firms.
Such comprehensive growth helped
the firm secure eighth spot on the 2022
annual survey of Top 500 Design Firms by
Engineering News-Record magazine, the
firm’s fifth top 10 ranking.
Much of the firm’s work divides between
providing utility and critical infrastructure
clients with industry frameworks, addressing
regulatory concerns and providing risk
management.
That means focusing on governance
from a corporate perspective, and
cybersecurity across their enterprise –
particularly concentrating on operational
technologies (OT).
“The primary focus is developing solutions
around people, technology and process,”
said Jerome Farquharson, Senior Managing
Director, Governance, Risk, Cybersecurity
www.banodoCokmsplhianqce.. net
technologymagazine.com 109
BURNS & MCDONNELL
Title of the video
“W hat sets us apart is we have designed and built
many systems, possess strong institutional knowledge,
and can blend that with governance, risk management
and regulatory requirements. We can start from day
one from that perspective”
Farquharson described his role as multi-
JEROME FARQUHARSON functional, managing a business line within
SENIOR MANAGING DIRECTOR, the transmission and distribution division.
BURNS & MCDONNELL
“What sets us apart is we have designed
and built many systems, possess strong
institutional knowledge, and can blend
It’s telling that one of the first banners that with governance, risk management,
you see on the company’s website is ‘100% cybersecurity and regulatory requirements.
Employee-Owned’, reflecting its rich history We can start from day one from that
and culture. perspective,” added Farquharson.
Today, as an employee-owned company, “We have ‘backbench strength’, with team
every employee is invested in ensuring the members who have operated from the utility
success of all projects, believes Farquharson, and cyber sides, which provides us with the
ensuring commercial continuity in the breadth and depth especially in Operational
modern age. www.bookTeschhnoqlo.gny neettworks.”
110 September 2022
BURNS & MCDONNELL
JEROME FARQUHARSON issues. He has performed numerous
compliance audits for large investor-
TITLE: SENIOR MANAGING DIRECTOR
INDUSTRY: CYBERSECURITY owned utilities to determine the level of
regulatory exposure and define mitigation
LOCATION: G REATER ST. LOUIS, strategies to minimise penalties. Jerome
UNITED STATES is actively involved with several NERC and
Jerome is the senior managing director cybersecurity subcommittees, and regional
of the Governance, Risk, Cybersecurity Information Systems Audit and Control
& Compliance practice at Burns & Associations. His initiatives have helped
McDonnell. He leads with a multi- define security, regulatory compliance,
disciplined background in cyber and and utility technology solutions for critical
physical security, information systems, infrastructure organisations such as electric
and business advisory consulting. Jerome utilities, government facilities, and process
has provided technology-oriented industries. Noted as an astute corporate
advisement for numerous Fortune strategist and catalyst for change as a
500 companies across the nation and passionate advocate for the application of
possesses cross-industry expertise. He technology solutions to predict and mitigate
possesses a unique blend of technical, external threats as an integral aspect of the
business, and project management skills organisational risk management framework.
to effectively provide value to diverse
client and industry verticals. Jerome is
an innovative technology Executive and
Consultant with an entrepreneurial flair
and a multi-disciplinary background
encompassing highly complex areas
such as cyber security, physical security,
infrastructure protection, regulatory
compliance, strategic business advisory,
and information systems management.
As the leader of Governance, Risk,
Cybersecurity, and Compliance
practice, Jerome has the unique
EXECUTIVE BIO ability to leverage both a technical and
consulting background to take a 360-
degree approach to the deployment of
technology solutions to manage risk and
drive profitability in highly competitive
markets. He has presented educational
papers at numerous industry conferences
and forums to address transmission
and generation operational compliance
www.bookshq.net
THE USER ACCESS
PLATFORM FOR
OPERATIONAL
TECHNOLOGY
AND REMOTE
OPERATIONS
XONA enables frictionless user access that’s LEARN MORE
purpose-built for operational technology (OT)
and other critical infrastructure systems.
Technology agnostic and configured in minutes,
XONA’s proprietary protocol isolation and
zero-trust architecture immediately eliminates
common attack vectors, while giving authorized
users seamless and secure control of operational
technology from any location or device.
www.bookshq.net
XONA: SECURING REMOTE ASSETS
FOR BURNS & MCDONNELL
Bill Moore, founder and CEO of Xona, to them in depth about cybersecurity and
discusses an evolving partnership how to protect their assets, and immediately
they understood the benefits right away: we
Bill Moore founded Xona Systems in 2017. were on the same page!”
Having worked for over 20 years on IT,
OT, networking and security operations, The partnership with Burns & McDonnell is
he identified an unaddressed vulnerability evolving all the time, Moore emphasises.
in the control rooms of power plants and “We’re always looking to improve our
distributed assets of all kinds. “There needed platform. We’re going to be launching our
to be a way of remotely operating in a much next generation this year. We integrate with
more secure and compliant way,” he says. the best security information management
(SIM) and multi-factor authentication
Xona’s flagship Critical System Gateway providers, and we’ve worked to make that
(CSG) was a perfect fit with global more flexible and enterprise-ready.
engineering and construction firm
Burns & McDonnell. “The pandemic Looking forward, we see an opportunity
underlined the difficulty of getting to to expand the amount of analytics we can
remote sites to provision new control garner from how users interact and operate
systems and the like: Burns & McDonnell technology. We’re excited to be working with
needed to be able to do more with fewer Burns & McDonnell and looking forward to
people. We can give them a secure way a bright future bringing security and safety
to operate those systems without going to enterprises and all the people they serve
to sites of that nature.“ throughout the world.”
Zero trust cybersecurity is a key advantage LEARN MORE
of Xona’s CSG. “Burns & McDonnell has
been forward-thinking and a leader in how
construction firms operate. We have talked
www.bookshq.net
1898
Year
founded
10,000+
Number
of employees
100%
Employee owned
60+ www.bookshq.net
Global offices
BURNS & MCDONNELL
Tackling the rise in cybersecurity threats
Within cybersecurity and governance, the
energy industry is changing and so are the
threats. But the industry needs to work faster,
especially as power stations can affect lives.
“On average, most utilities do not have
enough visibility into their operational
network to detect any type of compromise
in less than 50 days or under – we have to
bring that down much faster,” he said.
“The knowledge and attacks are becoming
more sophisticated, so our ability to detect
must be much faster. We have to share
information and be much more proactive,
and create a balanced approach – being able
to provide solutions across the board.
“ The knowledge and
attacks are becoming
more sophisticated,
so our ability to detect
must be much faster”
JEROME FARQUHARSON
SENIOR MANAGING DIRECTOR,
BURNS & MCDONNELL
“Over the last 10-15 years there has been
a lot more maturity around cybersecurity –
we’re not there yet, but we’ve come a long
way and that’s driven innovation.”
The biggest challenge was the change in
how systems communicated, from internal
to industrial internet, and that has brought
greater risks.
“The integration between IT and OT has
become greater, leading to more direct
access. From a business and national security
perspective, it is important to understand the
www.bookrisskshfoqr u.tnilitieest.”
technologymagazine.com 115
NEXT GENERATION
CYBERSECURITY AND COMPLIANCE
Securing Grids & Smart Cities
IPKeys Cyber Partners is a leading
provider of cybersecurity and compliance
solutions for critical infrastructure
protection (CIP) in North America.
The SigmaFlow Compliance Platform Learn More
is a purpose-built, comprehensive
compliance evidence collection,
management and reporting solution
that solves the challenges of NERC
compliance for entities of all sizes.
www.bookshq.net
IPKeys Cyber Partners Leverages SigmaFlow
to Secure Critical Infrastructure
Louis Riendeau, VP SigmaFlow Operations threats, but they also need to prove they’re
and Product Management at IPKeys Cyber compliant with a complex set of regulations.”
Partners, discusses cybersecurity in the
energy sector. SigmaFlow, the flagship product of IPKeys
Cyber Partners, meets those needs.
Critical infrastructure is increasingly
interconnected and automated. As “The SigmaFlow compliance platform gives
regulations expand, companies face an our customers visibility and control over
increasing burden to maintain a strong their security and compliance programs
cybersecurity footing and prove compliance. in one interface. IPKeys heavily invested
For this reason, firms like Burns & McDonnell in our products and brought additional
require the support and partnership of firms cybersecurity expertise to the platform.”
like IPKeys Cyber Partners, a cybersecurity
and compliance solutions provider. Increasing Diversity and Expanding
Regulations
In conversation with IPKeys’ VP of SigmaFlow Industry experts expect current regulatory
Operations and Product Management, frameworks to expand and include more and
Louis Riendeau, we discuss the evolving smaller providers, additional industries, and
landscape of energy and how it intersects additional measures. Energy providers are
with cybersecurity and regulation. already seeking tools to secure their systems
Evolving Threats, Requirements and and help them achieve and demonstrate
Solutions In Energy compliance with regulatory frameworks like
NERC CIP. When asked about the near future
IPKeys provides cybersecurity and integrity of regulation, Riendeau states:
services to clients as varied as the DoD “Cybersecurity threats are growing and our
and local municipalities. They also support energy grid is becoming more diverse.
some of our most critical infrastructure: That’s why the work we’re doing to extend
energy providers. our technology to support these systems,
“Our customers face a number of threats, and the regulatory requirements that are
from ransomware attacks to nation-state likely to follow, is so critical at this moment.”
sponsored threats,” says Riendeau. “Not
www.bookshq.netonly do they have to defend against these
BURNS & MCDONNELL
As we become more interconnected He wants to “set the standard” for
that means our risks increases, as exposure secure user access in OT globally. “We have
increases, and subsequently more controls installations in 30 countries today and would
are needed. like to get up to 100 across energy, oil & gas,
“Data is considered a new currency,” he manufacturing, transportation and government
added. “What we learnt from the last couple market segments – that’s our vision,” he said.
of years is the rise in exponential threats such He said it is seeing significant potential
as malware, where you have actors siphoning around automation and inclusion of IIoT.
off over gigabytes of data, and the constant “It’s provided the capability for us to look
threats from ransomware and malware are at the way we provide a solution, to make it
increasingly becoming more sophisticated. So, more flexible and adaptable. We see there
it’s critical to understand who’s in your network. is OT only user access and then there’s the
“When you look at the future of critical IT-OT convergence, which makes it a much
infrastructure there are two key developments: more interesting landscape. We’re looking
firstly, the integration of Artificial Intelligence to at providing our customers a secure and
analyse data and understand data much more flexible platform that can address operational
quickly, and synthesise that data to present requirements across diverse network
patterns faster; secondly, in the industry today, architectures.”
there is a lot of work on predictive analysis The singular goal of IPKeys’ SigmaFlow
– marrying that with cyber and AI is key platform is to make it easier for customers to
integrating security by design.” manage their NERC compliance programs.
Describing a fictional yet plausible scenario, “SigmaFlow is a software platform focused
he said a control room operator would start to strictly on NERC compliance that our
see systems slow down or lose control access. customers use for all the NERC standards,”
At this stage, the operator would have to assess said Kirkpatrick.
whether it was a normal outage or an attack.
“If the system can’t be restored quickly or “ If you look at the
the risk quickly assessed then it means the
longer the bad actors are in your system, whole idea of
the more they learn your systems, siphon
information, install multiple backdoors and electrification, it
lodge multiple attacks,” he said. really looks like
The Jetsons, but
Strong partnerships with Xona Systems it’s a lot of fun, it’s
and IPKeys Power Partners really exciting”
Jumping on the call are Bill Moore, Founder
and CEO of Xona Systems, and Trey
Kirkpatrick, VP of NERC Implementation and
Consulting at IPKeys Cyber Partners.
“My responsibility is leadership for our zero-
trust user access platform for OT and critical JEROME FARQUHARSON
infrastructure, providing very secure platforms SENIOR MANAGING DIRECTOR,
www.bookshq.netfor the cyber-physical world,” said Moore.
BURNS & MCDONNELL
118 September 2022
TREY KIRKPATRICK
TITLE: V P, NERC IMPLEMENTATION
SERVICES AND CONSULTING
COMPANY: IPKEYS POWER PARTNERS
INDUSTRY: C OMPUTER AND
NETWORK SECURITY
LOCATION: MAINE, UNITED STATES
“We help our customers meet all
requirements, and ensure all standards are Trey has over 30 years in the
tracked through our software so that they energy industry. He has experience
can ensure that audits go well and using our with operations, engineering
new products like SigmaFlow Beacon to EXECUTIVE BIO and maintenance with nuclear
monitor baseline configuration.” power, transmission, distribution
“We’re always looking at our systems and and renewable generation. Trey
making recommendations to customers on is responsible for the NERC
how they can improve their security. Some Implementations and Consulting
of the products we’re coming out with – the services at IPKeys Cyber Partners and
baseline monitoring and patch management the SigmaFlow Compliance Manager
– are vital for the entire country.” software. Trey holds a BS in Engineering
“These partnerships are invaluable for the from Texas A&M University.
www.bookshq.netdevelopment of our solution, and without
technologymagazine.com 119
BURNS & MCDONNELL
BILL MOORE
TITLE: CEO AND FOUNDER
COMPANY: XONA
INDUSTRY: C OMPUTER AND
NETWORK SECURITY
LOCATION: MARYLAND, UNITED STATES
Bill Moore is the CEO and Founder,
XONA, providers of a unique “zero-
trust” user access control and
analytics platform especially tailored
for Operational Technology (OT).
With over 20 years’ cybersecurity
experience, Bill has worked with
public and private organisations
leaders to provide better visibility them, our customers suffer. Bringing in the
and control over their networks and talent of Burns & McDonnell, you see the
EXECUTIVE BIO data to reduce enterprise cyber risks. benefit and we hope to share that with other
Moore has recently been working customers throughout North America.”
closely with power, oil and gas, and
manufacturing customers as well Electrification, renewable
as Industrial Control System (ICS) energy and AI data changes
cybersecurity technology companies As the utility industry continues to embrace
to find more efficient ways to reduce decarbonisation and electrification, Burns
operational costs and cyber risks & McDonnell will continue to help utilities
simultaneously. understand complexities and implement
www.bookresnehwqabl.eneneertgy solutions.
120 September 2022
BURNS & MCDONNELL
IMPORTANCE OF NEXT GENERATION TRAINING
One of the biggest challenges facing the utility industry workforce is training and
imparting the knowledge, according to Farquharson.
“There is a great opportunity for youngsters coming out of school to apply their
talents at these institutions. We have to continue to support them and understand
it’s not a ‘start up’ but important for career development and to keep the grid up and
running,” he said.
www.bookshq.net
technologymagazine.com 121
“If you look at the whole idea of “ In the utility industry
electrification, it really looks like The Jetsons, today, there is a lot
but it’s a lot of fun, it’s really exciting.”
Coupled with the increasing emphasis of work on predictive
on wind and solar, is the development of analysis – marrying that
smart cities, incorporating greater use of AI
and data analytics within the Operational with cyber and AI is key”
Technology (OT) networks.
“I see that all as a major shift. There is a lot JEROME FARQUHARSON
of discussion integrating cybersecurity into SENIOR MANAGING DIRECTOR,
www.bookshq.netthe critical infrastructure design process.
BURNS & MCDONNELL
122 September 2022
BURNS & MCDONNELL
Security by Design also is going to be a key “There’s a big offshore build out on the
development.” east coast and utilities have to keep up with
Burns & McDonnell recently announced that, and growth in microgrids,” he said.
it is supporting Buckeye Partners, L.P. as “It means the requirements and
the EPC contractor for a new 164-MW regulations are going to continue to
solar energy project in Hill County, change, and it’s important we keep up with
Texas, between Waco and Dallas, part that on the software side and serve our
of Buckeye’s energy transition strategy, customers.”
and bringing additional solar generation
capacity to its portfolio. Kirkpatrick agrees
www.bookshq.netthe future is definitely with renewables.
technologymagazine.com 123
www.bookshq.net
124 September 2022
TECH & SERVICE PROVIDERS
TECHNO-NATIONALISM
& DATA
SOVEREIGNTY
Identified as one of Gartner’s Top Tech Provider
Trends for 2022, Techno-nationalism is gathering pace.
We look at data sovereignty and why it matters
WRITTEN BY: ALEX TUCK
Globalisation increased GDP by having previously served as Vice President
US$25tn over the past decade of Google Cloud EMEA for eight years.
through integrated global supply As an early leader at Google Cloud,
chains, free trade and free flow of capital, Marotte was responsible for much of the
according to Gartner. It suggests that foundational growth and development
we are now entering a new phase of across EMEA, including the launch of G
opportunities accruing to companies Suite (now Google Workspace).
that can operate more efficiently in a He is well-known in the industry as a
nationalised environment. dynamic leader with exceptionally high
With a 30+ year career, Sébastien standards and incredible integrity. Now
Marotte has held executive roles at some President of EMEA at Box, who were formed
of the world's highest-profile software in 2005 to make it easy to access information
companies including Google, Hyperion, from anywhere and collaborate with anyone,
and Oracle. He most recently led Google they now work with 97,000 companies and
www.bookshq.netCloud's EMEA Channels as Vice President, 68% of the Fortune 500 our customers.
technologymagazine.com 125
Get reliable
network coverage
and security
protection, fast.
A modern network must be able to respond easily, quickly and flexibly to the growing
needs of today’s digital business. Must provide visibility & control of applications,
users and devices on and off the network and Intelligently direct traffic across the
WAN. Be scalable and automate the process to provide new innovative services.
Support IoT devices and utilize state-of-the-art technologies such as real-time
analytics, ML and AI. And all these must be provided with maximum security and
minimum cost.
This is the power that brings the integration of two cloud managed platforms,
Cisco Meraki and Cisco Umbrella. This integration is binding together the best of
breed in cloud-managed networking and Security.
cisco.com
cisco CiscoSecure CiscoSecure
www.bookshq.net
TECH & SERVICE PROVIDERS
“… it is clearer
than ever that
data sovereignty Marotte believes that the hybrid
is a top priority workforce and dynamic compliance
for regulators” landscape have reshaped the way
organisations are approaching data
privacy laws, and suggests as an initial
SÉBASTIEN MAROTTE step to safeguarding against future data
PRESIDENT EMEA, sovereignty obligations, “business leaders
BOX should first understand where their data
resides, before looking at the issue of data
Data sovereignty now a top sovereignty more broadly.”
priority for regulators “We’re seeing data residency
“With Gartner predicting that nearly two- requirements ramp up across Europe
thirds of the world’s population will have already; in France, President Macron is
their personal data protected under new pushing for a more ‘sovereign, united,
privacy regulations by next year, it is clearer democratic Europe’ and openness in
than ever that data sovereignty is a top- the technology industry is paramount to
www.bookshq.netpriority for regulators,” said Marotte.
achieving that.”
technologymagazine.com 127
TECH & SERVICE PROVIDERS
Intercity - Tier 3 Datacentre
In Intercity’s UK-based, geo-redundant preferring a ‘People first, business first and
Tier 3 data centres, the data is stored in outcome focused’ approach. Foster set out to
geographically diverse locations across the establish a new precedence on data strategy
country, to safeguard against catastrophic in a traditionally tech-led data industry.
events and natural disasters, as well as “For many governments around the
balance traffic for optimal performance. world, data is now a critical component of
the decision-making process. We saw it in
the UK during the COVID pandemic, when
data shaped policy in almost real-time.
Data as a huge strategic asset Data-led insights were - and continue to be
for governments - an invaluable asset for local and national
“In the right hands, data can be a huge decision makers.
strategic asset for both central and local “But data has a trust issue and the use of
governments. It can be used to inform it is still perceived with scepticism by many.
decisions on a whole host of issues, including Do - and indeed, should - citizens trust the
resource allocation, distribution of benefits, government to do the right thing with their
and policy changes, as well as to track data? How can we ensure data does not
performance and evaluate progress towards become weaponised against people, as we
goals set out by governments,” said Jason have seen happen in the past with murky
Foster, CEO and Founder, Cynozure. election targeting? How do we prevent the giant
A tech consultancy, Cynozure was founded global corporations like Amazon and Facebook
in 2016 with the ambition to reshape how from having greater power, control, and access
www.bookshq.netpeople think about data and analytics,
to data than governments do?” said Foster.
128 September 2022
TECH & SERVICE PROVIDERS
For the full potential of data to be realised, Techno-nationalism:
Foster argues that these challenges “need What is it and how
to be faced head on” and that “we need will it change global
clear rules and regulations for how AI can be commerce?
deployed, and the governments must set out
what is and isn’t allowed”. “Techno-nationalism is a new strain
of mercantilist thinking that links
Foster cited the example of even technological innovation and capabilities
artificial intelligence (AI) deciding targets in directly to a nation’s national security,
warfare: “When it comes to the widespread economic prosperity and social stability.
deployment of new technologies, ethics is of The state, therefore, must intervene
equal importance as law and only then will and guard against opportunistic or hostile
the public trust how their data is being used.” state and non-state actors. Techno-
nationalism seeks to attain competitive
The difference between data advantage for its stakeholders, both
residency and data sovereignty locally and globally, and leverage these
“These terms are similar as they both relate advantages for geopolitical gain.”
to where data is stored, but they are very
different,” said Phil Bindley, Managing Alex Capri, Forbes Contributor.
Director of Cloud and Security at Intercity;
an innovative and people-centric IT
services company.
“Data residency refers to the geographical
location of data, whereas data sovereignty
relates to the laws and governance structures
that data is subject to, due to the geographical
location of where it’s processed.
He added: “The location of data has
become increasingly important due to
an increased demand for cloud storage
as many businesses shift to hybrid and
remote working. In real terms, ParkMyCloud
reported that three quarters of enterprises
“Data residency refers to the geographical
location of data, whereas data sovereignty
relates to the laws and governance
structures that data is subject to”
PHIL BINDLEY
MANAGING DIRECTOR - CLOUD AND SECURITY,
www.bookshq.net INTERCITY TECHNOLOGY LTD
technologymagazine.com 129
TECH & SERVICE PROVIDERS
now define their strategy as hybrid or “ For many government
multi-cloud.” the world, data is now
component of the deci
While cloud-based services can offer making process”
organisations significant value in terms of
collaboration, Bindley suggested that using JASON FOSTER
these applications “leads to an increase in CEO,
international data transfers”. CYNOZURE AND CDO HUB
This can result in compliance issues for
users and providers, he outlined, “due to the
ever-changing and differing data protection
and privacy laws across the world.
Following the UK’s exit from the European
Union, data transfers from the UK to the EU
are safeguarded by the Adequacy Decision
announced on the 28th of June 2021, meaning
personal data can continue to flow between
the two without the need for organisations to
ensure appropriate safeguards apply.
While the UK’s data protection regime is
deemed adequate until 27th June 2025, this
will only be renewed if the UK continues to
protect the personal data of EU residents,
in line with the EU GDPR rules. If UK data
protection law significantly diverges from the
EU GDPR, the Commission could withdraw
this decision,” said Bindley.
How do these laws affect businesses?
Taking a multi-cloud approach means
businesses will be storing data across the
different sites that they use for different
activities, such as HR or payroll.
Bindley doesn’t suggest turning back the
clock on cloud migration, but “it’s important
to closely examine where your data resides,
what’s in the small print, and whether your
cloud services provider is being transparent.”
Once data is in the cloud, “a lot of
businesses will assume its security is the
responsibility of whoever runs that cloud,
such as Microsoft for Microsoft 365”.
However, the security for that data is still
www.bookshq.netdown to the business itself, and “it’s the
130 September 2022
ts around TECH & SERVICE PROVIDERS
a critical
ision- business that will be at risk if the data is
breached or lost”, according to Bindley.
“Having clarity over what data is held and
where it sits in terms of its sovereignty and
residency is vital, so staff and customers can
be assured their data is in safe hands.
Despite its importance, keeping track
of data within these different sites often
falls to the wayside for SMEs, as they don’t
employ a Data Control Officer who can
take responsibility for it, meaning no staff
member or division feels accountable for
keeping data secure,” he said.
The risks of not keeping track
If there was a breach, Bindley said it’s wise
to know who is responsible for the security
of the compromised data: “The Information
Commissioner’s Office (ICO) will come down
much harder if the correct measures are
not in place, so businesses must be able to
demonstrate they have done all they can”.
In 2020, British Airways was fined after users
of its website were directed to a fraudulent
site, where hackers were able to harvest the
personal data of around 400,000 people,
including login and travel booking details,
names, addresses and credit card information.
“The ICO issued a fine of £20mn - the
largest fine under GDPR to date, as it
found that the hack was the result of BA’s
negligence. Not only did this have a huge
financial consequence for the company,
which was already suffering financially under
lockdown rules, it caused a catastrophic
blow to its reputation.
If you avoid thinking about your business’s
data protection, either because you don’t
understand how to take the first step
or feel it’s not your responsibility, and
then something goes wrong, there could
be business-ending consequences,”
www.booksasidhBiqnd.leny. et
technologymagazine.com 131
WRITTEN BY: www.bookshq.net
CATHERINE
GRAY
PRODUCED BY:
TOM
VENTURO
132 September 2022
BELRON
SECURING
BELRON’S
FUTURE WITH A
ROBUST CYBER
DEFENCE SUITE
www.bookshq.net
technologymagazine.com 133
BELRON
As it continues on its digital
transformation journey, Belron’s
Anthony Foust explains how the
company’s cyber capabilities are
leading the way
M aking its mark in the
automotive industry,
Belron offers vehicle glass
repair, replacement and
recalibration services.
Belron is heavily dependent on the
technicians and other members of staff
that work to keep the company running
– and included within that team is the
company’s Global Chief Information
Security Officer, Anthony Foust.
“This has to be one of my favourite
companies to work for because of the
culture that we have,” says Foust.
“It is very caring, very diverse and very
inclusive. It’s a team where it doesn't
matter what country you're in, where
you're from, or what role you're in because
everybody cares about the success of
everyone else,” he continues.
Committed to excellent customer
service and satisfaction, Belron is in a
period of transition to continue meeting
and exceeding customers’ needs – as
Foust notes: “We have started to make
some fundamental changes within the
company. The organisation today is starting
to undergo a transformation of technology
and business process and maturity overall.
“Our technologies weren't really well
cared for and, as a result, the technologies
themselves – in terms of their capacity
– didn't really keep up with the business
demand.” explains Fouwst.ww.bookshq.net
134 September 2022
www.bookshq.net Example of
an image caption
technologymagazine.com 135
BELRON
Title of the video
“Through this “AI and machine The shareholders and
transformation journey, learning technologies the executive team
we have recognised have really made a
that we not only need are going to be critical strong commitment
to uplift these core to cybersecurity,”
technologies for the for cybersecurity in explains Foust
business, but we the future. The noise “Now, we need to
also need to mature is just tremendous” make sure that we are
and modernise our maturing ourselves
cybersecurity and and building up this
privacy capabilities.” ANTHONY FOUST capability within our
It is essential that the GLOBAL CHIEF INFORMATION organisation, which
is world-class across
company modernises SECURITY OFFICER, the board, no matter
its technology while it BELRON
continues to drive forward what country we're in
its goal of flipping a negative experience on or what brand we're part of. We want to
its head, such as a windshield or windscreen really make sure that we are protecting our
breakage, instead providing customers with employees’, customers’ and clients' data
the best service experience possible. to the best of our ability, utilising industry
“This is a company that truly does care tools and processes that meet or exceed
about its customers, about its employees and those standards,” continues the Global Chief
www.bookshq.netthe data that's associated with them.
Information Security Officer.
136 September 2022
Enhancing Belron’s cybersecurity BELRON
journey with new capabilities
Still in the early stages of its transformation ANTHONY FOUST
journey, Foust explains that Belron is keen
not to extend itself too much in fear of things TITLE: GLOBAL CHIEF INFORMATION
slipping through the cracks or technologies SECURITY OFFICER
being implemented incorrectly.
INDUSTRY: MOVH MANUFACTURING
“We're not trying to push to the bleeding LOCATION: NORTH CAROLINA, US
edge because it is a journey for this
organisation. I would say probably what Anthony Foust is a 27-year
has been unique for us is the pace. In two veteran in Information
years, we’ve accomplished the centralisation Technology working across several
of our global cyber function, which is the roles and industries and currently
first function to actually be centralised in serves as the global CISO for Belron.
that space for technology. That was unlike Anthony obtained his MBA from Elon
anything that's been done in our technology University with a focus on strategy
group before,” Foust says. and leadership as well a Master’s
degree in Information Security
“The company traditionally has been and Privacy from the University of
decentralised so it's a new way of operating North Carolina Charlotte. He is an
for both the organisation and the team. It has active member of the technology
given us the ability to accelerate capability community and regularly serves as a
growth, be it via the deployment of new tools guest speaker, panel contributor or
and technologies or new processes. That moderator. Anthony’s current interests
alone has probably taken a unique approach, have lately focused on governance,
in terms of how quickly we've been able to risk and compliance in the areas of
scale, build out a team and create a capability international Information Security and
that is really mitigating some of our biggest Data Privacy (RegTech).
threats and day-to-day risks.”
EXECUTIVE BIO
One key thing that Foust and his team
have been able to implement at Belron to
support employees is its Integrated Cloud
Email Security capability.
“Phishing was very prevalent within the
organisation, and it created a lot of noise.
Integrated email security has been a really
16mn
Customers were served in 2021, in more
www.bookshq.netthan 30 countries, across six continents.
Tap into the right technology
Mazars consulting services help accelerate the alignment of
people, processes, and technology so businesses can move forward
in the right direction. We provide end-to-end technology and
cybersecurity consulting, implementation, and managed services.
Move forward with Mazars.
Want to learn more about Mazars technology and digital
consulting services? Click this link or scan the QR code.
www.bookshq.net
Mazars: Transforming Belron with
Asam Malik and Mike Fried
Asam Malik and transformation in a transformation roadmap.
Mike Fried of Mazars holistic manner,” says Transforming core
discuss the Holistic Mike Fried, Partner, business functions such
Transformation Technology & Digital as finance, sales and
of Belron using Consulting practice marketing, operations
Technology and in the US, “starting and supply chain,
Artificial Intelligence first with business IT and HR. Enabling
transformation as the business through
Mazars is a leading the overarching technology solutions.
international audit, foundation, and then Enhancing decision
tax and consulting digital technologies making by leveraging
firm, with strong risk, serving to enable and data as a competitive
compliance and digital accelerate a company’s advantage. Leading
transformational business transformation people through the
expertise. They have efforts across people, change. And, finally,
recently embarked process and technology protecting the business
on helping Belron, a solutions.” through risk and cyber
vehicle glass repair and security solutions.”
replacement company, In their approach, Mazars
undergo a holistic digital uses a comprehensive “Belron is a valued client,
transformation. Although business and digital and we really like their
a company like Belron is transformation culture and core values,”
not the first to come to framework. “There are says Fried.
mind when we think of really six core layers
such transformations, to help clients achieve Contact us
its foresight in doing their transformation
so, with Mazars’ help, goals,” says Fried. “This
is exceptional. includes strategising
and developing their
Asam Malik, Partner,
Technology & Digital
Consulting practice in the
UK, leads technology and
digital practice for their
clients in the region. His
role entails helping clients
leverage technology more
effectively and helping
them manage their risks
around technology.
“We really look at digital www.bookshq.net
BELRON
“I t is very caring, very diverse
and very inclusive. It’s a
team where it doesn't
matter what country you're
in, where you're from, or
what role you're in, because
everybody cares about the
success of everyone else”
ANTHONY FOUST
GLOBAL CHIEF INFORMATION
SECURITY OFFICER,
BELRON
big help for us in reducing that noise in our
system and allowing our team to really focus
in on signal events – things that really do
require a little bit more in-depth analysis,
research and investigation to determine if
we have a bigger problem,” Foust explains.
As Belron is still in the early stages of this
journey, there are a number of technologies
Foust and his team are keen to implement.
It’s crucial that the implementation of these
occurs in a timely fashion to guarantee a “In our future technologies, as we're
robust grace period, where various functions continuing to grow beyond some of the
are tested and analysed to ensure they work core elements that we've implemented in
to the best of their ability. the last two years, much will be automated
“AI and machine learning (ML) or enabled by AI – especially in the areas of
technologies are going to be critical for anomaly detection.”
cybersecurity in the future. Today, we use The introduction of these new
AI a lot for helping us detect vulnerabilities technologies and capabilities really boils
and in determining those vulnerabilities down to the company’s dedication to its
that have a real potential for the exposure customers and employees alike, which is
to a real risk event. Email is another an integral aspect of the business and its
component in helping us through AI driving ethos.
technologies, identifying and sorting out the “We want to make sure that when customers
truly malicious emails from those that are give us data, they know we are going to treat
legitimate. That's a really critical element for that data as one of our most valuable assets and
www.bookshq.netus today,” comments Foust.
protect it; that we're only going to keep it as long
as we need to keep it to complete business with with us – the data we collect through HR
them. That's the important thing that we want processes for example – that it's going to be
to think about on the customer journey side. protected and secured.
“We are very customer-centric. Our data Foust here draws attention to the
shows that as an organisation, but I would cyclical nature of employee and customer
also say too, we are very employee-centric,” relationships, demonstrating that they
Foust highlights. directly feed into one another and set
“We also want that same experience in important precedents for the company to
terms of data protection and privacy for hang its success on.
our employees. We know the people of our “That level of assurance and confidence
organisation are the most important part of with us as an employer will translate down
how we are able to exist and function for our to our customers. When we speak to our
customers. We want that experience to be customers, be it that call centre agent or
the same as if they are also our customers in that field technician out in the field or in the
cybersecurity and privacy, so they also know branch, that sense of confidence in Belron
www.bookshq.netthat when they share their personal data
can be exuded to our customers.”
technologymagazine.com 141
www.bookshq.net
www.bookshq.net
“ Through this transformation
journey, we have recognised
that we not only need to uplift
these core technologies for
the business, but we also need
to mature and modernise our
cybersecurity and privacy
capabilities”
ANTHONY FOUST
GLOBAL CHIEF INFORMATION
SECURITY OFFICER,
BELRON
www.bookshq.net
144 September 2022
BELRON
BELRON’S BRANDS
Included in Belron’s brands are Carglass®,
Safelite®, Autoglass®, Lebeau®, O'Brien®,
Smith&Smith® and Speedy Glass®
Securing success with strategic partners
To ensure this level of trust and assurance
is maintained throughout the business,
Belron looks to create sound strategic
partnerships that offer the company both
flexibility and adaptability as it continues on
its transformation journey.
“Those that really are true partners – as
opposed to vendors or suppliers – are the
ones that really take the time to understand
your needs, your vision, your strategy,
your stakeholders, the business and the
operating model by which it runs. Those are
the ones that are always going to stay with
the company for a long time. Some of those
partners have worked with me for several
companies because of that,” notes Foust.
Supporting Belron with its user-friendly
technologies is Abnormal Security, utilising
its AI-based cloud email security platform
to help protect Belron against the full
spectrum of attacks.
“What makes them stand out as a partner
with us and our longevity with them is, as
they've continued to grow as an organisation,
they have still remained focused on what
we need from them,” Foust outlines, before
going on to list the numerous benefits of the
relationship. “They always want to make sure
we're successful. They truly sit down and
listen to our feedback and try to incorporate
that into the product’s development.
They are proactive and attentive to us as
www.bookasclihenqt o.f ntheeirst.”
technologymagazine.com 145
www.bookshq.net
146 September 2022
BELRON
“Those that really are true partners – as opposed to
vendors or suppliers – are the ones that really take
the time to understand your needs, your vision,
your strategy, your stakeholders, the business and
the operating model by which it runs”
ANTHONY FOUST
GLOBAL CHIEF INFORMATION
SECURITY OFFICER,
BELRON
Through a flexible approach to working
with Belron, Mazars is able to support the
company throughout its various projects,
as Foust explains: “They really want to
get in with you and strategise; they want
understand how you're thinking, what the
company is thinking and how we develop a
solution or a proposal that really meets that
need. Their operating model is really driven
by understanding their customer, meeting
their needs, and tailoring their proposals to
the customer's needs.
“Things always change here when we’re
executing a project. The best part of
Mazars is that they're right there with us
“This has really been the big difference and helping us facilitate this change. That
between just a typical transaction with an flexibility, that adaptability and that ability
endpoint solution. At the end of the day, the for them to bring subject matter experts to
technology speaks for itself. It has made a us to be thought partners on that front is
real significant impact and the noise that just tremendously valuable.”
our team are having to deal with on a day- He concludes: “Due to how they've
to-day basis has reduced. They have been a consistently shown up for us as a partner,
great partner from a technology side point.” any time we have a problem now, they're
Additionally, Belron works closely with on the very, very short list of who we go to,
the renowned international audit, tax and to think about problems and the solutions
advisory firm, Mazars. Mazars, according to around those problems.”
Foust, is very much aligned with both himself
and the company, in terms of what it wants
from its partners. www.bookshq.net
technologymagazine.com 147
KEEPING EYES
ON THE ROAD:
THE
ROLE OF
COMPUTER
VISION
As companies continue with their autonomous
vehicles initiatives, we take a look at the role of
computer vision in making these vehicles a reality
WRITTEN BY: CATHERINE GRAY computer algorithms,” explains Appu Shaji,
Mobius Labs CEO and Chief Scientist.
Enabling computers and systems to “Computer vision technology has a role
derive meaningful information from to play in nearly every imaginable walk of
digital images, videos and other visual life. In the media sector, the technology can
inputs, computer vision is pretty much not only detect the content of an image but
exactly what you think: a field of artificial grade the style and quality of the visuals.
intelligence (AI) that gives computers the The aesthetic score can be determined in
ability to see, observe and understand. a couple of seconds, assisting marketing,
“Computer vision tries to understand from advertising or editorial departments to
a physiological sense how our brains are select the most pleasing photographs. It can
able to perceive our visual world. One of the also scrutinise thousands of video clips to
most popular and effective glues allowing provide relevant recommendations, plus flag
us to connect these two fields are machine and/or block inappropriate content. It can
learning techniques, which encode the act also be trained to match influencers with
www.bookshq.netof learning – and eventually understanding – brands to grow new client bases.”
148 September 2022
AI & ML
www.bookshq.net
technologymagazine.com 149
ADVERT PAGE
MEDIA SALE
www.bookshq.net
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Technology September 2022 www.bookshq.net
Discover the best professional documents and content resources in AnyFlip Document Base.
Search