The cybersecurity problem is big news, and it’s getting bigger. The security challenges of 5G, multicloud and edge computing are causing businesses to take a radical approach to cybersecurity. And it won’t be long before quantum computing adds an extra challenge to the mix.

“What does that do to our nice, little network model that we had that our traditional systems are used to defending against?” asked Lisa O’Connor (pictured), managing director of security R&D at Accenture PLC.

O’Connor spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the biggest cyber challenges companies are facing and how Accenture Labs research is changing the future of cybersecurity. Answers have been condensed for clarity.

We always get the good scoop from Accenture because you have a lot of smart people in the company. What is your focus right now in applied R&D?

O’Connor: We are working on robust artificial intelligence. So, when we think about AI in the future, how do we know that it’s OK? How do we put it out there and know it’s safe in production? That we’ve done the right training and we’ve made our model resilient to what’s out there?

Really, it’s learning and creating the actually applied attacks on AI, then figuring out what the right defenses are. Depending on what type of machine learning you’re using, those defenses change. So, we’re working on basically defending AI and building those techniques so that what we put out as Accenture is robust.

AI is exciting right now but also frightening to people. It’s this weird mode we’re in now where I want to do more AI because I think it benefits society, but everyone’s freaking out. How do you balance that?

O’Connor: In Accenture’s “Tech Vision 2020,” there’s a lot of talk about value and values, which is really important when we think about AI because we can get great value out of it. But there’s a values piece of it as well. And it’s how we’re using it, how we’re getting those insights.

The companies that do customer experience well are going to excel. They’re going to keep their clients; they’re going to do amazing things; they’re going to become sticky. But they have to be good custodians of customer data and information. They have to offer curated experiences that the customer wants, not the creepy ones. Not the ones they don’t want. Trust is necessary in that ecosystem.

What are the most important security stories that aren’t being talked about that we should be talking about?

O’Connor: I have two that are front-of-mind for me. One theme we come back to, and it’s not sexy, is IT hygiene. So many of the large companies, and even medium, small companies, have legacy technology. Keeping that adds complexity; it adds to the whole breadth and depth of what we have to manage and defend. Keeping that attack surface simple and small, cloud-enabled, all those good things, is a real asset. And it makes it much easier to defend.

The other one I’ll say that I think is a challenge that we are not dealing with yet is quantum computing. At Accenture, we’re on the way to getting our post-quantum cryptography in place. But there’s another dimension to it, and it’s our histories: All of the things that have passed on the wire, all the communications with the key exchanges, all that brilliant stuff, is sitting somewhere.

Once we get to that point where this becomes very routine, and it’s coming fast. We have to think about how much data we’re keeping as custodians, how we’re managing it. Then we have to think about the exposure from our past. And I think there’s a real triage that needs to be done.

It’s always tough to pick your favorite child, but what is the coolest thing you’re working on right now? 

O’Connor: One of the things that we have is creating a model of the enterprise security posture. And when I say a model of it, I’m talking about a cyber digital twin.

There’s so much we can’t do in our production networks. We don’t have the capabilities on the security operations center team side to ingest all this stuff. We need a playground where we can ask the what-ifs, where we can run high-performance analytics, and we do that through a temporal knowledge graph. And, that’s a hard thing to achieve, and it’s a hard thing to do analytics at scale. So, that’s one of the big projects that we’re doing.

Are you saying digital twins is a framework for that? 

O’Connor: Yes. So, we can create digital twins around many things, because a digital twin is a model of processes, people, technologies, the statefulness of things, and configurations. Whatever you want to pull in there. So, when we start thinking about: What would we take in to create the perfect enterprise security posture? What would give us all the insights?

And, then we can ask the questions about, OK, how would an adversary do lateral movement through this? I can’t fix everything that’s a 10, but I could fix the right ones to reduce the risk impactfully. Those are the kind of what-ifs that you can do.

That’s real sci-fi stuff.  “Oh my god, the company just got hacked; we’re out of business.” That’s a goal simulation you could get to, right? 

O’Connor: It absolutely is. To ask those good business questions about the data and then to report on the risk of it. When you see the power of what that picture and the analytics can do … it’s just incredible to look at it, and it clicks. It clicks of all the potential things you could ask or do.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

Photo: SiliconANGLE