Here are 5 insights you might have missed from the Fortinet Cybersecurity Summit event
Security executives, customers and partners recently gathered in Napa, California, for the Fortinet Cybersecurity Summit. TheCUBE, SiliconANGLE Media’s livestreaming studio, was there to cover the key trends surrounding enterprise security.
Along with numerous stories written from interviews during the event, here are five additional insights you might have missed. (* Disclosure below.)
1. Cybersecurity has a huge skills gap problem, but it has a diversity issue as well
It has been well-documented that there are more than 1 million unfilled cybersecurity positions in the U.S. and over 3 million globally. What gets less scrutiny is that the percentage of women and minorities holding current cybersecurity jobs is shockingly low.
While women comprise 57% of the U.S. workforce, according to Bureau of Labor Statistics, the International Consortium of Minority Cybersecurity Professionals has found that they hold only 14% of positions in cybersecurity. That’s still better than the percentage of African Americans, who make up only 11.9% of infosec analysts, according to data compiled by the BLS.
The stark truth is that the cybersecurity industry has become heavily white and male. To counter this reality, there has been progress in some areas of the world that could serve as a model of change if more follow suit.
In India, women comprise 34% of the cybersecurity workforce, thanks to a government-backed science, tech, engineering and math education initiative. Groups such as Blacks In Cybersecurity have developed a global reach through active participation in conferences and development groups, and the International Organization of Black Security Executives offers scholarships to minority students with an interest in the field.
“The opportunities are endless, which is why it’s a little bit frustrating to see this big gap in skills, particularly around the area of women and minorities,” said Sandra Wheatley, senior vice president of marketing, threat intelligence and influencer communications at Fortinet, in a conversation with theCUBE during the event. “This is a huge focus of ours, and through our TAA initiative we have several different pillars to attack this problem.”
2. Restaurants have emerged as a prime use case for SASE deployment
The global pandemic has transformed many aspects of daily life, including the basic act of ordering a meal.
Many restaurants today, from multinational chains to the smallest food stands, now have either kiosks or tableside QR codes from which patrons must access an app to order and pay for food. The link management service Bitly has estimated that the use of QR code downloads has skyrocketed 750% over the past 18 months.
This has resulted in not only a transformation of the dining experience, but a major sea change in how restaurants must manage technology. Practically overnight, many businesses went from paper menus and people to take orders to a classic model for Secure Access Service Edge, or SASE.
For broadband service providers like Comcast Inc., the need for reliable connectivity has mushroomed as many businesses, including restaurants, must now manage and secure busy networks at the edge. This requires a strong internet signal and a fast back-office processing engine to keep orders running smoothly and the customers happy.
“For your quick service restaurant, the amount of digital sales from applications is just skyrocketing,” said Glenn Katz, former senior vice president and general manager of Comcast Business Enterprise Solutions, during an interview with theCUBE. “You order something, that goes up to the cloud, it comes back through and goes to the point of sale. And then the back of house network in a particular restaurant, if that doesn’t get there, perhaps because of one line or one internet connection, you lose business, you lose the customer. It’s so important.”
3. Custom ASICs are accelerating protection of network workloads as security demands more computing power
The rise of SASE has been accompanied by increased reliance on processors to combine security, edge and SD-WAN solutions into one package. The application-specific integrated circuit, or ASIC, sits at the heart of Fortinet’s SASE strategy.
Fortinet claims it delivers the industry’s only SD-WAN ASIC-powered edge solution. Performance is what sets the SD-WAN ASIC apart. It provides super-fast application identification and steering with low latency.
The company is putting custom silicon into its appliances to deliver a next-generation firewall, advanced routing capabilities and consistent security on- and off-network, powered by its FortiOS operating system. Fortinet believes this approach will allow its appliances to run at high speeds and provide large amounts of capacity at peering points, where two networks connect directly and exchange traffic. This represents an alternative to running SASE services in public clouds using software-only solutions, which will be a key differentiator to watch for Fortinet as it pursues its ASIC-driven strategy.
“We’re still the only company actually to develop the ASIC chip, which makes a huge competitive advantage compared to using software to do all the security function computing,” said Ken Xie, founder, chairman of the board and chief executive officer of Fortinet, during his interview with theCUBE at the event. “Security tends to need more computing power to process the same data as routing and switching. That’s where, for network security, the ASIC chip has a huge advantage.”
4. Orchestration companies are beginning to address the tricky balance between speed and risk in digital transformation
One of the keynote speakers at the Fortinet Summit was Ruvi Kitov, co-founder, chairman and chief executive officer of Tufin Software Technologies Inc. In his interview with SiliconANGLE, Kitov offered an interesting take on the current friction between digital transformation and cybersecurity practices.
“Security is a blocker to digital transformation,” Kitov said. “If you asked the right people and found out that every change takes a week on the network, you’re not digitally transformed. I see the network change process as pretty much the last piece of IT that has not been digitally transformed yet, and this is where a lot of opportunity is.”
Kitov’s point highlights a current conundrum in the IT world. Developers want to move fast, security wants to move deliberately, and something has to change.
As with many solutions in the IT space, the answer can be found in automation. Tufin automates and orchestrates security policies across enterprise firewalls and inside of the hybrid cloud.
Tufin’s latest release in June uses automation to perform the complex task of access decommissioning, the removal of rules and policies once access is no longer deemed necessary. The goal is to minimize outage risk while maintaining a high security posture and remove one more time-consuming task.
Tufin has over 2,000 enterprise customers, including half of the Fortune 50. The progress of network security automation will be worth watching because, as Kitov noted, this remains the final frontier in IT’s digital transformation journey.
5. We may have reached the limits of what security tools can realistically protect
Midway through an interview with Rupesh Chokshi, vice president of AT&T Cybersecurity at AT&T, the executive casually mentioned a statistic so astounding that it left theCUBE’s host Lisa Martin with a response undoubtedly shared by anyone else watching the conversation: “Wow!”
Chokshi said that AT&T now processes 440 petabytes of data on one average business day. To put that number in perspective, one petabyte is the equivalent of 20 million tall filing cabinets or 500 billion pages of text.
Another way to view this is through the lens of four of the biggest data processors on the planet. Two years ago, Amazon, Google, Microsoft and Facebook combined stored 1,200 petabytes. Now, AT&T alone is processing a third of that amount per day. “You can imagine the amount of information,” Chokshi said. “You can imagine the amount of security apparatus that you need to protect and defend and provide the right kind of insight.”
AT&T has adjusted to handling this new scale for data. However, this also adds scrutiny to security’s ability to protect the increasing amount of information running through the world’s infrastructure.
Security researcher Bruce Schneier, currently a lecturer at the Harvard Kennedy School, sounded the alarm on this scenario in a lengthy post four years ago, when he called for both government intervention and a concerted effort to pull back from connecting every device and system under the sun. Neither of these proposals has become reality, the data mountain just keeps growing, and the security risks have become far more serious.
“There is a fundamental difference between crashing your computer and losing your spreadsheet data, and crashing your pacemaker and losing your life,” Schneier wrote. “Computer security is now everything security.”
Be sure to watch theCUBE and SiliconANGLE’s complete coverage of the Fortinet Cybersecurity Summit. (* Disclosure: TheCUBE is a paid media partner for the Fortinet Cybersecurity Summit. Neither Fortinet Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Image by Gajus
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.