Hey presto, as promised we present the second part of my recent conversation with Centrify CEO Tom Kemp at the firm’s head office in Santa Clara. To kick things off, Tom addressed some ways in which machine learning and artificial intelligence look set to seriously impact most organisations’ productivity as well as their security.
Tom Kemp A key problem that we have with security is trying to find that right balance between productivity and security. Your very first question was: ‘What can Machine Learning do?’ Machine Learning can help strike that proper balance between productivity and not putting up too many hurdles and gates for a user to jump over in the name of security.
But you still want to have security and make sure that that user is secure. I think Zero Trust, coupled with Machine Learning, really provides the path forward and Centrify wants to be seen as a leader in this new movement towards Zero Trust.
Telecom Times Excellent. Maybe building on that, I’m told that out of all cyber threats the single biggest security headache for organisations still centers very much on password access for employees and former staff members.
Given that the main threat still seems to be mostly human-driven, would you say that any strictly technological attempt to address this issue will be limited in its efficacy?
Tom Kemp Yeah, I mean look, users are the weakest link, right?
It turns out that the way that we’ve set up computers is that most access is controlled by a single thing – a password, right? The hackers have figured that out, and that’s why according to Verizon’s Data Breach Report, 80 per cent of breaches involve stolen or compromised credentials.
So, how do we move away from passwords? Well, we can’t because all our applications and all our systems are hard-coded into using passwords. But what we can do is, we can layer on multi-factor authentication, and tie multi-factor authentication into something we [already] have, which is a mobile device. I really think that MFA is going to dramatically improve the problems with stolen or compromised credentials.
Then from there, you need that intelligence to take into account and factor in the devices being used by the user, coupling that with Machine Learning by unifying the verification of the user with that of the device. Looking at access and privilege, you can provide a significantly more secure environment.
We did a study with Forrester Research where people who were farther down the path of deploying Zero Trust actually found out that they got breached half as many times as people that were not implementing a Zero Trust concept.
Telcom Times: How big a piece of the investment budget for Centrify is made up of innovation and R&D, and how will this change over the next 10 years?
Tom Kemp: Because of the significant pain point that customers are seeing with stolen and compromised credentials – and by the way, it’s not just only end-users like you and me whose usernames are being stolen – it’s also the privileged accounts that an organisation has. The keys to the kingdom; the admin accounts, et cetera.
There is a reason why this identity is the top attack vector, and increasingly more and more spend is being [allocated] to address this. We see just a great market opportunity there, and almost half our R&D budget is just in new innovations.
We see a great opportunity to add a lot of value to customers and make them more secure. We’re innovating and investing in – not only the go-to-market by putting more resources outside the US – but also doubling down on our product development roadmap and really focusing on, emphasizing, and developing towards this concept of Zero Trust Security.
Telecom Times Going forward, will mergers and acquisitions be a major part of the focus in APAC markets? And if so, which are some of the added capabilities to the companies you are looking at first and foremost?
Tom Kemp Yeah, we don’t talk about potential acquisitions but we do think that we have a very robust product portfolio that doesn’t have any significant gaps to it. We’re very proud of the fact that we’ve organically built this broad platform for Zero Trust.
We’re not actively looking to go out and acquire, to add stuff. If something comes along that could be a good tuck-under, we’ll certainly explore that.
We’re definitely trying to go on the offence in the market in terms of taking our broad platform for Zero Trust, and selling it beyond the US, and looking to penetrate in a greater way the Asia-Pacific market, both leveraging more people in the field but also trying to leverage more channel partners as well.
Telecom Times What are your thoughts on the markets of China and India? Do you envisage access to those markets to become at any point inaccessible to Western companies? And if so, what might be some of the drivers for them for putting up such barriers?
Tom Kemp: Yeah, I mean we’ve done some business in both. It’s a very small percentage of our overall business. It’s something that we are just going to have to it do a little bit more exploration and [then] determine whether or not it is open for us.
We’re not there yet in terms of making the decision to really try to further penetrate either market. Clearly, I think, India probably would be an easier market to enter than China, but both countries are areas of investigation for us.
Telecom Times: Watch this space?
Tom Kemp Yes.