Swisscom’s Outpost is a well-established player in the Silicon Valley ecosystem. Besides managing local partnerships, Outpost scouts for trends and solutions.
Founded in 1998 to act as an innovation hub, Swisscom’s Outpost is today a well-established player in the unique Silicon Valley ecosystem. Outpost has co-founded organizations, such as the Telecom Council, and is a trusted partner for local technology vendors, Venture Capitalists and startups. Besides managing local partnerships for Swisscom, Outpost scouts for new trends and solutions for Swisscom. Further, the Outpost runs programs where Swisscom employees and customers can work on projects in Silicon Valley and utilize Outpost’s position in the ecosystem.
Earlier this year I was asked to write an article for the Swiss magazine, Handelszeitung, covering “cybersecurity today”. An interesting topic for sure. I spent the last 15 years working in different roles within this space. The challenge here was figuring out where to start. And even harder, where to stop. There are literally hundreds of interesting topics to cover. With the Handelszeitung’s audience in mind, I decided to write about three things: Challenges, Trends and Solution Approaches. Working with cybersecurity scouting in the Silicon Valley and writing for a Swiss magazine, I also wanted to give a bit of a US or Silicon Valley perspective on things. Let’s dig into it.
Back in April 2021, the year was still young, but Cybersecurity was already all over the news. Microsoft’s popular e-mail server, Exchange, had a vulnerability which was exploited at around 30 000 companies in the US. Besides the Microsoft incident, there was also SolarWinds. The global network management company whose software was hacked, and which resulted in around 18 000 SolarWinds clients being (potentially) breached. This included some prominent organizations, such as Microsoft and the US Department of Homeland Security.
2020 could be the year of many things, but in cybersecurity it was the year of ransomware, especially in the US. Ransomware 2.0, the somewhat newer model, where adversaries who are not being paid the ransom threaten to expose sensitive data, became an even more lucrative business model. Many organizations had implemented backups to recover from traditional ransomware attacks, but this new approach circumvented that and put additional pressure on them to pay the ransom. This is not an entirely new model, but we saw it become more widespread in 2020. We haven’t seen any decrease of ransomware attacks in 2021, where the largest ransomware demand reached an astonishing $70 million.
Challenges & Trends in Cybersecurity
Challenges in cybersecurity are not solely driven by technology developments but also by trends in our society which include:
- More access to sensitive and confidential data from everywhere with all kinds of private and professional devices.
- Increased cybercrime with more advanced and profitable as cybercriminals work in well-organized networks with mature business models which includes Ransomware-as-a-Service.
- Insecure Internet of Things (IoT) device connected to home or enterprise network which exposes them to the Internet.
- Additional regulations in the areas of data protection and compliance.
- Lack of cybersecurity experts across the globe.
Silicon Valley Outpost & Solution Approaches
Here in Silicon Valley, we see many new solution approaches and it’s evident that cybersecurity is one of the busiest markets with more than 3000 active startups today. Many from the US but also an over proportional number of startups from Israel. Israeli startups generally come to Silicon Valley to be part of the Silicon Valley ecosystem. An ecosystem Swisscom Outpost in Palo Alto is also part of.
In our role as an innovation department, we interact with Venture Capitalists specialized in cybersecurity but also with cybersecurity startups and established cybersecurity vendors. Startups which we sometimes, after evaluation, transfer to Swisscom to become partners and jointly offer on the Swiss market. On the other side, we interact with security departments within Swisscom, such as product management and architects, on current trends and solutions. We also use our local test environment in Silicon Valley to run proof-of-concepts for Swisscom and test security solutions from startups and partner.
The most difficult part of writing an article about cybersecurity today is of course which trends and solutions to choose. I could have written about some of the topics we’ve looked at here in the Outpost such as “Shift Left” in DevSecOps to reduce the number of vulnerabilities in applications. Or supply chain attacks with SolarWinds, an attack vector which has increased in 2021. Or the importance of Managed Detection & Response in the coming years with Extended Detection & Response (XDR). Around Cloud Security, topics include Cloud Security Posture Management (CSPM) or security-as-a-service with Secure Access Service Edge (SASE). Or even the human element with security awareness or cyber ranges for training cybersecurity expert.
Here are some topics I did choose to write about:
- Cloud Security: In this context, we meet security vendors offering security from the cloud, e.g. Firewall-as-a-Service or SASE, but also vendors offering security for the cloud such as protecting data on the cloud service by means of encryption, monitoring for attacks, or continuous verification of vulnerabilities. Another interesting technology is Confidential Computing. The standard today is encryption of “Data at Rest” (on storage media) and “Data in Transfer” (transferred network). With Confidential Computing we can encrypt “Data in Use”. Swisscom offers a secure file transfer based on this technology.
- Breach & Attack Simulation: By regularly testing IT security measures, companies can determine whether the various security measures fulfill their purpose. Large companies invest large sums of money in security products, but still have limited options of knowing whether these products can withstand attacks or are configured correctly. We see more companies like XMCyber that focuses on simulated and automated attacks to remediate such vulnerabilities.
- Zero Trust: The concept was introduced more than a decade ago by market research firm Forrester Research Inc. Instead of trusting all users and devices in the corporate network by default, the assumption is nothing can be trusted. You therefore force every user and every device to authenticate itself continuously. Multiple authentication factors are also used. Security status of the end device, user identity or location, can all contribute, to allow or block a request. There is more to the concept, such as ensuring least privilege access for all users. Zero Trust is an old concept but has proven to be a good security approach in today’s complex IT infrastructure.
- Security Chaos Engineering: This approach is used by companies to improve the reliability and security of a system or IT infrastructure. By causing errors and performing activities to make a system fail on purpose, one can learn how systems react in unexpected situations. Companies such as LinkedIn and Netflix have been creating purposeful chaos in their production environments for years. Resilience approaches, like Security Chaos Engineering, has become mainstream which was made apparent at the RSA conference, the largest security conference globally.
These are some examples of trends and approaches Swisscom Outpost has identified. But one thing is for sure, the trends around how we access and manage data will increase cybersecurity risks and we need a new mindset and new approaches in order to successfully protect critical data and business processes.
Please don’t hesitate to reach out if you have any questions about the topics above or if you want more information about the startups we are looking at.
Marcus Dahlén, VP Outpost Services, VP Cyber Security @ Swisscom Outpost, Palo Alto, California, US (LinkedIn)