Inspired by National Cybersecurity Awareness Month (NCSAM), Thales, a Technology Alliance Partner, kicked off a partner spotlight series. In this post, Juan Asenjo from Thales interviews Sandy Carielli, Director of Security Technologies at Entrust Datacard. The below interview originally appears on the Thales Security blog.
Thales Q&A with Sandy Carielli of Entrust Datacard
Thales: What skills are most needed for a long career in cybersecurity?
Entrust Datacard: First and foremost, curiosity and love of learning. Technology is always evolving, and the means to secure technology are evolving as well. The technologies you learned about in school could be obsolete five years after you graduate. No matter your role, in order to build a career in cybersecurity, you must constantly learn about what’s new and what’s next: new products, new programming languages, new protocols, new markets or new competitors. Those who are willing to take the time to read, train, ask questions and teach themselves about the latest trends will have an easier time building their careers.
Tied to love of learning is the agility and speed to respond to ongoing business changes and threats. Business and technology are moving at a very rapid pace, and the number and scope of major breaches has surged. Those who are prepared to respond quickly will excel. This is about more than your own skills; it’s about building relationships across your organization … and about working with trusted organizations that offer unmatched knowledge and supplement your in-house expertise by acting as trusted advisers.
Thales: How best do we build trust in cloud environments?
Entrust Datacard: As with any environment or set of relationships, building trust in the cloud requires time and ongoing demonstrations of trustworthiness. At Entrust Datacard, we understand that trust takes a long time to earn but can be lost in an instant. We build trust by offering integrated, layered solutions to address customer needs and by operating with a collaborative mindset. No single solution secures the cloud; we know we have to leverage partners in order to create a trusted environment. We lose trust by treating the cloud as something magical that secures itself, by selling “FUD (Fear, Uncertainty and Doubt)”, or by not paying attention to the customer’s requirements when helping them build up their cloud environment.
Thales: One big theme of NCSAM is “cyber resilience”. What does “cyber resilience” mean to you?
Entrust Datacard: Cyber resilience is about acceptance and preparation: accept that attacks and breaches will occur and be prepared to adapt, mitigate, and minimize damage. Recently the CEO of Equifax blamed the organization’s massive breach on a single engineer who failed to apply a patch. If you accept that narrative, then you accept the characterization of Equifax as an infrastructure with so little cyber resilience, that a single action (or lack of action) could expose 145.5M social security numbers. Cyber resilience is about eliminating single points of failure and about having the layers of protection (from the standpoints of technology, process and people) to be able to recover from a particular attack or failure without it becoming catastrophic. Attackers get in the front door all the time. Can you prevent them from getting in the second door? Or the third?
Thales: Which data/cybersecurity issues are you most concerned about right now?
Entrust Datacard: Making security easy is a big priority for us right now. We know that if security mechanisms are difficult or confusing, users will not follow them or will look for ways around them. This applies both to the end users (who may not opt to activate security features) and to security administrators (who rarely have the time to perform lengthy, complex operations in an enterprise). So, how can we make things easy and intuitive? On the PKI side, it’s about making the certificate issuance and renewal process almost transparent to the end user, so they don’t have to do anything; trusted connections are established in an automated way. With authentication, it’s about making it frictionless for the end user, leveraging behavioral analytics and biometrics so that access is granted without the user always aware that they’ve been tested. And for administrators, it’s about making the installation and management of tools faster, providing integrations with standard protocols, offering a more intuitive user experience and partnering with other providers (like Thales) to enable a more seamless customer experience.
NCSAM is almost over, but that doesn’t mean the Thales eSecurity partner series is coming to an end. If you missed earlier partner spotlights, check out our blog page. Expect more spotlights in the coming months. For the time being, you can also visit our partner page, leave a comment below or tweet me @asenjoJuan.