Episode 36 of The Andy Show
ALEX ISZATT [00:00:26] Welcome to the show, you’ve got me again Alex Iszatt, today. And today we’re talking about huge tech transformations and what we can do to make sure that remote working is security focussed on making and getting the best out of our people. So talking to me today is Phillip Griffiths. He’s from Net Foundry. Thanks so much for joining me today. Phillip.
PHILIP GRIFFITHS [00:00:49] Hi, It’s a pleasure to be with you.
ALEX ISZATT [00:00:51] So obviously people have to really get fast and into technology and things changes, so they probably wouldn’t have had to do in such a short period. What what are you seeing? What are your clients been talking to you about in this crazy period of change?
PHILIP GRIFFITHS [00:01:08] Yeah, it is interesting. I think there was an initial way where, you know, during February, March, maybe early April, where it was everyone was just saying, how do I enable people to work from home? How do I continue with as little disruption as possible? Setting up whatever solution they could. As soon as I fixed the conversation changes to what problems did I create by putting together a solution in a couple of weeks? You know, whether it’s security problems, performance problems, operational problems. It’s been a very turbulent period. I think Satya Nadella from Microsoft says it best when he said that, you know, we’ve had 2 years of innovation in 2 months. We’ve been forced to innovate really quickly. You know, that very extreme events cause us to move very quickly. Which gives some interesting challenges that myself I know enjoy trying to solve on a daily basis.
ALEX ISZATT [00:02:04] I think you’re right there that, you know, people are looking at the risks now because there are people that put a lot of money at the beginning, trying to get technology for remote working. Trying to adapt to a situation. But now it’s about those risks and obviously secure Internet is one of the biggest issues that people probably would have had to face from remote working. What have you seen in that area?
PHILIP GRIFFITHS [00:02:29] Yeah, very much so. I mean, I’ve spoken to organisations who during COVID-19 set up, you know, tens or hundreds of thousands of VPN and now they go in. We’ve got a really big attack surface, this is this is something we need to solve. By the same token, organisations who have users having to connect over their VPN from a personal device or their corporate advice for their some of their applications and all of the non VPN applications over a different device because they don’t have enough bandwidth on a VPN. It created some really tough ways of working for organisations. And ultimately the question is how we can very, very easily enable organisations to move into a secure and perform a way of working. The most interesting conversations I have is how you do that around zero trust? How you’re able to deliver performance and improvement at the same time. Because that’s most of the issue that people have. You know, you may be up set of a remote access solution, but fundamentally, VPNs were designed for us to log on to our VPN and reduce some expenses. And they’re not designed for running your most important applications, 24 by 7 from home. And that’s where very much we come in from Net Foundry. You know, we look to work with organisations. Give them the ability to create connectivity between any device, any data centre in a couple of minutes. And give them zero trust, improve their Internet performance. So even if you’re out in the middle of a country, access an application in ASW, you know, a few hundred thousand miles away, it still works well for you.
ALEX ISZATT [00:04:18] And do you think that then, you know, using a process like you’re just describing there, it means that the VPN model is going to be defunct by the end of the year if people already trying to be fast in moving the times?
PHILIP GRIFFITHS [00:04:31] I wouldn’t say VPN’s defunct there. Legacy I.T. stays around for a long time. Every so often I talk to people who say they are even Cobalt, which is like a mainframe coding language from the 70s. And it still exists. And they’re really well paid people. Funny enough, because it’s such a niche skill. So VPNs will always exist, there’s always a lot of legacy. But VPNs are dead. No one is going out saying, I want to have a VPN. In fact, quite the opposite. Many organisations are moving away from VPN due to the attacks of it. I linked in at least once a week of organisations being hacked from their VPN. You know, even because it’s an Internet facing service, because it’s a backdoor into their organisation. You know, this is why organisations like Gartner are making so much fanfare around zero trust network access and sassy, which is their view of security as a service and network as a service coming together in one single product. And we also, in fact, yesterday were just added to the Gartner list for being a vendor in zero trust network access. You know, no one wants to use VPN. So it’s just how do you make it as easy as possible for organisations to move away from them? From our perspective, the way you do it is you utilise a platform in the same way that data centres used to be hard. But now data since super easy because you just go to AWS Azure you pick a couple of buttons and you get SAP HANA environment because it’s powerful automation orchestration with API. We’ve built a platform that enables you to do the same thing. So you can connect anything in minutes with just API calls. But yet these zero trust security get the performance enhancements you don’t need “mp less” direct to connect all of these horrible legacy network and security solutions.
ALEX ISZATT [00:06:22] Is zero trust are quite trendy at the moment? A lot of people are suggesting that they have this architecture, which isn’t necessarily like true for some companies. Everyone’s kind of getting on that bandwagon, do you? What do you think about that? Do you think that if someone has a new client and they’re considering potentially and they’re not quite sure where to go, is brand new… This trendy new and zero trust is coming out. What would you do in that situation if you were a client? Where do you look?
PHILIP GRIFFITHS [00:06:54] Yeah, I think this is where, you know, as an organisation, you need to have trusted advisers that can help through this journey. Before COVID-19, when I used to go to events, I still really enjoy going to something like InfoSec. You’d walk around and every vendor like zero trust, with zero trust and you’d look at their solution by your box. That’s on the network level. And zero trust says don’t trust the network. Don’t trust the hardware. Move trust to an application level. To a user level. Abstract away from those on the line level. So you at best you could be maybe 50% zero trust or zero trust in a lower case? But really, if you’re going to be zero trust, you have to. And if there’s multiple levels of zero trust, know, the first level is just that you only gave access if you’re showing you are trusted and to a user, to specific applications, specific points, very granular, you know, not a VPM which goes, you’ve got the whole access to a whole subnet or side a range. But then beyond that, there’s, you know, the more advanced levels of zero trust is that you have a software defined perimeter so that your applications don’t even have any exposure to the public Internet, your private IP addresses, no inbound reports on your firewall. This is where you should be getting that zero trust. The level beyond that is that zero trust extends beyond just access into your infrastructure and into your application. So your zero trust access should be embedded into the application or into the immutable infrastructure such as a Kubernetes container. And again, because Net Foundry, our background is software only. We have endpoints for all of this. So we can go onto a VM in a branch or a DMZ. We can go into it “docke container. We have SDK which can go into a C sharp, a dot net, you know, whatever application or write in, as well as laptops and mobile. So the key point is that, you’re able to zero trust anywhere, you’re able to do it in a very simple and easy way. We’ll always have marketing who whitewash solutions there with zero trust with Sassy where with Cloud native, even though he’s a box. It’s just something we have to deal with and I hope the key thing is that having those trusted advisers that help organisations through that journey.
ALEX ISZATT [00:09:11] Basically don’t jump on the bandwagon if you’re not quite sure where you going. Is a great one for anyone who’s considering moving. Obviously, like the other technologies that are out there. You know, we’re talking about making sure that security is the focus. What can people do to make sure that they’re maybe making moving to a new network, architecture or trying to get rid of that old legacy, but also keeping secure? What advice do you give to those people?
PHILIP GRIFFITHS [00:09:42] Yeah, I think the best way to approach it is to take it in a iterative approach. You know, we always say to our customers that you don’t really want to big bang things. I mean, you can but there’s reasons to such a big bang then sure, you do a big bang. But my background, you know, I used to do transition of transformation management for our systems integrator. And we saw, as you know, map out these big plans. Hey do you want a Big Bang? A lot of risk or you do wanna do an incremental, takes longer but you reduce the risk. You know, different organisations have different drivers and what speed they need to move up. But if you can move incrementally, then that’s ideal. When your deploying zero trust when you’ve point Ner Foundry. You don’t have to do all you application at once, you don’t have to destroy and throw away everything you’ve got. I would say, well, this is my most important application. This is the one I’m gonna connect first, is one I’m gonna make zero trust and pull on to an App Wan to improve the Internet. I mean, you go through the journey of basically doing that for each of your applications. It’s exact same way in which you move into the Cloud. You have the Cloud model of, you know, which applications do I refactor? Which of them do I rebuild? Which of them do I just lift and shift? Sits very well in it, in a virtual machine in the Cloud. And yeah, you just, you know, switch off a data centre one day to the other because you’ve migrated. You’re going to journey to being Cloud first. And I think the same. You’re going to journey to an internet fast and to being zero trust and being sassy secure access service edge as Gartner defines that so that you have a very low risk way to change, but to start enabling all of the benefits of the network transmission, because at the end of the day, digital transformation only go so far. If you have a network from from 20 years ago where people hate using the VPN and they hate your security approach and they have poor performance on these new applications, you need a network transformation to drive the digital transformation.
ALEX ISZATT [00:11:47] And “obviously” that can work the opposite way round as well. With this, we’ve mentioned at the beginning with that it that two months and transformation happening so quickly. Is people have already at that beginning of the period of this pandemic went too far and went a bit crazy and maybe turned off those legacies and maybe turned off as data centre. And that’s a bit crazy but you know, if someone does something huge? How can they pull it back a bit and make sure that they do those that journey incremental steps? But looking back and then rebuilding, do you think that you’re gonna come across quite a few people who have basically jumped in, they dived in without thinking forward.
PHILIP GRIFFITHS [00:12:25] So many layers in that question. Let’s just. So with regards to making change, you all, you know, in general I.T. you always need a rollback plan if something goes wrong. How do you make sure that you are able to go back to the previous bit of work and so if any organisation has gone through that, then I hope they’ve been up to solve those challenges. Most the time it’s then I can have a trait, you know, solve the problem, I’ve created new problems. How do I go about solving this? That’s most organisations that we speak today. Oh yeah, we solve this, but now got this problem, how do we solve that? At the same time, network transformation, I have not yet spoken to a single customer, but if any are out there, if anyone listen to this that would love to to give me more information about, love to hear it. But I’ve never spoke to a customer that’s gone, I have moved away from a VPN. I’ve moved away from MPLS. I’ve moved into zero trust. I’ve moved into using Internet first. And I’ve had a huge issue with it. Or I regret making that decision. Normally, it’s quite on the contrary. Organisations really, they think they’re gonna have some benefits. They deliver it and they’re like, wow, we really did deliver a lot of benefits here. Now, we recently put a use case together for a customer where they moved in to zero trust. They reduced their attack surface. They reduced their VPN on their network cost by 30%. They increased their application performance by, I think it was 70% or 80%. So they were pretty happy with that. When COVID-19 hit. There was no impact for them because they were able, you know, they already had people having hands on their laptop and able to work from home. Similarly, we had to use his back in December where a company we worked with a vision, a machine vision organisation in the US. They embedded Net Foundry and to their industrial I.T. solution so that they wouldn’t have to set up different VPN solutions for different customers. When COVID-19 hit, they rolled out, you know, secure my access for 60 people in a couple of hours. Same platform, but completely new use case, complete new capability. And just like the Cloud in IoT provides a really powerful platform for applications, platforms, you know, services and your apps. Net Foundry provides a very powerful platform for all connectivity and security solutions so that you’re able to very carefully move in to these new ways of working.
ALEX ISZATT [00:14:57] And do you think then that’s the best way to mitigate risks by making sure that you have one system that is effective across every single part of the organisation?
PHILIP GRIFFITHS [00:15:09] There’s many ways to mitigate risk at the same time having 12 different solutions. Doing 12 different things is very risky. You know, we thought very commonly comes back. One of the biggest risks in for an organisation around cybersecurity is they’ve got like 20 tools and they’re not aware of what 10 of them do. And in fact, the numbers, that’s probably even higher up. The point is, there’s so many things that, you know, in a large, complex organisation, some people, even one thing, people use another thing and people are using another thing and they know that they’re not sure how to bring that all together. And just even last week, I was speaking to an organisation who they have VPN, but then they’ve also got corporate laptops. They got bring your own device laptops. Even on their corporate laptops, they’ve got two MBM Solutions, Mobile Device Management, in tune an air watch. And you know, this becomes complex for our customers. How do you align the policies? How do you make sure it correlates? How do you then align that to bring your own device, bring your own, yet bring your own device framework where people can have their own laptops and mobiles. You know, the very interesting observation with them was that they could use this solution. They could load onto any device. But also they could link it into their MBM solution. So you’re able to do contextual based access policy. I only give access to an application if I’m authenticating to use our authenticating the device, on checking the posture of the device and checking the location of the person. You’re to bring up such interesting amount of data sources that you have a very powerful and yet granular access policy, which is completely automated. I mean, you can extract that information into your CM. You can extract that information into your reporting dashboard. You can extract it into service now, you can extract it into any system that you’re using so that you’re able to have a very holistic approach to connectivity, security and how it integrates into the wider business.
ALEX ISZATT [00:17:13] You made avlid point there. Yes, that’s a privacy issue. When you’re thinking about using your own personal devices and making sure that it is aligned with the company and the clients and also having a solution that only takes what you allow it, kind of make sure that that counteracts what GDPR privacy issues. But a lot of people, a lot of workers, not necessarily high up in management, but those are on the ground are probably still quite wary of anything that gets put on their computer or mobile device. And what would you say to somebody who has potentially gone? And then boss has said, you know what, use your interface, I’m not going to pay for anything. We’re gonna just put this new software on and someone who’s worried that this opens the door to a privacy security. What would you say to someone like that?
PHILIP GRIFFITHS [00:18:03] It’s a very good one. And when we come across as a lot, you know, in a VPN world, you can set up what they call split tunneling. But it’s quite complicated. And in fact, this organisation I’m speaking on Friday, which you’d know the name of. They said they don’t want to set up split tunneling because they sour as a security risk. You know, zero trust network by design should be application specific, i.e., you only intercept applications which have been identified to intercept all the rest the traffic use locally break it out. We do that, is for that reason that we’re preferred connectivity either for , Microsoft 365. And therefore, you’re able to get into this scenario where you only take the application, the data that the customer cares about. Yeah, my customer, their business, the end business. You know, If I go to BBC or if I go to the Andy Show, my VPN is not intercepting that traffi. In terms of the end device, it comes down to a question of what people are comfortable with? You know, you can have mobile clients, which, you know, they they run as privileged applications, positives, negatives. Yes, you have to you have administrative ability to load that client, but you also get, you know, layer four to seven and they OSFI stack of your security. Alternatively, you can load into the browser. So it’s much easier, you know, less burden. But then you are only get layer seven. So, you know, you’re not quite as protected. Alternatively, you have people all back in the branch. You can load on a branch level and you don’t need anything on the device. Our vision, at least, is that this should just be all simple background things. You know, the integrations we’re doing with Microsoft Intune, for example, we’ll give you that. You know, just toggle a user and one that uses toggled, they get the software loaded onto the device, uses a cetificate and integrates into your actual direction Intune for conditional access policies. Network and security should be invisible, fundamentally. People don’t want to have to bother with them. VPN get turned off because people find them burdensome. So if we can make network and security invisible, such as works and people still have a great user experience and therefore high productivity, which is the biggest problem of VPNs. Then people are completely fine with them and we can make sure that the businesses data is secure. We can make sure that their applications are secure and that their users are completely fine with the solution.
ALEX ISZATT [00:20:36] And talking about the integration now. From obviously, putting an app or integrating with the phone with your mobile device to a computer. Now we’re obviously, remote working, a lot of people are remote working. So that’s second nature, to make sure that they are secure in their privacy issues aren’t, you know, being a problem. But what about when they go back into the office? Because that’s gonna suddenly change the way that the security needs to be upheld. Taking data from your own personal device, I mean make putting it on to the Cloud or the server that you’ve got in the office. What’s the solutions to make sure that is nice and fluids and that nothing is a virus has taken over or any other problems occur?
PHILIP GRIFFITHS [00:21:21] Yeah, I mean, from my perspective, the key is having that native application specific connectivity so that regardless of your working from home, working from a coffee shop, working from the office, you are doing it in a very secure way. But you’re not intercepting the rest of the data so that, you know, the organisation doesn’t get data they shouldn’t have. The interesting thing that we’re seeing is that as much as everyone is in how do we do work from homes securely, safely. How do we make sure that we continue operate in this period? There were some conversations of my workers are just as productive working from home. I have empty offices. Those offices cost me a lot of money in real estate, but also heating, cooling. All of the other expenses that come with it. How can I reduce the amount of branches I have? How can I potentially shrink the amount of branches? You know, the secular trends that we have had or the trends that we have in COVID-19 a secular trends anyway. So fundamentally, we believe that this is going to continue. And that’s why we have never positioned ourselves and SD-WAN because SD-WAN is very predicated on our box in my branch of the vision that we see is that the underlay, the location, it becomes irrelevant. You just connect people in the laptops. You give them a secure and performance connection so that you don’t require a box, you don’t require an “MPS” connection, you don’t require a VPN. And therefore, regardless, they’re in there when they go back to the branch or working from home or some other location, they get performance access. They get secure access to applications hosted anywhere in the world.
ALEX ISZATT [00:23:04] So would you see an ideal future, one without offices?
PHILIP GRIFFITHS [00:23:10] No, I wouldn’t. It’s it’s a very interesting future, I mean, myself, I do a lot of homeworking, I do a lot of travelling, but I do like to go into the office. I do like to sit down and have a coffee and do some brainstorming just on the fly and where you bump into people when you go, oh yeah, let’s start a new project on this. And I think it’s always gonna be a very important, fundamental requirement, the ability to meet people face to face and have watercooler chats. At the same time, though, I do think there is going to be a big change, I guess. Previously it was average and not taking myself into account. Probably something the region of 3 to 4 days in the office a week with 1 or 2 days, you know, working from home. I think it’s going to switch to probably something opposite to that, at least for, you know, office based workers. And there’s many jobs in the world where you have to continue going into your workplace, and that’s not going to change for those people. But for people who are just going into office, there’s gonna be a flip where they’re now going to be doing a lot more homeworking. And this will just be a reality for us.
ALEX ISZATT [00:24:09] And, you know, talking about the technology side though, we talked about, zero trust architecture. What else is new? What can you see as a vision for the end of this year?
PHILIP GRIFFITHS [00:24:22] Yeah, so we’ve seen a lot of remote access replacing VPNs because people realised how much they hate their VPNs. At the same time, the whole movement to the Cloud has only accelerated. We work really closely with AWS, with Microsoft, with Google, with the Hyperscalers. The reason we do that is because, you know, the customers we work with, they are doing a lot on the Cloud. And we work with the likes of Microsoft to integrate us into many of their different products. We’re the only company integrated into 5 of their products and they have been so busy over the last 3 months. You know, setting up VDI Solutions, IDP Solutions, WBD Solutions, Workplace Solutions, Teams, Collaboration Solutions, Zoom. They’re massively scaling out that underlying infrastructure to support this big boom that we’ve had. That is only going to continue. Likewise, there’s a great shift to IoT and in any way in which we can stop people from having to go to bakeries or petrol stations or cash machines or whatever is in the physical world. Where we can make it, so it’s more automated. It’s more orchestrated. We’re sending engineers less. That is accelerated. All the engagements that we do around that, none of them are slowed down because those, again, are just secular trends that’s been sped up from us being forced to operate more from home. So I see all of those areas just being sped up and continuing to drive the wider I.T. as we go forward.
ALEX ISZATT [00:26:14] I agree. And I think that obviously, at the end of the year, we’re probably going to be a bit more fluid in our homeworking. But do you think that in between now and then that there’s going to be, in those people working into their office and these all of those that you mentioned is going to continue. Do you think they’ll be a bit of allowed that maybe the average employer, employee won’t see while they’re working as Microsoft for example, working behind the scenes?
PHILIP GRIFFITHS [00:26:40] I don’t actually, but that I think that relates to a different trend that we’ve had such a move to as a service. Everyone is looking at how they abstract away the underlying complexity. You know, we talk about network as a service. How I abstract away the complexity of VPN’s and MPLS et cetera. But in the Microsoft lingo, it’s infrastructures or platforms or service or, you know, sales processes of service. In this scenario, you just assume it’s going to work the whole time. It is that provider’s responsibility to scale out all the infrastructure and take away that responsibility for you as every organisation is moving towards that. I think you abstract away. You know, it’s the duck on the water. The duck looks serene. It’s like going nuts underneath. If you know, just yesterday I was talking to a UK organisation saying, you know, we want to develop a SaaS application for our industry and our industry partners and be exactly the same. Maybe previously you would have seen them struggle, scalling out that infrastructure. But in this scenario, they just put it on a Cloud, if they embed us into it, then it will become seamless and invisible. People just click on click off. We’re moving into that world of just click on click off, at least in the digital world. The physical world is still constrained by physics, unfortunately.
ALEX ISZATT [00:27:51] We have to go out sometimes to make sure that there’s physics can work.
PHILIP GRIFFITHS [00:27:55] Yeah, very much so. Sit under a tree alone, and let an apple fall down.
ALEX ISZATT [00:27:58] Why not? and find an orchid, turn it to cider. Well, thank you Philip for joining me today. To have a conversation about what we’re going to be seeing in the future. We’ll keep an eye on what will be happening and seeing those legs work their hardest.
PHILIP GRIFFITHS [00:28:14] It was a pleasure. Thank you for having me.
ALEX ISZATT [00:28:15] Thank you. And thank you for joining the Andy Show as well. Now, don’t forget, there are many other shows. So make sure that you catch up with this one as much as you want. Plus, have a look on our LinkedIn profile to see what that fantastic opportunities are out there. Maybe for you to get involved as well. So that’s LinkedIn, Facebook, Twitter or head to disruptive.live until next time, see you then.