Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 3)

Sramana Mitra: If I understood you correctly, you are not like the FICO score in that you’re providing the software to score but in an internal mode. The scoring is not a published scoring. It’s a score that the enterprise is using to audit and improve their own security levels.

Mike Baukes: We do both. The great thing about it is unlike a lot of the companies that may do partial external, they charge for it. We believe it should be a free service. It’s commodity data that, if you really know what you’re doing, the public should know. What’s difficult for organizations these days is to understand what they have internally. Taking that external perspective and really giving them an understanding of what their digital resilience looks like inside and then unifying that score is incredibly important. That’s what we do.

Sramana Mitra: In doing what you’re doing, what are you learning as the state of the union at the enterprises? What level of security are they at? What kind of vulnerabilities are you identifying as trends, so to speak?

Alan Sharp-Paul: Generally, with the external scoring, we are able to get a much larger sample set. With internal scoring, that’s something that’s available to customers who are working with us. On the external side, we are starting to see trends already. If you look at the hot areas of the key industries from a headlines perspective, retail, finance, and health are the three key industries.

What we’re seeing is there is a fairly clear ranking amongst them all. The benchmark differences are quite apparent. Finance seems to be, on a whole, doing a lot better. Retail is second. Unfortunately, health seems to be lagging behind. We’re seeing this macro trend as well as little things that are easy to resolve. It’s not hard to apply SSL to your public-facing website. It’s not hard to use SPF records for your emails.

Sramana Mitra: You’re saying that there is a lot of basic stuff that people are not doing at this point. Those are the low-hanging fruits to plug first and foremost. Then your technology is able to identify complex stuff as well.

Alan Sharp-Paul: Yes. To take you from a 300-level score to a 900-plus excellent score, it’s a matter of couple of thousand dollars on IT consultants to get you to a secure level. This is much the case of education. This is something that we intend to be public with. We want consumers to start even driving vendors and companies to improve these things.

Sramana Mitra: What are some of the more complex issues that you’re identifying?

Alan Sharp-Paul: Once you get behind the firewall, there are a lot more issues. The fundamental thing is visibility and understanding. Enterprise, in particular, is very complex. A typical Fortune 500 company has thousands of servers, virtual machines, databases, and networked devices. It is very easy to lose control in that environment. If you go back in the past, there was a certain level of complexity in the firewall.

We’re making mistakes behind our own firewall in our own data centre. It’s not good. Occasionally, we might get some downtime and we want to get better in that regard. That has changed a lot. In the past 5 to 10 years, not only has technology changed at an increasing rate, but we’re also more connected. I can pull my banking details on the Internet. I can share cash. I can chat with family and friends online. We’re connected but we’re also more exposed.

The issue of not having control over your external network and not understanding how things are configured are problems that in the past had an impact—an impact that was bad but not necessarily catastrophic. Now, that impact is worse. For example, the MongoDB issue where it turned out that all instances of the MongoDB database were shipping with a default root password, and many people were not changing that password. It’s bad. If it’s a database that has customer information on it and it got publicly disclosed, that’s a disaster.

This segment is part 3 in the series : Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard
1 2 3 4 5