DXCTechTalk

Security in the Digital World
Organizations on a digital transformation journey must make a parallel trip, one that integrates security and risk management into DevOps and Continuous Delivery (CD) processes. Join our security experts to discuss security in the digital world.
   a year ago
#DXCTechTalkDigital DirectionsDigital transformation is entering a new phase. Let's discuss how the next phase of digital transformation is playing out across major IT domains, including cloud, security, analytics, applications, workplace and delivery.
DXC Technology
Question from the livestream: Will there be a time where our Service Desk will be fully automated? If yes, in how many months/years?
Dan Hushon
so shifting to #NOOPS will never be "done" but easier with livestock vs. pets... livestock is today in a #SRE world IMHO
H Higgins
.@DXCTechnology i don't know that I'd want a fully automated Service Desk. There are some tech issues that need to be addressed with a real person. #DXCTechTalk
Dan Hushon
@HHigginsDXC when is the last time that you wanted to talk to one of your subscription providers - e.g. spotify, iCloud...
Lisa Braun
@HHigginsDXC I think this is where the balance of people and machines comes in -- figuring out the optimal way for people and machines to collaborate. Per @JerryAOverton
Chris Swan
@HHigginsDXC I think most of us want a similar UX to what we get with everyday apps & services, where there often isn't a help desk at all (never mind a 'real person')
Lisa Braun
@cpswan Right. Mostly people want fast fixes to problems, whether they do it themselves or someone or some bot does it for them.
H Higgins
@DanHushon Yesterday... Stage10 :)
Dan Hushon
@HHigginsDXC only because it didn't work like it should #overduehomework
H Higgins
@DanHushon That's the key. Ease of use. As a user, we shouldn't have to read pages of tech jargon. I just want to plug and play.
H Higgins
@DanHushon In today's digital world, I know we all need to be digital but how "techie" do we need to be?
Dan Hushon
@HHigginsDXC ... I saw @stroker on earlier, we should ask him... me : in a digital world, we must all possess digital skills.
Lisa Braun
Can you comment on the role security plays in sharing data with partners in a data ecosystem.
Dan Hushon
@DXCTechnology actively shares what it sees in the security landscape with other partners... zero days, real/potential threats and in the future we will be talking about detection models that can be "trained" by companies since the "flow" of every client is dif.
Mark Hughes
Starts with risk assessment and then into specific tooling requirements eg encryption
Chris Nøkkentved
Most enterprise have been migrating for some time from EDI to Secure APIs with SAML Authentication and Encryption for Data-in-Motion. Sensor and sensitivity data flowing from partners into Data Lakes is a key concern today...
Dan Hushon
@cnokkentved this problem of information flow past corporate boundaries is important in #ecosystem plays... how are you seeing companies like @immuta having an impact?
Mark Hughes
So its a significant area fo the security team to be engaged from the outset. And then to be monitoring. There is a lot of regulation in or coming that deals with this - GDPR being the most well known
Chris Nøkkentved
@DanHushon not heard of that yet, as most companies are modernizing basic stuff like Identity & Access Mgmt, Data-In-Motion Encryption and APIs. We are seeing a lot of applications of #blockchain for Active Ingredients in #LifeSciences and #Food industries lately
Dan Hushon
yes, thanks...
Dan Hushon
@immutadata is applying ML to flow data across trading partners to "automate" the appropriate reg/policy/rule enforcement to enable lower friction/risk ecosystems to emerge
Chris Nøkkentved
@DanHushon there are a lot of solutions emerging in the application of AI in Integrated Risk Mgmt space. Looks like #immutadata efforts to create a machine-readable regulatory format to allow for direct embedding of AI/ML algorithms into the disseminated datasets will be an edge.
Lisa Braun
Is there such a thing as resilient employees? We talked a lot about the importance of cyber resiliency and since people are such a big part of the security equation, I wondered what a resilient person in this context might look or act like.
Chris Swan
it's not typical terminology, but I expect it points towards psychological safety and continuous learning
Dan Hushon
I go back to #SRE, "reliability engineering" which could probably be "resiliency" engineering... since we all produce and consume information to live our lives and do our jobs, we need to think about provenance, value / utility and act accordingly
Mark Hughes
Its a great point. And yes, I think there really is. In one particular significant cyber incident, essentially the business lost most of their IT. It was the quick reaction of the employees and importantly, the willingness to help that averted real disaster
Dan Hushon
we don't leave our cars / houses unlocked, wallet unattended... but it's harder to manage the best practices in business... we need easy button - think that ML/AI will help #SmartWorkplaces
Mark Hughes
So a cultural issue as well - having people who are prepared to be curious, to get involved in their own continuous improvement and who feel invested in their business can make a huge difference.
Dan Hushon
@markhughessec I like the curious... and would add "action oriented" if you see something broken, you fix it - or work with others to ensure it is #ExtremeOwnership
Dan Hushon
What are the challenges that people are having shifting to #DevSecOps or #SRE?
Chris Swan
the usual thing of 'DevOps' is a reorg (not just a tool you buy, or a new hire)
Dan Hushon
#DevOps also a culture... cannot just shift/assign risk... #ExtremeOwnership?
Chris Nøkkentved
security is not supposed to be an afterthought, but rather embedded in the development culture of any enterprise or government organization. So #DevSecOps for building threat & vulnerability resilient code needs to become part of the DNA business technologies
Dan Hushon
yes and the merging of the dev/sec/ops cultures breaks down traditional org silos thus @cpswan's comments
Chris Swan
another issue is the 100:10:1 ratio that's normal for dev:ops:sec staffing levels. Sec is thin on the ground and hence needs lots of leverage
DXC Technology
Thanks for joining the chat. Watch for the next #DXCTechTalk!
Dan Hushon
@markhughessec @markhughessec what is the state of the art in real #infosec .. protecting while not impeding the flow of information between participants?
DXC Technology
Thanks for joining the chat. The conversation will continue here.