Interview – Nigel Thorpe – SecureAge Technology
DAN ASSOR [00:00:02] Hi, welcome back. So the next guest in this morning’s session is Nigel Thorpe from SecureAge Technology. Good morning, Michael. Nigel. Sorry.
NIGEL THORPE [00:00:14] Good morning.
DAN ASSOR [00:00:15] So Nigel, as we just did with Andy from the Global Cyber Alliance. I’d be great if you could just tell me a little bit about yourself and your company.
NIGEL THORPE [00:00:25] Okay, I started my I.T. career as a humble developer and decided I was no good at that. Then I moved into vendors and started my security career in Entrust Technology back in the early days of public key infrastructure. I moved on from various smaller companies. And now ultimately into SecureAge. SecureAge is a company that comes out from Singapore, has been around for a long time. Helping the Singapore government with their security and has a long record of doing that and working with various agencies in Asia and various companies in Asia. And as recently moved out towards Europe. That’s where I’m sitting now.
DAN ASSOR [00:01:16] Okay, fantastic. And what do you do to protect people in the endpoint security area?
NIGEL THORPE [00:01:24] We’re really looking at the situation whereby the I.T. security industry has spent years developing a great set of tools for controlling access to data and to monitor data as it leads the network. The issue is that all of these solutions are looking at protecting information where it lives in security silos. And the issue is that when you take data out of those silos or you move between these secure areas, the information is not secure, at least for a short while. So what we are doing is looking at a data-centric security approach. Whereby the information itself is protected. You actually build authentication and encryption into the data itself so that protection remains with the information, not just where it happens to be located at the time.
DAN ASSOR [00:02:33] Okay. Thank you for that and in terms of the tools that are used to secure, produce, to address which threat, what sort of tools do you secure, or tools to secure these?
NIGEL THORPE [00:02:47] We’re looking at an endpoint solution. So it’s an agent that sits on the endpoint, which of course is where all the information is actually being processed, thereby protecting the data from its inception, if you like, right through it’s life. So the information is encrypted automatically at the final system level, in fact, so that it doesn’t really matter what applications are making use of the data. It’s a completely seamless process. And perhaps more importantly, it’s completely seamless to the user. The last thing we want is users being interfered with because, well, if you interfere with users, they try and find ways around security. Security is annoying. And of course, you don’t want to get in their way and you don’t want to give them the opportunity to make any decisions either, because, again, the decision may not well be the right one.
DAN ASSOR [00:03:52] Sure. Thank you. And in terms of the main focus is it endpoint protection?
NIGEL THORPE [00:03:58] It is the endpoint protection. We will operate on desktops and also servers because the servers themselves are running things like databases, for example. So in fact, a database can also be protected because the database in reality is constructed with files and the files contain data. A recent project we had to look at if you just opened up a database vial in a text data so you could see all the data inside it. So clearly not very secure. So by encrypting that information, you ensure that the data is then protected. Steals that data, then the protection goes along with the file and the file is therefore useless anywhere it’s taken.
DAN ASSOR [00:04:49] Sure. And the benefits of your hardware solutions, such as your SSL VPN? Can you just maybe give our listeners a view of that?
NIGEL THORPE [00:04:59] These are solutions that were initially developed in Singapore as I mentioned, and they really roundoff the solutions. So wherever you need to protect data at the endpoint and throughout its life. We have the implant solutions, but we also have the ability to offer SSL solutions or VPN solution as well. And perhaps more esoteric solution is a data diode solution. Whereby particularly careful organisations, perhaps in the defense industry, need to have networks that are separated from the rest of the world. They might need to transfer files from their protected network to a more public network. And we can facilitate that with the data diode system.
DAN ASSOR [00:05:55] Thank you, and what lessons do you think sudden remote working has taught us about cybersecurity so obviously specifically the last 3 months or so?
NIGEL THORPE [00:06:06] Yeah. It’s definitely been an interesting experience. The main issue, I think, really is that we’ve now got large quantities of workers working at home on networks which are no longer under control by the organisation. Your previous speaker was talking about IoT devices yeah, if you’ve got one of these devices, there’s lots to learn about in your smart home. Often they can be hacked and that we would see as a way into for over a hacker into your home network. It’s a nice soft target to get into the home network. I can now get it onto the corporate laptop that’s working there and I can now extract data from that system. And we would see that by protecting the information that’s on that system. You’re then preventing the hacker from getting anything useful from the organisation through that weak point.
DAN ASSOR [00:07:10] Sure. Do you think companies will view their own cybersecurity differently after the lockdown?
NIGEL THORPE [00:07:17] I think definitely, yes. There’s long been a discussion that the perimeter is no longer the corporate network. We’ve had mobile workers for a very long time. The difference now is the volume of mobile and remote network. So organisations, I’m sure, will now, with the experience of the lockdown, be more comfortable with the whole concept of people working remotely. So then does have to be a new security review of the remote workers. A lot of this work has gone on in a very short space of time, too, as a Herculean effort and a very successful effort from what I’ve seen of getting people working from home. But you do need to sit back now and have a review and make sure that you are as secure as you really should be.
DAN ASSOR [00:08:14] Sure. Great advice. And final question, is the employee still one of the biggest threats, do you think, to corporate security?
NIGEL THORPE [00:08:23] I think so, yeah. From two aspects, really. One is that the obvious threat of the malicious insider who obviously has access to an awful lot of information and is, therefore, a weak point but the other is simply because of their circumstances. They all sat at home with their small fridge and that the ability to attack that soft target is there and easily taken. So through the employee, you have the ability to attack the corporate network.
DAN ASSOR [00:08:57] Excellent. Thank you. So, Nigel, that’s all we have time for. So thank you to Nigel Thorpe of SecureAge Technology. We’re just going to have a quick break and then I’m going to be joined by Bharat Mistry of Trend Micro.