Ian Trump
When you talk to Ian Trump, Security Lead at LogicNow, you’re talking to someone who knows IT security inside and out. Trump is an ITIL (Information Technology Infrastructure Library) certified IT consultant with 20 years of experience in IT security and information technology. His experience on security integration projects, facilitating technological change, and promoting security best practices have been embraced and endorsed by his industry peers. As a result, when Trump speaks about security, people listen…or should. You know how that goes.
Seeing how security is one of those hot topics within document imaging industry circles, I couldn’t resist chatting with Trump when the opportunity was offered. In the interest of full disclosure, part of our conversation centered on LogicNow’s security initiatives.
He explains that LogicNow takes three approaches to security, starting with technology and a suite of products with a layered defense strategy against what he calls “cyber bad guys.” The second approach, which Trump describes as “revolutionary,” is partnering with one of LogicNow’s managed services security providers to educate the MSP on how to sell security and compliance solutions.
“This is unchartered territory in terms of the other platforms out there,” emphasizes Trump. “We’re seeing a need for MSPs to move up market and continue their success in the marketplace. This is important with the introduction of hosted services such as Office 365.”
He notes that MSPs made big money from servers, now servers are going away in favor of rented services located in data centers.
Trump contends this is an opportune time for MSPs to branch out, especially with all the media coverage of security breaches that are raising awareness and scaring the heck out of the small and medium business where LogicNow’s core product is focused. Actually, many of its products are focused on the SMB via the MSP channel.
The third approach finds Trump in the role of security evangelist, addressing LogicNow’s MSP community with educational materials and webinars as well as educating them as to what the various threats look like and what’s coming, including pointing out some noteworthy trends.
One of those trends is what Trump describes as “another seminal moment in IT history.” That’s the end of life cycle of the 2003 server platform. “Having history as a guide, we saw what happened with Windows XP and where it went end of life cycle.”
He’s referring to attacks on ATM machines and POS systems.
“I suspect the 12 million 2003 machines and other virtual machines from 2003 will come under cyber attack via a worm or targeted attack very shortly after the final patches are dropped,” predicts Trump. “This is one of the biggest IT security issues for 2015. It’s easily preventable and we’ve created some white papers and videos as to what that looks like in terms of securing your infrastructure.”
Another trend that will impact IT security is the adoption of the Internet of Things. That’s because many of those devices connected to the Internet can be considered insecure. Trump cites recent demos in the UK of a smart TV from Samsung that does not encrypt the voice recognition from itself and its third-party provider.
“There’s no encryption being used and there are many devices, including children’s toys that are capable of being exploited by bad guys,” cautions Trump. “This is a huge concern. The industry in its rush to put an IP address on virtually everything, including dishwashers and kettles has not absorbed the ramifications of that and the possible liability should hackers either flood your house or set your house on fire by hacking into the kettle or dishwasher. These attacks that two or three years ago we thought were ridiculous have now become more plausible as we’ve seen wide-scale exploits that have been completely across platform.”
Examples of those are the Heartbleed virus and the FREAK bug.
Complicating matters, or exacerbating the threat, is the growing adoption and implementation of wireless devices and wireless communication.
“Because the Internet of Things will be a wireless implementation and this is problematic in putting a device that maybe has a cavalier attitude towards security on the same network you’re doing your banking or the same network where you’re working on confidential documents,” states Trump. “The threat landscape for SMB is elevated by the sudden appearance of all these devices that are going to be dropped into the wireless environment, not to mention the spectrum problems and channel interference that’s degrading the performance of folks’ wireless. That’s a huge concern and something we’re going to see more of as more wireless devices are spooled up and more devices [communicate] wirelessly.”
A third trend to be vigilant about is the new Internet Protocol, IPv6. “In the last 20-25 years we’ve figured out how to do networking using IPv4,” explains Trump. “We can secure networks comfortably using the techniques and tools we’ve developed, including hardware platforms like firewalls to secure the IBP4 environment. IPv6 is going to get wide scale adoption pushed in part by the Internet of Things. This is a concern because the amount of knowledgeable people around IPv6 is very limited and the classroom environment for IPv6 is just starting to mature. Unfortunately, the hackers are going to take advantage of our lack of knowledge and rules in the IPv6 space.”
He explains that the initial introductions of those technologies will be quite expensive for SMBs and there’s a concern the ISP may turn on or enable IPv6 without the knowledge of the business owner or MSP.
“As a result under particular circumstances and type of hardware IPv6 will be transparent to a router or firewall that is an IPv4 device,” adds Trump. “There are huge concerns on the security side as we move forward in 2015 driven in large part by the desire of companies to Internet enable almost everything they can possibly Internet enable.”
Even though there’s plenty of cause for concern, Trump has some positive news as well.
“Security doesn’t have to be expensive or complex,” he says citing an Australian study regarding the various security options. “Number four is patching and updating your operating system and patching and updating third party applications—these are the strongest defenses against these threats and exploits.”
Another ounce of prevention is aggressively preventing devices and/or humans from visiting devices that are dangerous as well as something as obvious as updating one’s anti-virus platform. “It’s a good defense against known attacks,” emphasizes Trump. “In the criminal underground most Trojans used now are known to anti-virus and their activity is fairly easy to detect by modern anti-virus platforms. Where it gets sticky is with the next generation of threats.”
Returning to a previous point and one also trumpeted by his LogicNow colleague Dave Sobel, Trump contends the MSP is in a unique position when it comes to security options because they understand their customer’s business almost as well as the business itself. “When knocked off line or out of service the MSP is the one who puts that business back in business after a hack,” notes Trump.
In closing, he offers some common sense advice for anyone selling security as part of their Managed IT offerings. “When [a client] asks me what’s the best firewall, my response is ‘the one I know the best.”
