Cybersecurity, Confidential Computing, and What’s Ahead

In this episode of the Futurum Tech Webcast I was joined by my partner and fellow Futurum analyst, Daniel Newman, for a conversation about cybersecurity. Security breaches are frequent, inevitable, can have a big impact on customer trust, can also impact corporate profitability, and quite often can cost a CISO or CIO his or her job. From the Microsoft Exchange Server attack this past week, to the SolarWinds attack of the last few months – both at the hands of state sponsored actors, one suspected to be of Russian origin and the other Chinese, to well-known cybersecurity breaches like Equifax, Target, Capital One, JP Morgan Chase, Marriott, what we’re seeing in the industry is a massive difference in risk between organizations that take effective cybersecurity precautions versus organizations that don’t. With the financial impact of a data breach in 2020 averaging about $3.86 million, not taking into consideration what is often millions of dollars in fines, cybersecurity and the inevitability of a hack is something that needs to be addressed at the highest levels in the organization. Cybersecurity must be a board-level concern and resonate on down through every level of the organization, from the CEO and CIO/CISO and beyond. Cybersecurity must be a foundational part of business strategy and more training and more processes isn’t always the answer — technology will likely play a big role here as well in the months and years ahead. In our conversation we touched on what we do with data and the problems with the status quo. Think about it for a moment. When it comes to data, we: Decrypt it to use it What happens when the administrators or our data repositories leave? When the data relies on the public cloud, how do we ensure the container or the virtual machine operators are operating in a trusted way? Are process and certification and compliance standards enough? We don’t think so. Yet, anyway. This is the first of several conversations we’ll have on this topic as we are also working on a research brief on the topic of Confidential Computing, which is all about how to manage and more accurately and safely secure data that is in use, and protecting data in use by performing computation in a hard-ware based Trusted Execution Environment. Confidential Computing is in the nascent stages, but we’re certain we’ll all be talking much more about this in the months to come.