According to BDS Analytics, the Covid-19 pandemic drove retail sales up 35% above industry forecasts, accelerated by cannabis businesses being declared “essential” for medical purposes in virtually every U.S. legal market.
Fueled by strong consumer demand, annual legal (medical and adult-use) sales are projected to grow at a compound annual growth rate (CAGR) of 21%, to reach more than $41 billion by 2025 (from $13.2 billion in 2019), according to New Frontier Data.
BDS Analytics predicts that the U.S. Cannabis Industry will generate $20.8 billion in direct spending in 2021 and $39.6 billion in total economic contribution after factoring its indirect economic effects.
Bottom Line: With an average yield per acre of $1.1 million, legal cannabis agriculture dwarfs all other crops in revenue potential while also providing the resources needed to fund AI-based monitoring to improve yields and security.
Cannabis’ value per acre dwarfs all other crops being produced in North America today, prompting every commercial grower to consider how they can improve yields further while securing their crops on a 24/7, virtual basis. Recent studies by the USDA, The Rand Corporation, and the Marijuana Cultivators of Oregon find that at an average price of $1,948 per pound at Colorado prices, an acre of marijuana can yield more than $1.1 million per acre. The studies compared the most widely grown crops in the U.S., including corn, soybeans, oats, and wheat, which all yield less than $1,000 per harvested acre. The following graphic from New Frontier Data illustrates how profitable an acre of marijuana is to cultivate than other crops.
Using AI to Protect & Grow a Cash Crop
AI and machine learning-based techniques based on real-time monitoring data are an integral part of today’s innovation in cannabis farm management. Supervised machine learning algorithms capable of identifying patterns and sequences in imagery from thermal, infrared, and night vision cameras in real-time can help identify diseases affecting plants early. Identifying and alerting farm staff of a breach or break-in by an animal or person is possible using AI-based smart monitoring systems.
The more advanced a smart monitoring system is in its use of machine learning and real-time monitoring integration, the more effective it is in spotting anomalous activity. Over time, the best AI-based remote monitoring and surveillance systems “learn” or begin to identify recurring patterns in data. Cannabis farms rely on AI and machine learning to identify which techniques for improving yield rates by specific fertilizer treatment produce the most flowers and overall yield per acre.
The following are ten ways AI is being used for improving cannabis yields and security:
Monitoring real-time video feeds of remote cannabis fields using machine learning-based surveillance systems can identify a breach by an animal or human then send an alert immediately. Given how valuable a single acre of cannabis is to a farm, knowing in real-time if there’s been an attempted breach or break-in can save thousands of dollars in potential crop damage and theft. Federated cannabis farms with multiple remote locations are starting to use AI and machine learning-based remote monitoring to secure their operations. Machine-learning based video surveillance systems can be programmed or trained over time to identify employees versus unknown people and easily spot animals attempting to break into a field. The following image from Twenty20 Solutions illustrates how machine learning is used for identifying activity at a remote location:
Reducing the dependence on onsite security guards alone and gaining a 24/7, 365-day monitoring view of each grow and farm site. Instead of relying only on onsite security teams to monitor video feeds in real-time, cannabis growers turn to AI and machine learning-based surveillance to isolate the most anomalous or unexpected events given the pattern of previous activity on a site. Reducing the cost and insurance liability of having security teams on site is one of the most significant benefits of relying on a cloud-based remote monitoring system that can interpret and provide alerts based on real-time data.
AI-based surveillance monitoring systems can prepare activity reports in minutes for state and federal auditors, saving farmers and administrative staff thousands of hours a year getting the data together for audit teams. Using machine learning and advanced video analytics, growers and their staff can prepare for state and federal audit reports in minutes instead of the many hours needed in the past.
Helping to keep licensed cannabis growers in compliance by providing a 24/7, 90 day or longer video history of all activities at their farms keeps them in compliance with state regulatory requirements. Included in several states’ requirements are the specific requirements for video footage access, video archiving, access requirements, how cameras are placed, and how quickly video footage can be accessed. State regulatory agencies are initiating audits of licensed cannabis growing facilities in 2021. All states require video footage to be archived, yet 72% of cannabis operators fail to comply with security and surveillance requirements, according to a recent study by the Brightfield Group:
California regulations require that all video recordings from surveillance be saved 90 days or longer.
Washington requires all video recordings to be archived for a minimum of 45 days.
Oregon requires licensed cannabis growers to retain 24/7 video for 90 days with a minimum of 1.3mp per camera at 10fps. The exterior is 5fps.
Cannabis farms often experiment with new fertilizers and plant treatments on a pilot acre to see if they achieve the expected results, and machine learning-based analysis of video stream data helps track results. Agricultural improvements in cannabis farming continue to accelerate as medical and leisure demand continues to grow exponentially. For example, a cannabis grower will often begin planting in the May/June timeframe to achieve a density of up to 4,000 plants per acre. Taking the real-time data stream infrared and thermal cameras of the acre will quickly tell growers how effective their new fertilizer and plan treatments are. Using the data from their monitoring system, the growers will expand the treatment to their entire farm, often over 40 to 50 acres in size.
Monitoring every access point to a facility with video surveillance 24/7 combined with sound recording can prove invaluable in stopping a break-in before it happens. Every entrance to a cannabis farm needs to be considered a primary threat vector if the farm will stay safe. Advanced remote monitoring and surveillance systems can provide video analytics that correlates sound, video, and status of infrared and thermal cameras, which together can help identify potential break-ins. And with real-time alerts, farm staff can take action immediately even if they aren’t onsite.
A few of the largest cannabis growing companies are experimenting with advanced video analytics combining infrared and thermal camera technologies to monitor insects and rodents’ impact on yield rates. Real-time video feeds are being digitally analyzed using advanced video analytics techniques by the largest cannabis farms today to find out how effective pesticides, insect, and rodent deterrents are at protecting their cannabis crops.
When a surveillance system is cloud-based, it is possible to access any farm or cannabis sites’ real-time video feeds, history of alerts, and advanced video analytics from any browser-based device at any time. Remote monitoring systems that are cloud-based often provide much greater flexibility in viewing, analyzing, and sharing monitoring data than their on-premise system counterparts. Any device with a browser can access the platform’s reporting features and know what is going on at a remote farm or cannabis production facility.
AI-based remote monitoring systems can also identify potential safety hazards to workers and reduce workplace injuries and potential liability litigation. Using advanced pattern matching supported by supervised machine learning algorithms, cannabis growers can identify when workers in high-risk roles are at risk of getting hurt while on the job. All cannabis facilities in the U.S. continue to have the requirement of everyone wearing a face shield and masks for the site to stay in compliance with CDC guidelines. Remote monitoring systems can tell immediately which work teams need coaching to remain in compliance.
Define access privileges across a farm facility by the level of access every employee needs to do their job, which is especially useful for new hires. New hires often start in the field and don’t need access to the front offices or the accounting department, for example. One of the most challenging aspects of running a cannabis business is cash management. Using an AI-based surveillance and monitoring system integrated into the local security system and intelligent locks, employees are provided the level of access they need on the first day to be productive.
Bottom Line: Cyberattacks enter a new era of lethal impact when threat actors are sophisticated enough to compromise SolarWind’s software supply chain with infected binary code while mimicking legitimate protocol traffic to avoid detection.
To gain greater insights into the SolarWinds breach, its implications on cybersecurity strategy in the future and what steps enterprises need to take today, I contacted Andy Smith, Cybersecurity Evangelist and an industry expert with Centrify. He explained the attack’s specifics, referencing the Cybersecurity and Infrastructure Security Agency’s (CISA) Alert AA20-352A, which details how sophisticated the attack is, citing the sobering fact that it is unknown if all attack vectors are identified. Active since at least March 2020, the advanced persistent threat (APT) has been identified by FireEye, SolarWinds, Microsoft and several other cybersecurity firms.
SolarWinds’ Security Advisory lists 18 known products that have been affected by the attack, including their Application Centric Monitor (ACM), Server Configuration Monitor (SCM) and Network Performance Monitor (NPM). Earlier this month, SolarWinds says the malicious code may have been delivered to nearly 18,000 customers.
Insights Into The SolarWinds Hack
Interested in dissecting the hack from a cybersecurity standpoint, I spent some time investigating the SolarWinds hack with Andy, a leading authority on Identity and Access Management (IAM), particularly around securing and managing privileged access credentials. The following is my interview with Andy:
Louis: There have been large-scale breaches before; why is this particular cybersecurity attack getting so much attention? Why is it so enormous?
Andy: What’s interesting about this particular attack is a couple of things. It follows a very traditional cyber-attack kill chain as many attacks, but the start of this one is impressive. Usually, there’s a vulnerability that allows threat actors to get into the network. What’s unique about this is the initial vulnerability is in vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code.
The exposure to federal agencies and the attackers’ focus going after emails is especially troubling. It appears like it’s a nation/state-related incident that always heightens the exposure and is another reason it’s so large in scale. Some tools that FireEye uses for Red Team evaluation of people’s networks got exposed, so now those tools are in the hands of threat actors to do nefarious activities with them.
That’s one aspect of this hack that makes it remarkable, as sophisticated tools from FireEye are in nefarious actors’ hands. That’s one reason it’s enormous: you just gave something that was being used for good to threat actors intent on gathering as much intelligence across a supply chain of customers as they can.
Louis: How are the cyber-attack methods used in the SolarWinds hack particularly unique?
Andy: It follows a very common cyber-attack kill chain we’ve seen at Centrify for years. We ran the Anatomy of a Hack webinar earlier this year and it always starts with that initial vulnerability and getting in. What’s unique was this case is that the initial vulnerability wasn’t just, “Hey, I phished somebody’s password and logged in.” It was a vulnerability in the software build process for SolarWinds. So that’s a bit unique about how that initial vulnerability was there.
Still, once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment and hunt for privileged access.
All those things happened precisely by the people who investigated and then you find the data you’re going after. In some cases, it’s been software, as is the case with FireEye, or email servers, as is the case with government agencies. Attackers are patient and they wait to extract the data and then cover their tracks.
Louis: You and many others are an advocate of a layered approach to security. What is that and how would it have helped in the SolarWinds case?
Andy: For me, the biggest takeaway of this hack is that a layered approach to security is the way to go in the future in light of this hack’s sophistication. There’s no silver bullet to stop a hack this sophisticated, though. No one strategy or approach could have prevented it.
When you investigate this attack, it is pretty sophisticated and has multiple vectors to it and one has to assume there will be certain threat vectors compromised. That initial vulnerability will be there and you need those layers of security to prevent it, so you need to look at preventive controls, predictive controls and detective controls. All those need to be combined into a single, unified strategy.
For every organization looking at this hack and considering how future attacks of this sophistication will impact them, it’s a good idea to use this event as a way to get your board and executives thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you. I see organizations using this opportunity to evaluate how a layered approach will work for their projects when it might not have been feasible to fund in the past.
It’s an extreme attack that shows how vulnerable the exposures are out there. It’s a good time to shore up your defenses. The Federal Information Processing Standard 200, or FIPS 200, the standard offers excellent guidance, including discussing the different types of layers and controls available today. Minimum Security Requirements for Federal Information and Information Systems defines the minimum security controls for federal information systems and the processes by which risk-based selection of security controls occurs.
If you dig into the National Institute of Standards and Technology (NIST) Special Publication 800-53, that gets a little deeper into the particular cyber controls you have in place. There is guidance available. You’re not out there on your own about what the layers should be and you can evaluate yourself against these standards.
Louis: What are some layers specific to privileged access management? Are there any particular PAM best practices that enterprises should be thinking about right now?
Andy: Absolutely and I’ll start with Privileged Access Management (PAM), which is one of the core layers. Investigations into this hack found specific evidence where they got in and created new accounts with elevated privileges to access data. It’s all over this.
We typically state the Forrester stat that 80% of hacks involve compromised privileged access. This SolarWinds example is no exception: that’s what happened.
Additional points to keep in mind include the following:
Before our interview, we talked about how vulnerable passwords are and how using the company’s name, followed by 123, is not a good idea – that ties into going pro with preventive controls rather than just relying on a password. That’s a perfect example of what not to do. Organizations can design preventive privileged access controls and detective controls and both are typically provided in Privileged Access Management solutions. Best practices call for multiple preventive controls – strong passwords, multi-factor authentication, password rotation, maybe use a federated credential and have privileged users log in as themselves for better auditing and accountability.
Rethink enterprise cybersecurity from a preventive control perspective that includes least privileged access. Simplistic preventive controls aren’t enough, as the sophistication of this hack shows. Preventive controls need to be strengthened with least privilege. The account creation process needs to provide as little privilege as possible to the server level. Workflows to request additional access need to be used to provide resources for a predefined period. If these types of controls had been in place, malicious code disguised in executable files and dynamic linked libraries would not have traveled as far down the supply chain.
Lastly, even if threat actors get through or you don’t have enough of those layers in place, you want detective controls. PAM solutions should have audit capabilities that watch what privileged users do. In the financial markets, there are things like the “four-eye principle,” where people are watching what other people are doing and so you can watch a privileged session in real-time and verify what users are doing. Of course, all that’s audited in the recording. You can send that information off to a SIEM to be correlated with other data to look for compromise indicators. Recent articles I’ve read pointed out the attackers were in the FireEye network for months before being detected. FireEye detected that they had been attacked thanks to detective controls.
Louis: The SolarWinds attack seems to have rejuvenated the case for Zero Trust. How can companies adopt a Zero Trust mindset and take stock of their security layers today?
Andy: Definitely and I see organizations accelerate their Zero Trust initiatives today. Organizations can get started on their Zero Trust frameworks by reviewing the FIPS and NIST publications. Review the layers of your security stack with a Zero Trust mindset. Don’t configure your network to trust someone just because they gained access. That’s how these attackers got in, laying in the network for plenty of time. Zero Trust says, “Don’t trust that authenticated network access. That could still be a compromised credential or a threat actor,” and this is a perfect example of that. This is why Zero Trust is critical: just because they’re on your network doesn’t mean they’re trustworthy.
The concept of least privilege, of authenticating at each step, introduces segmentation. When I give access, it’s just to that machine or that service that I need access to and not broad access across the network a network segment. That’s how you prevent that lateral movement. A Zero Trust mindset that Zero Trust philosophy of security is critical in this case.
Louis: What do you think will happen from the perspective of micro-segmentation and how does this hack change the balance of security relative to ongoing operations of a business?
Andy: I think it’s another evidence of our current breach culture and brings forth more awareness. More and more, events like this will make cybersecurity a higher priority in an organization – one essential to excel at to keep a business operating. So from that perspective, it is a business enabler.
If you do it right, you can start to do things like moving to the cloud and start to do things that make you more agile. The more we can think of security as a business enabler instead of a business blocker, the better we are. Taking the lessons learned from this hack and using them to create a more resilient, hardened organization is a start.
80% of hacks involve the use of compromised privileged credentials and this one is no exception. An important layer of control is Privileged Access Management (PAM) solutions such as Centrify, which typically involve predictive, preventive and detective controls.
In the end, it is security layers and vigilance that make the difference in minimizing the impact of a breach. NIST’s guidance can be constructive in cybersecurity planning, which can also be informed by Zero Trust’s principles. Remember, it’s not a question of if you will be hacked. It’s a matter of when and what you can do to limit the impact through layers.
Glassdoor shows 3,937 companies in the middle of a hiring surge during Covid-19, 960 of which are in information technology.
Leading software companies going through a hiring surge right now include Aha! Software, Appen, Clevertech, CrowdStrike, Datadog, Dataiku, Fastly, Hashicorp, Leidos, Liveops, Netskope, Proofpoint, Rackspace, Zapier and Zendesk.
Modern Tribe, Dataiku, Zapier, PartnerCentric, Slack, Fuse, ScienceLogic and SAP are the highest rated companies by their employees on Glassdoor who offer remote jobs today.
Between Glassdoor, Indeed, LinkedIn and Monster, there are over 16,500 open remote-based software technical professional jobs available today. Companies with open, remote-based solutions include Aha!, Box, Cloudera, DemandBase, Jobot, Red Hat, NTT Data, Salesforce and many others.
GitLab alone has 79 remote full-time positions open today and is widely considered a leader in creating a productive, positive remote working culture, with 88% of employees saying they would recommend the company to a friend.
These and many other useful insights are based on comparing the leading tech companies who offer remote, work-from-home job positions by their Glassdoor scores. Leading tech companies are ranked on the percentage of employees who would recommend their company to a friend and the percent of employees who approve of the CEO. The total number of open job positions by company is in the third column of the table. Hiring companies of note include the following:
PowerToFly has had an impressive growth year and is the go-to remote job search engine for women professionals. The company was launched in 2014 by Milena Berry and Katharine Zaleski to connect Fortune 500 companies, startups and growing companies with women looking to work for businesses that value gender diversity and inclusion. PowerToFly’s number of available remote jobs has soared from 994 earlier this year to over 2,500 open remote positions today. 94% of employees would recommend working at PowerToFly to a friend and 93% approve of their CEOs.
Angelist has 2,700 enterprise software-related remote positions on their website today with companies including Auth0, Arctic Wolf Networks, Confluent, Couchbase, HackerOne, Slack, MindTickle, MongoDB, Sendoso, Tanium and many others.
FlexJobs has 5,566 remote-based software jobs that include full-time, part-time and freelance positions. Open positions include Senior Software Engineers, DevOps Engineers, Product Managers, Project Managers, Full Stack Developers and more.
Working Nomads site currently has 11,216 remote, work-from-home development jobs advertised. There are also 2,021 marketing, 1,922 management, 1,873 system administration, 1,592 design and 1,164 sales remote, work-from-home job postings.
Bottom Line: Cybersecurity CEOs’ lessons learned from navigating the pandemic provide a valuable framework for leading and growing a business through anxious, uncertain times.
How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti), exemplifies the empathy all CEOs interviewed have for their employees’ welfare. “My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always-on business” for our customers,” Simon mentioned during a recent interview.
What made leading during the pandemic even more difficult was the exponentially increasing number of breaches and cyberattacks their customers are experiencing. McAfee Labs Covid-19 Threats Report found a 630% increase in cloud services cyberattacks between January and April of this year alone. The FBI estimates cyberattacks are up 400% due to the pandemic. As DevOps teams fast-track new features and releases, CEOs keep their virtual organizations cohesive and focused on the same goals.
The following cybersecurity CEOs provide their most valuable lessons learned leading through the pandemic:
Christy Wyatt, CEO of Absolute Software
Absolute is a leader in Endpoint Resilience solutions and the industry’s only undeletable defense platform embedded in over a half-billion devices. Enabling a permanent digital tether between the endpoint and the enterprise who distributed it, Absolute provides IT and Security organizations with always-connected visibility and Self-Healing Endpoint security.
“What are the most valuable lessons learned leading through a pandemic?”
There was a clear moment for us where we said, “What is our objective? What is the best response to this?” And the phrase that came out was, “How can we help?” We knew our primary focus needed to be helping our customers solve a massive problem, instead of monetizing this opportunity. Making this decision to come together as a mission-driven organization… that was so incredibly powerful.
Even as life was changing drastically between breakfast and dinner every single day and employees were navigating their own work-from-home journeys and trying to care for their families, what we heard was that this ability to contribute was the thing that they were hanging onto. They were able to say, “Listen, I’m getting up every morning and I’m helping organizations with something that’s really scary and unfamiliar.” And, they did remarkable things… these teams put themselves through so much to help our customers stand up remote work and learning environments essentially overnight.
I always say you don’t win the race when you’re in the race. It’s the training and the practice, and the talking,and the drills and the teamwork… which we had been working on long before the pandemic hit. So I think my biggest takeaway is that if you put in the training upfront and you focus on doing the right things, the right things will happen. And you really can achieve more than you thought you could.
Flint Brenton – President and CEO of Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes trust and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility and reduces risk, complexity and costs for the modern, hybrid enterprise.
“What are the most valuable lessons learned leading through a pandemic?”
“Our customers and the people they serve are all going through rapid change. When you look at the concept of digital transformation, a lot of companies were struggling with that before the pandemic. Now we know that we can’t live without it. The role of the developer is more important than ever and they are driving innovation in a very different environment than they’ve ever experienced.
One of the most valuable lessons I’ve learned during the pandemic is that no matter what the obstacles are, people need connection. For a company like Centrify, that means we need to be connected to our customers intellectually, strategically, virtually and – eventually – physically.
An example of this was very clear recently, as we engaged in discussions with one of the world’s largest financial institutions to replace their existing password vaulting solution. They have a vision for where they want to be, how they are going to get there and how they are going to secure that transformation. But they need the right partner who not only has the technology capabilities and architecture for a cloud-focused, DevOps-drive, digitally-enabled enterprise, but also to understand their vision and be invested in their success.
So the CIO asked me to personally track the rollout of our product against their product enablement success and he was very interested in how our vision of Privileged Access Management will converge with cloud security, DevOps and other modern technologies and empower their vision and plan. Ultimately, he wanted connectedness. He wants a personal relationship built on understanding, honesty and accountability, even if that relationship can’t be forged and nurtured over a dinner or meeting in a conference room.
That’s the biggest lesson I’ve learned leading this year: that customers, employees, partners and peers want to be connected any way possible, even if they can’t do so in close physical proximity yet.”
Steve Havas, CEO of Evernym
Evernym is a pioneer in the field of verifiable credential technology, which gives individuals control over their digital identity and organizations the ability to trust and verify their data. Evernym builds and deploys self-sovereign identity solutions, with the technology and go-to-market resources powering the largest implementations of digital credentials in production.
“What are the most valuable lessons learned leading through a pandemic?”
The pandemic has been, to say the least, impactful on society and our business. The market changes have required ruthless listening to customer needs and absolute focus on delivering what’s needed today.
We’ve all anticipated a gradual convergence of the digital and physical worlds, but that timeline has been accelerated by the sudden rise in remote work/education and contactless identity verification. We’re fortunate that this is the future we’ve been building toward, although we would have never imagined many of the COVID-19 credential use cases that are now mission-critical for our customers. It’s certainly been a lesson in adaptability and prioritization.
Benji Markoff, CEO of Founder Shield
About Founder Shield
Founder Shield is a tech-enabled insurance brokerage, focusing on rapidly growing businesses that operate in emerging industries. As a broker, we have a unique perspective of protecting our clients against cyber threats and guiding them to recovery should their fall victim. We work with forward-thinking insurers using proprietary cyber risk management tools, while also offering the most innovative insurance coverage possible.
“What are the most valuable lessons learned leading through a pandemic?”
People say that fortunes are won and lost in times like these and it certainly appears that hackers & social engineering fraudsters have gotten that memo. Over the past 6 months, we’ve seen an increase in both hacking and social engineering attacks on clients of all shape and size $5M Revenue to $500M revenue. The reports suggest that working from home has only increased vulnerabilities of company networks (or lack thereof as employees use home networks) and the ability to induce fraudulent payments from employees who might not be able to lean over to a coworker to fact check a fishy invoice. The valuable lesson? Do a cyber audit and make sure you’re training your team on spotting social engineering and phishing scams.
Anand S – CEO at Gramener: Insights as Data Stories
About Gramener: Insights as Data Stories
Gramener is a data science company that helps solve complex business problems with compelling data stories using insights and a low-code analytics platform. We help enterprises large and small with data insights and storytelling by leveraging Machine Learning, Artificial Intelligence, Automated Analysis and Visual Intelligence using modern charts and narratives (NLG). Our Gramex platform is a low-code framework to rapidly build engaging data solutions across multiple business verticals and use cases. Our products have empowered CXOs, Chief Data Officers, Scientists, Business Analysts and others save millions of dollars by making an impact on revenue and decision making. Gramener was founded in 2010 and has over 325+ clients worldwide, 200+ employees and 5 offices globally including the United States and Singapore.
“What are the most valuable lessons learned leading through a pandemic?”
As an SMB we leaned more towards cost optimization over premium cybersecurity tools and services, resulting in ring-fencing our office infrastructure more. Due to COVID-19, when we moved 100% remote, our cybersecurity controls fell short to defend us against external threats. We had to extend the security protocols like moving all work to Virtual Desktop Infrastructure (VDI), strengthen VPN tunnel security, implement 2FA for all logins, opt for more security services from our Cloud service provider.
We accelerated digitization across operations and increased spending in Cloud security and production application security. We are revisiting our current approach and playbooks for cybersecurity.
– We are evaluating the current 3rd party service providers offering and reevaluating if they still have same level security controls in place at their end
We are conducting an accelerated implementation of Data Security protocols across the organization and not just on client specific projects. This includes updates to Information Security Policy around Data classification, Data tracking and protection.
With 100% remote operations, we are moving to VDI for all production and critical services. This means access to all data is through dedicated VPN Tunnels only. This is to mitigate any exposure to data from folks working at home.
– Our Virtual Desktop Infrastructure allows our IT teams to protect client sensitive data to a restricted cloud environment. All the tools and 3rd party cloud services required by our team members to perform their tasks are provided in the VDI. No data can be extracted or moved from VDI instances.
– All internal company data around operations, team members, Intellectual Property are a prime target for cyberattacks and ransomware. We have moved to a secure VPN tunnel architecture for all our team members to access company internal systems. Earlier this was restricted to a small group of functions. By mandating access via secure VPN tunnel our IT team has centralized visibility of all traffic across the network and can intervene quickly against any potential threats.
We are mandating 2FA. Earlier employee convenience led to not mandating 2FA for all our services. Now 2FA has been made mandatory across all services.
In order to optimize costs, we are consolidating tools used in the organization to identify overlapping functionalities and getting rid of those which are no longer required.
Apu Pavithran, founder and CEO of Hexnode
Hexnode MDM is the award-winning Unified Endpoint Management platform from Mitsogo Inc. The company has been helping organizations in over 100 countries to stay agile and competitive in an increasingly mobile world. Mitsogo Inc. is a leading provider of Endpoint Management and security solutions. From SMBs to Fortune 500s, enterprises of all sizes have leveraged Mitsogo’s prowess in device management to drive business productivity and compliance. Mitsogo’s solutions adapt to the most complex of business environments.
“What are the most valuable lessons learned leading through a pandemic?”
Navigate the path, trust your crew
Being a CEO, as lucrative as it may seem has its own little big challenges, for example, they don’t tell you that there are no off days. There are always thousands of choices to be made and tons of pathways to be chosen, but the absolute worst thing comes when we face an uncertainty that was never on the radar.
And when the pandemic hit, the team needed support more than ever, I had to switch through the roles of commander in chief, therapist, cheerleader and even at times a babysitter. After all, you have to be the rock for your employees, or else it shows. But fortunately, I was so lucky to be surrounded by like-minded people who are as passionate as the founder about our business and customers.
We had to establish a fully remote work landscape and it was not what we would have expected, it was at a time when everyone was very insecure about COVID-19. People were worried about their safety, the safety of their families and work started to slip into second gear, some of us were even having mental breakdowns. It was time to be the person that the team could look up to.
“Customer is king”, is a tired old saying but that is what Hexnode live by, we had a commitment towards our clients, so we had to provide uninterrupted service for them rain or shine. So, we made a decision that would be deemed “mad “from a financial standpoint.
We rented out hotel rooms and made guesthouses for each of our employees around the globe and ran security and screening protocols equivalent to that of hospitals. Soon the stress levels were back to normal and the team started to enjoy the atmosphere. Productivity became better than pre-COVID levels.
As a leader, your team should be able to trust that you’re going to do everything in your power to navigate them through this tough time. The greatest asset for every business is said to be “finding the right staff”, but I would say it is “how you create the right staff”. The most valuable lesson l learned during this pandemic is “When the crew is great you just have to navigate, they will pull through all the tides and storms coming your way. They always do”.
Brad Wiskirchen, CEO, Kount
Kount’s Identity Trust Global Network delivers real-time fraud prevention and account protection and enables personalized customer experiences for more than 9,000 leading brands and payment providers. Linked by Kount’s award-winning AI, the Identity Trust Global Network analyzes signals from 32 billion annual interactions to personalize user experiences across the spectrum of trust—from frictionless experiences to blocking fraud. Quick and accurate identity trust decisions deliver safe payment, account creation and login events while reducing digital fraud, chargebacks, false positives and manual reviews.
“What are the most valuable lessons learned leading through a pandemic?”
Open, honest, fearless communication. The Kount team has lived by this motto for more than a decade and never before has it been more tested and more relevant than in navigating the events of 2020. From moving our entire team to remote work to quickly pivoting to help our eCommerce businesses handle dramatic changes in transaction volume, it’s essential that our team communicate at the highest levels. As the impacts of the pandemic are often deeply personal, open, honest, fearless communication has empowered us to balance individual needs, customer needs and company needs while uniting us in our mission to do whatever it takes to stop digital fraud for our customers.
Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti)
MobileIron is redefining enterprise security with the industry’s first mobile-centric security platform for the Everywhere Enterprise. MobileIron’s platform combines award-winning and industry-leading unified endpoint management (UEM) capabilities with passwordless MFA (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network and detect and remediate threats to ensure that only authorized users, devices, apps and services can access business resources in a “work from everywhere” world.
“What are the most valuable lessons learned leading through a pandemic?”
As a leader during a pandemic, you must go above and beyond to provide your employees and customers with world-class service and support. My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always on business” for our customers. At MobileIron, we quickly enabled our employees around the world to work remotely. We also made it as easy as possible for our customers to issue more corporate-owned devices or enable a BYOD program to keep their employees secure and connected – whether they were working on the frontlines or at home. And we continued to innovate to meet the changing security needs of our customers and communities.
Overall, the pandemic has crammed years’ worth of change into a few short months and it will have long-lasting effects on how, when and where we work in the future. Work in the future will be very different to work in the past, which will present leaders with some challenges. However, it will also offer some significant opportunities to overhaul working practices and support employees who work from home with better collaboration and more intuitive access. The “Everywhere Enterprise” is not a passing phase, it’s the current reality and will continue to grow and expand as workers find new ways to be productive from anywhere.
Ward Osborne, CEO of Osborne Global Security
About Osborne Global Security
Osborne Global Security is a new player in the security space. They are challenging the stereotypes that come to mind when you originally think of security and replacing them with the ideas of trust, care and a shift in general security culture. This is a fascinating company to watch in the future.
“What are the most valuable lessons learned leading through a pandemic?”
As CISO’s for multiple companies through this pandemic, we have seen so much shift and change. There’s been borderline chaos in many companies – and chaos ALWAYS brings opportunity. For our clients, the ones we’ve worked with and developed mature, risk and capabilities based models for just this situation, they are thriving.
It’s interesting to see the world adapt to a virtual delivery model which we’ve been creating, living, evangelizing for 25 years. Our clients who may not have had the time or prioritization to develop those models and capabilities have taken a hit, but we continue to do what we do, which is develop and provide resilience and growth to our customers.
In a virtual and distributed world, Trust becomes a major factor in every conversation. If a customer can’t Trust that we are there to solve problems when things get tough, then they aren’t able to operate effectively knowing that someone has their back.
Our world has become physically disconnected, but the people and companies that deal with that challenge in a proactive and positive way will always thrive. We are here. Growing our tribe. Doing the next right thing and leading customers to success in the midst of all of this chaos and challenge.
Rodrigo Tumaián, CEO and Co-Founder of Prometeo
Prometeo provides a single point of access to banking information, transactions and payments across multiple financial institutions in Latam. Inspired by PSD2 and with high security standards, Prometeo brings easy plug & play access to open banking, the future of financial services. Currently, Prometeo is connected with more than 30 financial institutions across 9 countries of Latam (including México & Brazil) and provides access to more than 45 APIs.
“What are the most valuable lessons learned leading through a pandemic?”
Prometeo was born with a very strong focus on cyber-security, so the pandemic had no effect on our operation. Our company grew up with the foundation of mobility and work flexibility, this forced us from the beginning to think about the best way to transmit data and protect mobile assets. So when the pandemic arrived, we were already providing remote access (VPN) to all our employees, limiting access by profile. We were already using two-factor authentication to access our services. We already had user nomination and record of the operations generated by our employees on our assets. I think if I had to mention what was the most valuable thing we learned from the pandemic, it’s that the direction we took from the beginning was worth it. We didn’t have to deal with operational issues to handle the high demand for digital products from customers, we just did it. So the pandemic for us strengthened another of our fundamental values, not to make security to be compliance, but to make integral security, both within our company and for our customers.
Jean Le Bouthillier, CEO of Qohash
Qohash delivers advanced data classification and monitoring capabilities to protect your personal, health, corporate and financial data using transformational technologies such as machine learning and analytics.
“What are the most valuable lessons learned leading through a pandemic?”
2020 has accelerated digital transformation efforts and highlighted the need for advanced, lightweight data security capabilities. With enterprise employees working increasingly remote, data is flowing faster and in previously unimagined ways. Businesses realize that to keep up with the demands of clients and a digital workforce, data risk models need an update or risk jeopardizing the enterprise.
Qohash clients recognize that the employee Risk Score, a quantifiable measure of trust, mitigates the impact both of bad actors as well as busy, distracted employees.
Remote, digital work will be a part of enterprise operations for the foreseeable future. Organizations need to enable governance risk and compliance teams to better support this transition to Work From Anywhere [WFA] models where talent and business thrive.
Jean-Paul Smets, Founder and CEO RapidSpace
Rapid.Space is a cloud provider whose “approach is based exclusively on the use of free, fully auditable and reversible software, hardware and management procedures under open licenses. Thanks to a network of 228 points of presence, Rapid.Space has global presence including in mainland China. It covers similar features as the most sophisticated public cloud provider and introduces exclusive innovations such as industrial edge computing and private 4G/5G vRAN.
“What are the most valuable lessons learned leading through a pandemic?”
“Rapid.Space learned during the pandemic how to formalize its management procedures and remotely setup points of presence. Thanks to Augmented Reality and smart glasses, Rapid.Space team in Europe and Americas could setup remotely its points of presence in mainland China and Taiwan without having to travel by air plane”.
Software companies continue to deliver the highest growth rates for the 25th straight year, representing 71% of the entire list, the highest-ever percentage in the history of the rankings.
353 of the 500 fastest-growing companies in North America are in the software industry according to Deloitte’s 2020 Tech Fast 500, the most ever in the history of their rankings and a 3% increase over last year.
Two of the ten fastest-growing companies over the last three years specialize in cybersecurity, OneTrust and Transmit Security.
Notable software companies ranked in Deloitte’s 2020 Tech Fast 500 include Bolt, Illumio, LogicMonitor and Seeq.
Biotechnology/pharmaceutical companies are the second most prevalent sector, comprising 14% of all companies, followed by digital content/media/entertainment (5%) and medical devices (4%).
It’s fascinating to look at the emerging trends in Deloitte’s 2020 North America Technology Fast 500 Rankings as leading predictors of innovation. This year’s report is a quick read and provides a glimpse into the fastest-growing companies between 2016 and 2019. Deloitte chooses Technology Fast 500 awardees based on percentage fiscal year revenue growth from 2016 to 2019. Overall, the 2020 Technology Fast 500 companies achieved revenue growth ranging from 175% to 106,508% over the three-year time frame, with a median growth rate of 450%.
Key insights from the rankings include the following:
Five of the top ten winners are software companies, includingBranch Metrics, OneTrust, Transmit Security, Drift and CharterUP. It’s noteworthy that cybersecurity is well-represented in the top ten fastest-growing companies between 2016 and 2019. OneTrust and Transmit Security is in the top five fastest-growing companies between 2016 and 2019, accentuating how critical cybersecurity is becoming in all businesses. The following graphic lists the top ten Deloitte 2020 North America Technology Fast 500 winners.
Digital platform and enterprise infrastructure & productivity dominate software companies are dominating software sub-sectors with 56% of all companies. Deloitte’s ranking reflects the increasing urgency all organizations have to launch, scale and excel at new digital selling channels. The pandemic accelerated the urgency faster than the most compelling business case ever could. Having over 50% of all software companies in these categories quantifies the cloud as the platform of choice across enterprises.
Electronic devices/hardware, energy tech and software & SaaS are the three sectors generating the fastest growing businesses over the last three years. Edge computing and the quick pace of innovation in intelligent sensor development and adoption for the Internet of Things (IoT) and Industrial Internet of Things (IIoT) use cases are catalysts driving the 683% growth rate. Sustainability’s bottom-line benefits, including its positive impact on lean manufacturing, help drive to 525% growth rate in energy tech. Software and SaaS median growth rate of 465% shows enterprise software’s evolution is nascent and just getting started.
Cybersecurity professionals with cloud security skills can gain a $15,025 salary premium by capitalizing on strong market demand for their skills in 2021.
DevOps and Application Development Security professionals can expect to earn a $12,266 salary premium based on their unique, in-demand skills.
413,687 job postings for Health Information Security professionals were posted between October 2019 to September 2020, leading all skill areas in demand.
Cybersecurity’s fastest-growing skill areas reflect the high priority organizations place on building secure digital infrastructures that can scale. Application Development Security and Cloud Security are far and away from the fastest-growing skill areas in cybersecurity, with projected 5-year growth of 164% and 115%, respectively. This underscores the shift from retroactive security strategies to proactive security strategies. According to The U.S. Bureau of Labor Statistics’ Information Security Analyst’s Outlook, cybersecurity jobs are among the fastest-growing career areas nationally. The BLS predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%.
Key takeaways from their analysis include the following:
Cloud Security skills are the most lucrative of all, predicted to deliver a $15,008 salary boost in 2021. Demand for specific Cloud Security skills is far outpacing the broader demand for cybersecurity skills in the labor market. Burning Glass predicts the fastest-growing skills over the next five years include Azure Security (+164%), Cloud Security Infrastructure (+144%), Google Cloud Security (+135%), Public Cloud Security (+121%), Cloud Security Architecture (+103%). There are 19,477 positions available for cybersecurity professionals with Cloud Security skills.
The fastest-growing cybersecurity skill is Application Development Security, predicted to see a 164% increase in available positions over five years. Cybersecurity professionals with Application Development Security, DevSecOps, Container Security, Microservices Security, Application Security Code Review are predicted to see an average $12,266 salary boost starting next year given the strong marketability of their skills. Like Cloud Security, market demand for Application Development Security professionals’ skillsets far outpaces average cybersecirty jobs growth over five years.
Knowing where the most cybersecurity job postings are by metro area and state provides job seekers with the insights they need to narrow their job search. Cyberseek partnered with Burning Glass to create an interactive U.S.-based heat map that shows cybersecurity positions by state or metro area. The heat map can be configured to show total job openings, supply of workers, supply/demand ratio,and location quotients. You can access the heat map here.
Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today.
Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities they are based upon. From tech dominance to sales success, each CEO has their own long-term strategy and idea of what they and the company need to excel at to succeed.
Defining Cybersecurity As A Core Part Of DevOps
It is always fascinating to speak with new CEOs at cybersecurity companies and see what their vision for the company is after they’ve been there a few months. I recently had the opportunity to sit down and talk with Flint Brenton, who joined Centrify as President and CEO in July of this year. Flint leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. He recently served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM and more.
Flint sees the needs of enterprise developers creating new apps using DevOps as pivotal to the future of Centrify, specifically and cybersecurity in general. A core part of those developers’ needs is securing privileged access management (PAM) in multi-cloud environments while supporting agile development.
My interview with him provided five key insights into why cybersecurity will increasingly be defined by how well it can be incorporated into “DevSecOps,” and how Centrify’s vision for the future looks to capitalize on that demand and drive PAM into the DevOps pipeline to further automate built-in security practices:
Cybersecurity providers’ cloud-based architectural platforms will define the competitive landscape for the next several years in the industry. Since accepting the CEO role in July, Flint has been spending most of his time talking with customers to gain in-depth insights into their greatest challenges. He is hearing about the challenges customers face when attempting to make different cybersecurity vendors’ solutions work together and function in a multi-cloud architecture. “Having a clear architectural advantage where features can be added quickly is going to be key in cybersecurity for years to come,” he explained.
Any cybersecurity company’s vision needs to consider the speed at which infrastructure and workloads are moving from on-premise to the cloud – it’s faster than predicted. One of Centrify’s financial services customers in APAC is launching a virtual bank and wants the new venture to be entirely cloud-based. Like many Centrify customers, they are considering a multi-cloud architecture, including Amazon AWS, Google Cloud and Microsoft Azure. Flint explains they will need a security model and identity management controls that run in the cloud to accommodate their current and future computing plans. The FinTech is relying on Centrify to secure privileged access for administrators to its multi-cloud environment.
Viewing every enterprise customer as a software business first helps remove roadblocks to delivering more value faster. Cybersecurity companies need to consider how they can streamline DevOps and DevSecOps cycles by providing enterprise developers with new tools to integrate identity management efficiently. “The developer is now building identity management into apps and frequently those apps are built using container-based models and they are then deployed either into cloud, on-prem, or a combination of both,” Flint said.
Design in flexibility for the many different buying communities you’re trying to serve early on and continually monitor them to learn about what’s most valuable to them. DevOps leaders’ buying community is among the most self-sufficient, willing to download a trial, install it and buy it. Enterprise sales are more research and time-intensive. Flint observed that a company’s vision needs to encompass each buying community’s unique nature and be willing to extend platform-level features and DevOps tools if necessary.
Buy-in from the DevOps community will become increasingly important in cybersecurity in general and is a core part of Centrify’s vision. Prior to taking the helm at Centrify, Flint was the CEO of CollabNet VersionOne, where he helped define value stream management as a market standard. I asked him if he sees any parallels with value stream management’s success and the vision he has for Centrify. “The key with value stream management is to understand how developers wanted or needed to build software more successfully in the future. So you have to get the buy-in of the development community to include it in what they’re building, rather than making an appetite of adding it after it’s already been deployed. So I think that’s a major focus in the DevSecOps market. Make it part of what is built. Don’t allow it to become an afterthought,” Flint said. The future of cybersecurity will increasingly be defined by how easily Identity Access Management (IAM) and Privileged Access Management (PAM) can be designed at the beginning of DevOps and DevSecOps cycles.
What I find most compelling about his vision is how essential every person is to breaking apart complex cybersecurity problems and solving them. Flint’s vision of providing DevOps teams with the tools they need to design in identity access management is groundbreaking. No one is talking about design wins in this area of the market today.
Centrify is quickly turning into a company that actively seeks out their customers’ most difficult obstacles and uses them to challenge itself to grow and do excellent work. They are looking for cybersecurity leaders with cloud-based development skills, AI skills and automation skills who are up for the challenge.
73% of enterprises (over 500 employees) accelerated their cloud migration plans to support the shift to remote working across their organizations due to the pandemic.
81% of enterprises accelerated their IT modernization processes due to the pandemic.
48% of all companies surveyed have accelerated their cloud migration plans, 49% have sped up their IT modernization plans because of Covid-19.
32% of large-scale enterprises, over 500 employees, are implementing more automation using artificial intelligence-based tools this year.
These and many other insights are from a recent survey of IT leaders completed by CensusWide and sponsored by Centrify. The survey’s objectives on understanding how the dynamics of IT investments, operations and spending have shifted over the last six months. The study finds that the larger the enterprise, the more important it is to secure remote access to critical infrastructure to IT admin teams. Remote access and updating privacy policies and notices are two of the highest priorities for mid-size organizations to enterprises today. The methodology is based on interviews with 215 IT leaders located in the U.S.
Key insights from the survey include the following:
The overwhelming majority of enterprises have transformed their cybersecurity approach over the last six months, with 83% of large-scale enterprises leading all organizations. It’s encouraging to see small and medium-sized businesses adjusting and improving their approach to cybersecurity. Reflecting how digitally-driven many small and medium businesses are, cybersecurity adjustments begin in organizations with 10 to 49 employees. 60% adjusted their cloud security postures as a result of distributed workforces.
48% of all organizations had to accelerate cloud migration due to the pandemic, with larger enterprises leading the way. Enterprises with over 500 employees are the most likely to accelerate cloud migration plans due to the pandemic. 73.5% of enterprises with more than 500 employees accelerated cloud migration plans to support their employees’ remote working arrangements, leading all organization categories. This finding reflects how cloud-first the largest enterprises have become this year. It’s also consistent with many other surveys completed in 2020, reflecting how much the cloud has solidly won the enterprise.
49% of all organizations and 81% of large-scale enterprises had to accelerate their IT modernization process due to the pandemic. For the largest enterprises, IT modernization equates to digitizing more processes using cloud-native services (59%), maintaining flexibility and security for a partially remote workforce (57%) and revisiting and adjusting their cybersecurity stacks (40%).
51% of enterprises with 500 employees or more are making remote, secure access their highest internal priority. In contrast, 27% of all organizations’ IT leaders say that providing secure, granular access to IT admin teams, outsourced IT and third-party vendors is a leading priority. The larger the enterprise, the more important remote access becomes. The survey also found organizations with 250 – 500 employees are most likely to purchase specific cybersecurity tools and applications to meet compliance requirements.
Conclusion & Wrap-Up
IT leaders are quickly using the lessons learned from the pandemic as a crucible to strengthen cloud transformation and IT modernization strategies. One of every three IT leaders interviewed, 34%, say their budgets have increased during the pandemic. In large-scale enterprises with over 500 employees, 59% of IT leaders have seen their budgets increase.
All organizations are also keeping their IT staff in place. 63% saw little to no impact on their teams, indicating that the majority of organizations will have both the budget and resources to maintain or grow their cybersecurity programs. 25% of IT leaders indicated that their company plans to keep their entire workforce 100% remote.
It’s encouraging to see IT leaders getting the support they need to achieve their cloud transformation and IT modernization initiatives going into next year. With every size of organization spending on cybersecurity tools, protecting cloud infrastructures needs to be a priority. Controlling administrative access risk in the cloud and DevOps is an excellent place to start with a comprehensive, modern Privileged Access Management solution. Leaders in this field, including Centrify, whose cloud-native architecture and flexible deployment and management options, deliver deep expertise in securing cloud environments.
Removing any doubt endpoints are resilient, self-healing and secure is what matters most to cybersecurity leaders today. It has become the highest priority across education, enterprise, financial services and government organizations in 2020 and beyond. At the same time, CIOs and CISOs are recognizing that endpoint complexity itself is a vulnerability. Absolute’s 2020 State of Endpoint Resilience Report finds there are now 10.2 agents per endpoint installed, up from 9.8. Add to this how quickly software agents degrade across thousands of remote devices and the size of the challenge becomes clear.
Absolute’s approach to delivering unified endpoint security using their Endpoint Resilience platform that creates a permanent digital tether to every endpoint in the enterprise is getting noticed by CIOs and CISOs. IT leaders say Absolute’s ability to provide greater visibility and control is what they need. Interested in learning more about how Absolute is helping customers taking on the many challenges of protecting the proliferating number of endpoints today and how the company sees the future, I recently spoke with Christy Wyatt, CEO. (You can see my discussion with her last year here.)
Under her leadership, Absolute’s revenues, customer retention and Net Income continue to grow. Total revenue in Q4-FY2020 was $27.2M, representing a year-over-year increase of 7%. Annual revenue in FY2020 was $104.7M, representing an increase of 6% over F2019. Absolute also attained a 14% year-over-year increase in Enterprise and Government revenue making this segment 68% of Total ARR on June 30, 2020.
Christy is one of the most brilliant, insightful leaders in cybersecurity today and her perspective on the future of endpoint security makes for a fascinating discussion. The following is my interview with her:
Louis: When you look back over the last eight months, which decisions and strategies do you see as being pivotal to Absolute’s growth and the fact that you accomplished so much, so quickly?
Christy: That’s a great question and the first thing that jumps to mind is our decision that Endpoint Resilience needs to be its own category. This was kind of a new thing. Many people talk about finding bad guys and the need for identity and access management.. there is a lot of use of the fear factor. And as an industry, we kept thinking of different ways devices could be compromised and we kept adding more security controls to solve those problems.
The thesis we arrived at, here at Absolute, is, “Listen, more isn’t always better. Making sure that things are actually working in there when you need them, that’s what is more important.” Because when you spend a lot of money on solutions, or when you tell your board or your CEO that you have a particular control and are now safe from a specific kind of risk… you need to go to sleep at night knowing that that’s in fact true. There needs to be a foundational belief that there is something solid to stand on when bad things happen.
And so, much of what we did this past year was really focused on quantifying that rate of decay because we believe that it is a painful problem organizations are having. I think that we are making traction and the insights we continue to publish on the state of Endpoint Resilience is really helping with that.
Louis: On your last earnings call, you talked about undeletable endpoint security and how it caught on in the education market. Did you change your go-to-market strategy this quarter to show you could scale an enterprise-wide deployment with teachers and administrators?
Christy: What’s important to remember is that we’ve been in business 20 years and that we started in education – as the one-to-one laptop initiatives for school kids were just getting underway. Those devices were very expensive and so that is the first problem we worked to solve. If somebody got their hands on a student’s device, how do you build a security platform that can survive anything that happens to that device? That was the original design premise all those years ago. And so, we have deep experience in things like scalability and solving problems for the education market.
What we’ve been seeing n the education market over the last couple of years has really been that, while technology has been an enabler for students, they weren’t necessarily thinking about teachers and administrators. So the challenge that they’ve grappled with over the last few months, notably with the accelerated shift to remote learning, is figuring out how to be both a digital and remote organization all at once. A lot of their processes were not yet online and not every single individual was connected.
Because we have a long-standing relationship with this community, we have a lot of expertise in the providing the scale and stability that they need. It was relatively intuitive for us to step and say, “Listen, these are things we can help you with. Here’s the bigger picture of things we could be helping you with, as you’re still figuring out distance learning and how to mobilize students.” Because we’ve also while serving education, we’ve also been serving banks and governments – and our enterprise business has been growing quite nicely over the years as well.
And I think we’re going to see that continue, because even as schools are contemplating sending children back to school, nobody knows whether this is a long-term or short-term. The new term I’ve started using is operational agility… and I think it applies to enterprise as well as it goes to education. I don’t think we ever again get to take for granted location and physical proximity to employees or students or devices. It has become a critical KPI for most organizations going forward.
Louis: Excellent point. And with regard to enterprise and government sectors growing 14% annually, what did you see in the eight months of this year that led to the double-digit growth in those markets?
Christy: Very few organizations had ever really contemplated the question, “What would happen if everybody had to be remote at a moment’s notice?” While our enterprise business has been experiencing double-digit growth for quite a while now, the onset of the pandemic really accelerated that growth. There has been a shift in thinking, that working remotely is not just for a smaller population of road warriors and sales reps and executives. I’ve spoken with many organizations that would say having a permanent digital connection to a device is really important for the people who are on airplanes and in a taxi cabs. But, I have a large percentage of my population that has a device that really they only use at work. Maybe it’s a laptop, maybe it’s a desktop – but either way, 99% of the time they are here. Or the times that they’re not here, they can VPN in. And I think that’s really become the challenge, that we can’t make that assumption anymore.
A lot of customers are rethinking all of that right now, as they’re seeing that being a remote, digitally-led organization can actually fit within their business model. If they give employees the flexibility to do what they love, where they want to do it, they’ll have an edge. While this is something that’s been forced on us, as with many things, the more you practice, the better you get… and then at some point, it becomes a part of the company’s DNA. And you learn to trust that you’re going to be safe and secure, your data and your employees are going to be just fine, because you don’t lose connection with them just because you can’t see them.
Louis: I think trust is an accelerator and Absolute’s success with endpoint security shows how to enable it at scale across organizations. Now with 13,000 customers, Absolute’s approach to building trust is working well.
On the earnings call you gave guidance of $112M to $118M with between 7% to 13% growth defined by how accounting transactions are handled. Underneath those figures, what’s the customer segment or what’s the geographic segment that you believe will be the primary catalyst for that revenue growth?
Christy: Perhaps a bit unusually for company our size, a large percentage of our revenue is actually North America-based. Our international markets have been some of the fastest growing segments for us. Our ecosystem of partners that we support – notably, the large PC and device manufacturers and their indirect channels – most of those are global entities and would like to support their customers in the same way internationally that they support them in North America. So one big focus for us is doing more selling and marketing globally, to meet this need.
I think the other big catalyst is going to be this shift to Resilience. We have a lot of customers who still rely on us for making sure they’re always connected to their devices and able to take preventative action – such as selectively wiping images or freezing a device, or geo-fencing a device from specific locations. While that’s certainly a critical set of capabilities, because we’re sitting in the hardware and sort of looking up at the software, we can help with this concept of self-healing. We can make sure that the critical controls you care about are truly working and protecting your employees.
A lot of the conversations we’re having, especially with new customers, are really focused on these capabilities. It’s not just, “How do I make sure I always know where my things are and that I can take action on them no matter where they are?” Instead, it’s “how do I use automated workflows to remediate risk? How do I have devices fix themselves so that my IT people don’t have to drown and help those calls?”
This concept of persistence and true self-healing that’s rooted in the hardware, I think is really, really powerful.. and the value of that really starts to become apparent when we’re in a world that looks like this. So I think those are some big focus areas for us as we go in the next year.
Louis: I like that one point you made on the earnings call about intelligence efforts, providing more data in a more interactive way for customers. I thought that that was really insightful and I think relevant to what you’ve been saying throughout our discussion. How do you help customers see themselves in a new way with new metrics, more interactively, more intuitively with greater insight?
Christy: It’s a different view for us and it’s something I’m very excited about. When it comes to a new product, I focus on, “What’s the question the customer’s going to be asking? What’s the problem they’re trying to solve?” And from there, “How do I package that up neatly so that they click on a button and get a report and it solves all of their problems?” But that’s not the world we live in today, especially when you have so many moving parts and things are continuously changing.
So it’s a different design philosophy when we say to the team, “You actually have no idea what question the customer is going to ask. Your job is to create tools that allow them to ask any question they have and then help them define the answer, either using our tool or using our data in some other tool.” At the end of the day, that’s how they get closer to the truth about what’s going on within their organization… and how they gain the ability to make better decisions.
Louis: Absolutely, that’s key to creating a culture that can continues to innovate and with Absolute’s focus on helping customers attain greater autonomous endpoint resiliency, it’s proving to be a strong catalyst for future growth too.
47% of artificial intelligence (AI) investments were unchanged since the start of the pandemic and 30% of organizations plan to increase their AI investments, according to a recent Gartner poll.
30% of CEOs own AI initiatives in their organizations and regularly redefine resources, reporting structures and systems to ensure success.
AI projects continue to accelerate this year in healthcare, bioscience, manufacturing, financial services and supply chain sectors despite greater economic & social uncertainty.
Five new technology categories are included in this year’s Hype Cycle for AI, including small data, generative AI, composite AI, responsible AI and things as customers.
These and many other new insights are from the Gartner Hype Cycle for Artificial Intelligence, 2020, published on July 27th of this year and provided in the recent article, 2 Megatrends Dominate the Gartner Hype Cycle for Artificial Intelligence, 2020. Two dominant themes emerge from the combination of 30 diverse AI technologies in this year’s Hype Cycle. The first theme is the democratization or broader adoption of AI across organizations. The greater the democratization of AI, the greater the importance of developers and DevOps to create enterprise-grade applications. The second theme is the industrialization of AI platforms. Reusability, scalability, safety and responsible use of AI and AI governance are the catalysts contributing to the second theme. The Gartner Hype Cycle for Artificial Intelligence, 2020, is shown below:
Details Of What’s New In Gartner’s Hype Cycle for Artificial Intelligence, 2020
Chatbots are projected to see over a 100% increase in their adoption rates in the next two to five years and are the leading AI use cases in enterprises today. Gartner revised the bots’ penetration rate from a range of 5% to 20% last year to 20% to 50% this year. Gartner points to chatbot’s successful adoption as the face of AI today and the technology’s contributions to streamlining automated, touchless customer interactions aimed at keeping customers and employees safe. Bot vendors to watch include Amazon Web Services (AWS), Cognigy, Google, IBM, Microsoft, NTT DOCOMO, Oracle, Rasa and Rulai.
GPU Accelerators are the nearest-term technology to mainstream adoption and are predicted to deliver a high level of benefit according to Gartner’s’ Priority Matrix for AI, 2020. Gartner predicts GPU Accelerators will see a 100% improvement in adoption in two to five years, increasing from 5% to 20% adoption last year to 20% to 50% this year. Gartner advises its clients that GPU-accelerated Computing can deliver extreme performance for highly parallel compute-intensive workloads in HPC, DNN training and inferencing. GPU computing is also available as a cloud service. According to the Hype Cycle, it may be economical for applications where utilization is low, but the urgency of completion is high.
AI-based minimum viable products and accelerated AI development cycles are replacing pilot projects due to the pandemic across Gartner’s client base. Before the pandemic, pilot projects’ success or failure was, for the most part, dependent on if a project had an executive sponsor and how much influence they had. Gartner clients are wisely moving to minimum viable product and accelerating AI development to get results quickly in the pandemic. Gartner recommends projects involving Natural Language Processing (NLP), machine learning, chatbots and computer vision to be prioritized above other AI initiatives. They’re also recommending organizations look at insight engines’ potential to deliver value across a business.
Artificial General Intelligence (AGI) lacks commercial viability today and organizations need to focus instead on more narrowly focused AI use cases to get results for their business. Gartner warns there’s a lot of hype surrounding AGI and organizations would be best to ignore vendors’ claims of having commercial-grade products or platforms ready today with this technology. A better AI deployment strategy is to consider the full scope of technologies on the Hype Cycle and choose those delivering proven financial value to the organizations adopting them.
Small Data is now a category in the Hype Cycle for AI for the first time. Gartner defines this technology as a series of techniques that enable organizations to manage production models that are more resilient and adapt to major world events like the pandemic or future disruptions. These techniques are ideal for AI problems where there are no big datasets available.
Generative AI is the second new technology category added to this year’s Hype Cycle for the first time. It’s defined as various machine learning (ML) methods that learn a representation of artifacts from the data and generate brand-new, completely original, realistic artifacts that preserve a likeness to the training data, not repeat it.
Gartner sees potential for Composite AI helping its enterprise clients and has included it as the third new category in this year’s Hype Cycle. Composite AI refers to the combined application of different AI techniques to improve learning efficiency, increase the level of “common sense,” and ultimately to much more efficiently solve a wider range of business problems.
Concentrating on the ethical and social aspects of AI, Gartner recently defined the category Responsible AI as an umbrella term that’s included as the fourth category in the Hype Cycle for AI. Responsible AI is defined as a strategic term that encompasses the many aspects of making the right business and ethical choices when adopting AI that organizations often address independently. These include business and societal value, risk, trust, transparency, fairness, bias mitigation, explainability, accountability, safety, privacy and regulatory compliance.
The exponential gains in accuracy, price/performance, low power consumption and Internet of Things sensors that collect AI model data have to lead to a new category called Things as Customers, as the fifth new category this year. Gartner defines things as Customers as a smart device or machine or that obtains goods or services in exchange for payment. Examples include virtual personal assistants, smart appliances, connected cars and IoT-enabled factory equipment.
Thirteen technologies have either been removed, re-classified, or moved to other Hype Cycles compared to last year. Gartner has chosen to remove VPA-enabled wireless speakers from all Hype Cycles this year. AI developer toolkits are now part of the AI developer and teaching kits category. AI PaaS is now part of AI cloud services. Gartner chose to move AI-related C&SI services, AutoML, Explainable AI (also now part of the Responsible AI category in 2020), graph analytics and Reinforcement Learning to the Hype Cycle for Data Science and Machine Learning, 2020. Conversational User Interfaces, Speech Recognition and Virtual Assistants are now part of the Hype Cycle for Natural Language Technologies, 2020. Gartner has also chosen to move Quantum computing to the Hype Cycle for Compute Infrastructure, 2020. Robotic process automation software is now removed from the Hype Cycle for AI, as Gartner mentions the technology in several other Hype Cycles.