Rory Duncan is the security lead for NTT Ltd, a global technology services provider headquartered in London. He has more than 20 years’ experience in the field of IT, much of which was spent working for South African firm Dimension Data, until his appointment to NTT in October 2019.
Here, Duncan discusses the unique considerations for as-a-service technology options, the growing cybersecurity skills gap, and his company’s Future Disrupted 2020 report on the tech trends set to define this year and beyond.
‘In areas like threat hunting we still need human enrichment, so the spectre of all being replaced by machines is still some way in the future’
– RORY DUNCAN
Tell me about your own role and your responsibilities in driving tech strategy?
My role at NTT Ltd is to drive the go-to-market strategy for cybersecurity in the UK and Ireland. What that really means is that I need to understand the markets that NTT operates in and ensure that the vendors that we partner with, the solutions we provide and the services that we use to underpin them are relevant for our clients.
We’re seeing the big shift to multi-cloud environments as consuming software as a service becomes the norm, and other capabilities as a service become mainstream. It changes the way that we need to consider cybersecurity when we’re no longer dealing with the crunchy, best-of-breed perimeters.
There’s the identity question – how do we make access to the services as easy to use as the services hosted in our own data centres, while also considering the level of privilege which we should provide for users to protect our data?
As we move to this shared responsibility model that as-a-service brings, we need to remember that the ultimate responsibility for the data sits with our own organisation.
In terms of technology – we’re in a time of real innovation as well as consolidation, and helping our clients transform is driving the need for different approaches and understanding of how to deliver successful outcomes.
Are you spearheading any major product or IT initiatives you can tell us about?
We are looking at the market and working with our teams to evaluate which technology and service areas we need to develop, and how they are relevant to our clients. We’re looking at the skills gaps, especially in the cyber area, to consider how we attract new talent and develop the talent that we have.
There’s a lot of talk around use of machine learning and AI – they’re key in driving automation. Although in areas like threat hunting we still need human enrichment, so the spectre of all being replaced by machines is still some way in the future, I hope.
How big is your team? Do you outsource where possible?
We have more than 2,000 people in the security division of NTT Ltd, spanning 57 countries and five regions with global agreements with more than 50 of the world’s leading security technology partners and complementary services.
Together we help our clients create a digital business that is secure by design and simplifies the cybersecurity experience across their organisation as they innovate, transform and digitise.
What are your thoughts on digital transformation and how are you addressing it?
Digital transformation is impacting all of our clients across all of the markets that we operate in. Everything starts from a consultative engagement.
Some transformation is a natural progression – consumption of SaaS, for example – yet the implications on data protection still need to be considered. GDPR has an impact – where data is processed, stored and so on. How do you maintain the governance and compliance and what is the risk appetite? Accepting that breaches will and probably have happened shapes the speed of transformation.
We see digital transformation as well and truly underway in every organisation today and it happens primarily across two fronts: how you transform to provide better customer experience, new revenue channels to grow your business, and how you transform internally to optimise what you are doing at the front end of your business.
This is the reality organisations currently manage every day – what is new is the business model that has emerged to operate in this digital world. We call this the intelligent business.
It is a business that has evolved out of the digital environment that we now all operate in and has the following attributes:
- It is data-driven in how it makes decisions
- Has multiple ways to engage with clients across a variety of channels, including digital
- Has a workplace that connects employees, partners and suppliers across multiple devices in a seamless and secure way
- Deploys today’s modern software-defined infrastructure together with more mature legacy technology infrastructure and is able to be managed seamlessly across this hybrid IT infrastructure
- Is secure by design and ensures the threat landscape is managed as the highest priority
What big tech trends do you believe are changing the world and your industry specifically?
In addition to digital transformation, we have identified five key trends in our Future Disrupted 2020 report that will come to define the business technology landscape in 2020 and beyond, which include:
- Digital twinning: With enough data points, you can model behaviour and understand patterns – for example, the diet of someone’s biometric twin – and come to more accurate conclusions more quickly and at a fraction of the cost of modern-day science
- Building trust through digital interactions: Now that AI has evolved, we can move from being purely transactional to having a more relational engagement with customers, applying rules that bring empathy to the interaction and establish trust with the customer
- Immersive, responsive ‘phygital’ spaces where the physical world blends with the digital: Take any physical space – a meeting room, office, shop, VIP box in a stadium – and plug in a limited series of technologies to transform it into a virtual environment that can create any range of experiences
- Smart buildings: Using IoT to make inhabitants feel more comfortable – automatically adjusting temperatures to the number of people in them, or lighting to the time of day – while becoming more sustainable too
- ‘Data wallets’: Putting data in the hands of the person who owns it and making it completely secure for them – nobody can access that data without certain permissions being in place and, if the user is under threat, can be locked down
In terms of security, what are your thoughts on how we can better protect data?
Can I have more than five minutes just to answer this one? Encryption is a starting point. Then we can get into the discussion about identity and key management, least privilege (or zero trust) controlling access to the data and revoking access when it’s no longer needed.
Look at breach detection; threat intelligence feeds, but relevant and tailored to the organisation; collaboration across service providers, vendors, research groups; being able to understand the ever-increasing amount of log data that we’re collecting and analysing it to get useful insight.
Consider that the user is the new perimeter. Humans are seen as the weak link, but sometimes they’re only the weak link after the technology controls have failed.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.
The post Rory Duncan of NTT Ltd on the tech trends that will define 2020 appeared first on Silicon Republic.