AEP Networks: Cloud security should be a priority
Each week we ask high-profile technology decision-makers three questions.
AEP Networks specialise in providing high-end IT security for companies and organisations dealing with extremely sensitive and confidential data.
As more and more executives and employees around the world put greater demands on using their own preferred devices, providing watertight security has never before been such a vast undertaking.
AEP Networks' Chief Technology Officer Mark Darvill told the BBC about how his industry is evolving rapidly.
What's your biggest technology problem right now?
We're finding that it's very tricky to manage the balance of consumerisation of IT in the workplace, while still addressing high-profile attacks such as the DuQu attack and Stuxnet before that.
We're having to develop products that can secure mission critical networks for governments, defence and critical national infrastructure.
We can't forget that it's often the user within the company or organisation who dictates how they access data and on what device, often to the dismay of the IT director.
One of our biggest technology challenges I guess now is developing clients that sit on PCs or tablets that allow access to corporate data from any device, anywhere in the world - and to do that in a very secure way.
What it really means is devices such as home PCs, tablets are all secured in a similar way to allow users to access data and applications, but while still adhering very strictly to the company's security policy.
The users really dictate their own IT policies in terms of what they're using. It's quite common now for board directors to come in with tablet PCs or even use home PCs to connect in.
I guess that one of the issues is that from a corporate perspective you have to maintain security across all of those devices - even though the company probably doesn't own at a lot of the devices that are connecting to use the network.
It's trying to keep one step ahead of people's behaviours around their access requirements. It's permanently changing. As new devices come on the market, people see different ways to do things.
If you've got a tablet PC, for instance, we would allow a user to connect into a network securely, run applications that they're used to, ensuring that any data created is left in the security of the data centre or the cloud. Which means that if they lose that device there's nothing on that device for anybody to intercept or read.
What's the next big tech thing in your industry?
It's trying to secure organisations and secure the transmissions of data.
The cloud we see as a big developing set of technologies used by a lot of companies.
Initially it's viewed as a way to reduce IT spend by pushing data and applications into either private or public virtualised environments, but the big point about that is it means the security of the cloud itself becomes the issue.
It's creating a challenge. In terms of the operational nature of data centres, it looks as if it's the answer to all evils - but it does create its own security challenges.
If you think about government clouds, when they start to be developed, you're talking about confidential data sitting in government data centres. They absolutely need to know where that data is and who's touched it. Those are the types of technologies that we're developing.
We've got cloud technologies which are very much around putting applications and data into either private or public clouds, and then we've obviously got this continuing threat around secure transmission of data and encryption.
It's about developing technology to ramp up those security measures used by organisations to deal with the more persistent and sophisticated cyber threats that we're seeing from international cybercrime.
What's the biggest technology mistake you've ever made - either at work or in your own life?
I have to cast my mind back a little bit!
I used to work for a now non-existent US computer manufacturer. We decided, in our wisdom, that we would create a set of products that would allow our customers to build OSI networks - which was an open, standards-based networking protocol.
We believed, I think, that it would probably supersede the TCP/IP which was the protocol being built around the internet at the time, and obviously is part of the internet today.
We built a set of products and we assumed that the rest of the world would adopt that OSI technology. It started coming home when we had to start bridging our networks into the network, and in turn the internet across our OSI networks. It became quite a mess.
I think it's very good example of not being market led, but trying to lead the world through some sort of purist technological view.
You look back and shudder. Five or six years worth of effort and it was like the tide coming in.