Among the most alarming attack vectors that cybercriminals can target are the hardware and software used in industrial settings to monitor and control billions of devices, processes and critical infrastructure. These include control sensors, power generation management, oil & gas refining management, cameras, switches, machinery, and fire systems to cite a few examples. These operational technology (OT) instances are mainly designed to interact with specific equipment, and they don’t always come with sufficient security or update mechanisms built-in to withstand concerted attacks.

Our guest on this episode of the Tech Means Business podcast, Nigel Tan, works for Delinea, a leading Privileged Access Management (PAM) solutions provider that can protect this layer of infrastructure, whether new or legacy.

While endpoint protection is often not viable and network-layer security unsuitable, it’s zero-trust and careful PAM that can make the difference between safe OT and an open door for hackers.

Nigel is Delinea’s Technical Director of Sales Engineering at Delinea for the Asia-Pacific, a battle-hardened professional who’s been active in cybersecurity for many years. Together, we discuss the present situation, the potential for damage to critical national infrastructure and worse, the possibility that a cyber incursion can easily damage human lives, physically.

There are ways and means, of course, to ameliorate the situation, which Nigel helps us discover as we check out Delinea’s OT protection methods.

Check out the Delinea website here:
https://delinea.com

Read the company’s blog on security, starting here:
https://delinea.com/blog/privileged-access-management-for-industrial-iot-security

Nigel Tan of Delinea is here:
https://www.linkedin.com/in/nigel-t-bb4bba7/

Joe Green’s LinkedIn profile lives here:
https://www.linkedin.com/in/josephedwardgreen/

The post Protecting Operational Technology with zero-trust appeared first on TechWire Asia.

The economic downturn is turning the screws on public sector funding right across the world. In the UK and Ireland that’s no different, with smaller budgets, a demand for more open, easily accessible services and, of course, the expectation that everything is to be delivered safely.

Many government departments, authorities and taxpayer funded organisations look to outsourcing ‘non-core or enabling functions’ as a way of focusing on delivering the best core value to citizens.

There are particular constraints on the public sector in the UK & Ireland in terms of data sharing inside the auspices of the legal & regulatory requirements, plus a need to offer services down as many routes as possible to a very broad demographic.

On today’s episode of the Tech Means Business podcast, Joe Green talks to two representatives from Wipro, a global multinational service provider, about some of these challenges and possible ways to approach cybersecurity service delivery in the public sector. Our guests talk about risk, cybersecurity education, and budgetary difficulties facing the sector, and bring their expertise to bear on this complex area.

Learn more about Wipro’s work in the public sector and cybersecurity here:
https://www.wipro.com/public-sector/
https://www.wipro.com/cybersecurity/

Hitesh Bansal, Country Head (UK & Ireland), Cybersecurity & Risk Services is here:
https://www.linkedin.com/in/bansalhitesh/

Richard Vinnicombe, Partner at Wipro Limited can be found here:
https://www.linkedin.com/in/richard-vinnicombe-46b36817/

Your host is Joe Green, who is here:
https://www.linkedin.com/in/josephedwardgreen/

The post Safer digital public services in focus appeared first on TechWire Asia.

We talk to Scott Hesford, the Director of Solutions Engineering, Asia Pacific at BeyondTrust, about applying granularity of privileges to multiple users at scale, and keep on top of it all, too. What could be a simple granting of privileges to a subcontractor for a day, can turn into a gaping cybersecurity hole that can bring an organization to its knees. And BeyondTrust is the company that’s here to help!

We talk about implicit zones, movement through the IT stack to get a day’s work done, and NIST’s airplane analogy for cybersecurity: who can get through to the departures lounge, who can board the plane, and (even) where a user can sit Or, in more direct terms, allowing a subcontractor to restart a service without sudo.

It’s all possible, it just needs the right partner; one with the cybersecurity tooling that’s not out of its depth in a multi-cloud, mobile, cloud-heavy environment.

Read more about BeyondTrust here:
https://www.beyondtrust.com/

The NIST zero trust information we refer to is here:
https://csrc.nist.gov/publications/detail/sp/800-207/final

The US Federal Government directive on Zero Trust can be found here:
https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf

The CISA Zero Trust Maturity Model can be found here:
https://www.cisa.gov/zero-trust-maturity-model

Scott Hesford is on LinkedIn:
https://www.linkedin.com/in/scott-hesford/

Joe “economy class” Green is here:
https://www.linkedin.com/in/josephedwardgreen/

The post Boarding the Privilege Plane: BeyondTrust in the Clouds appeared first on TechWire Asia.

Show Notes for Series 02 Episode 28

This podcast is produced in conjunction with Duo Security.
As cyber criminals evolve their methods, a zero-trust framework can help prevent a goodly number of attacks by ensuring users, applications, and devices are allowed to even begin interacting with protected system. Then, after being admitted (with minimum privileges), the framework checks again and again, at every point of interaction, to make sure that no-one or nothing gets access to people and systems that are off limits.

One of the first companies to successfully offer zero trust architecture from the cloud was Duo Security, a company acquired by Cisco in 2018. Its Global Advisory CISO, Dave Lewis, talks to the Tech Means Business podcast about the zero-trust concept, and how it’s used to keep the systems on which we all rely to stay safe from prying (and avaricious) eyes.

From his high school days when he hacked his classmates for LOLs and ROFLMAOs, to the present day as Global Advisory CISO at Duo, Dave has been there, at the forefront of cyber defense. His entire career (save the first ten days or so) has been in cyber security, yet his enthusiasm for and contribution to the industry haven’t waned.

We talk about the accident of passwords’ emergence as the de facto standard for cyber protection to today’s systems of authentication based on granular definitions of trust, AKA access security: user to machine, user to user, and machine to machine.

Dave’s knowledge goes back to the days when modems warbled and trilled while handshaking and continues in this age of multi-cloud and the emergence of AI.

To learn more about Duo Security’s unique zero-trust cyber security offering, click here:
https://duo.com/

Dave Lewis’s professional profile lives here, with the finest job title on all of LinkedIn:
https://www.linkedin.com/in/gattaca/

The Very Reverend Mother Green’s LinkedIn is here:
https://www.linkedin.com/in/josephedwardgreen/

The post Zero-Trust, from the cloud to a secured endpoint near you: Duo Security appeared first on TechWire Asia.