Channel Mechanics’ Geraldine Powderly discusses some of the biggest trends changing the tech industry, from zero-trust security to the no-code revolution.
Geraldine Powderly is the chief information security officer at Galway-based cloud management company Channel Mechanics.
In this role, she works across a wide variety of domains including security operations, risk management, incident detection and response, identity and access management, product security, continuity planning, cyber intelligence and vulnerability management.
“While the cybersecurity industry is full of technical products that help prevent or detect cyberattacks, these products often come with a hefty price tag. A price tag that is not always easily understood or accepted by a company,” she told SiliconRepublic.com.
“My role within Channel Mechanics is to ensure that we always consider security risk and business risk together. They are two sides of the same coin. When it comes to defining a strategy for our platform and technical investments, I always put emphasis on considering the security risk and the business risk to help drive the best decision-making process.”
‘No-code interfaces are very exciting from both a design and innovation perspective’
– GERALDINE POWDERLY
What are some of the biggest challenges you’re facing in the current IT landscape?
In my opinion, one of the biggest challenges out there for any IT department is the implementation of a zero-trust strategy. Zero trust means don’t trust anyone and only connect to an application, not the entire network. It’s the opposite to VPN and firewall where once you’re authenticated, you are on a routable network.
It’s not a new concept. I have been hearing about if for several years now. Having listened in on numerous talks with vendors describing their zero-trust products, it always left me feeling that the challenge of successful implementation is still underestimated.
Comments about how ‘VPN is so last decade’ always make me smile, because it reminds me of a quote you would expect to hear at fashion week. Of course it’s very dependent on the size of a company’s footprint.
In today’s world, it has become very clear that the traditional company network perimeter is in the past. Nothing has emphasised this more than the pandemic and working from home.
Overnight, the work-from-home requirements put an unforeseen load on VPNs, creating issues with internet access and speed while on VPN. This led to complaints and requests for split tunnels or other unsecure tactics. The impact of this forced users off VPN to browse the internet, thereby removing the protection of web filtering gateways, leaving users unprotected and susceptible to attack.
The challenge I see for companies with large footprints and hybrid deployments is that there is still a big gap between talking about it and implementing it in a successful manner that provides protection without disrupting the functioning of the business.
For smaller companies, the risk is also very real. In a lot of cases there might not even be a corporate VPN or web filtering gateways. The company could be reliant on endpoint protection, with users remotely connecting to environments. In this case, the implementation should be a lot of easier, but the same rules apply – ‘Don’t break the business!’
What big tech trends do you believe are changing the world?
According to Forbes, everything-as-a-service and the no-code revolution are some of the next big technology trends in 2022. The concept is that it aims to put the skills and tools for tech-led innovation in the hands of as large a proportion of society as possible, regardless of their expertise.
At Channel Mechanics, we have already reaped the rewards of concepts like platform-as-a-service in terms of cloud solutions. As a born-in-the-cloud company, our SaaS offering provides a platform for channel program automation.
Choosing a reputable cloud-hosting solution provides a wonderful level of security, ‘out of the box’. It’s akin to renting an apartment within a large apartment block offering security guards, CCTV, locked front doors, secure windows and alarms.
However, the security of the apartment is the tenant’s responsibility. If the tenant fails to secure the entrance or the contents stored within, then the building’s security is quickly negated. This is the same for software that is hosted in the cloud, whereby the tenant still has a responsibility for the security of their product.
At Channel Mechanics we take this responsibility very seriously. We continuously assess risk that may arise due to our environment configurations, and we follow our risk management and vulnerability management strategies to mitigate any risks found.
No-code interfaces are very exciting from both a design and innovation perspective. As CISO and a self-professed security nerd, I will be following this closely as it will definitely provide a challenge when it comes to ensuring these interfaces are secure.
What are your thoughts on how we can address the security challenges currently facing your industry?
From a 100-foot view, the challenge for any security team is finding all the possible vulnerabilities that could be exploited and secure them. A malicious actor only needs one successful exploit that gives them a foothold into an application or environment. There are specialist companies that you can engage and partner with to support this challenge.
Agile and DevOps provide faster to market software. However, the speed at which software can be deployed and environments can be created can introduce risk when it comes to deploying vulnerable code and environments.
Embedding security early in the software design cycle is the most effective method to help address this challenge. This may seem pretty obvious, but a lot of companies still see security as an afterthought or an added expense, which then relies on detection and containment rather than prevention.
Shifting security activities left by implementing DevSecOps is the most effective method to help address this challenge, and by engaging in the software development life cycle as early as possible.
Implementing security architectural reviews, threat modelling, static and dynamic analysis are all proactive methods of preventing security flaws entering an application.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.