This Week in Enterprise Tech 523 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Louis Maresca (00:00:00):
On this week in Enterprise Tech, we have Mr. Brian Cheen. Mr. Curtis Franklin, back on the show now. 5G Network Slicing holds a number of security concerns for organizations, and we talk with Emmanuelle Rivet of PWC about the metaverse and just where it might impact the industry. And near future definitely should miss it. It's why on the set

Announcer (00:00:23):
Podcasts you love from people you trust. This is twit twi.

Louis Maresca (00:00:35):
This is twt this weekend, enterprise Tech. Episode 5 23, recorded December 16th, 2022. Blockchain to the Metaverse. This episode of this week, enterprise Tech is brought to you by Cisco, orchestrated by the experts at cdw. When you need to get more out of your technology, Cisco makes hybrid work possible. CDW makes it powerful. Learn more at and by code comments and original podcast Red Hat that lets you listen in on two experienced technologies as they describe their building process and what they've learned from their experiences. Search for code comments, your podcast player. And by thanks Canary. Detect attackers on your network while avoiding irritating false alarms. Get the alerts that matter 10% off on a 60 day money back guarantee. Go to Canary. Do tools slash twit enter the code twit and the hat to hear about us box.

Welcome towt this week in enterprise tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek just wants to know how this world's connected. I'm your host, Lewis Varek, your guy through this big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals and the expert starting the very own Mr. Brian Chi, he's net architect at Sky Fiber Network expert all around Tech Geek Sheer. It's great to see you, my friends. Been a couple weeks how you been, what's been keeping you busy?

Brian Chee (00:02:08):
Actually, Curtis and I are, have both been doing setup for holiday matsuri over at the Marriott. It is, think of a holiday themed anime con anime costume play conference. Lots of really, really cool costumes and interesting personalities and so forth and so on. And in honor of our guest today Ms. Emmanuellele Rivet. I have good old Remi here. I took some of my students to Disney and we had a great time at Remy's Kitchen ride or whatever they really call it. And gorged myself on really good French cheese fromage. And I think I have a deal with one of the chefs there to go and get him some really good Hawaiian sea salt for him to tinker with.

Louis Maresca (00:03:09):
Very cool. There you go. I was a little jealous of the the pictures from the Star Wars land or whatever they call it. I, I've never been there and I always wanted to go. So you had, you had a good time with with all the different parts.

Brian Chee (00:03:20):
Oh, yeah. The only problem is voided my feet hurt <laugh>

Louis Maresca (00:03:26):
<Laugh>. Yeah.

Brian Chee (00:03:28):
But the cool thing is, is you, you live on the Eastern corridor, so now getting you and your brood to Disney World isn't as hard as you'd think. True. And they've got some new trains that are gonna be coming out very soon. True, true. You know, obviously we're not gonna be able to give your competition, but at least maybe the American trains will be better than what has been.

Louis Maresca (00:03:55):
Hopefully. Cross my fingers. Well, we also have to welcome back our senior analyst at imd. He's the man with the pulse of the enterprise and he's Mr. Curtis Franklin. Curtis, how are you, my friend? Are you all set for the holidays?

Curtis Franklin (00:04:09):
We're getting there. We're getting there. Had some doctor's appointments, been going off doing various things. As Brian said we were very late last night setting up holiday Matsuri. My dear wife Carol is there now with a bunch of folks from Maker Effects. I'm trying to get a lot of things published in the system before the end of the year, and I've been playing with something special. And in terms of, of getting things ready to write. You know, I have probably have a dozen different keyboards here in my office. I am forever searching for the ultimate keyboard. I learned to type back in the days of manual typewriter, and I tend to type from the elbow. So I, I'm hard on keyboards. I've been trying out a new one that's an enterprise class keyboard mm-hmm. <Affirmative>,

But here it is. It's from a company called Wombat. And this is the Wombat Pine Pro. They have different keyboards named after different trees. They've got the wombat, ginkgo and the wombat maple. But the Pine Pro is set up for pros. I've got mine with cherry brown keys. They're mechanical switch keys. And that's a, a nice one for me because I like the tactile feedback. But my dear wife likes not hearing clicks that echo through the entire length of the house. So the, you know, the browns are a good compromise. I've been pounding on this thing for a couple of weeks now, and I'm, I'm really quite impressed. It's full size. It's got the numeric key keypad on the end. It's wireless and it will work either through Bluetooth or they have one of the little plug-in Dons that you can, can use.

 It's easy to deploy, very customizable. And for an enterprise looking for keyboards that will keep people happy. I like the fact that it's a very easily deployable keyboard. So like I said, that's the the Wombat Pine Pro that I've been playing with. Very pleased with it. And it's the one, I'm not using it while up on the air because it does produce soon clicking. And our td Mr. Ant will, will yell in my ear if I, if I use the clicky keyboard. There is the man way behind the cameras. But in all other circumstances, it's become my go-to. Very impressive. And you know, feel free to give 'em a try. Cause like I said, I, I'm, I like this. They do offer it in the Reds as well. Mm-Hmm. <affirmative>. So you have your choice between cherry browns and Cherry Reds. But so far I'm, I'm very happy with this thing. And looking forward to creating thousands and thousands more words on it in the weeks to come.

Louis Maresca (00:07:24):
Chris, I do have to admit, I, I have a little bit of a keyboard problem, so you should have showed me that. I might might actually have to get another keyboard and, and try it out. Cause I'm always looking for that perfect mechanical keyboard. Does it, is able to offer more than one PC too. Like, can you do it more than one machine?

Curtis Franklin (00:07:41):
You can do more than one machine. And it works both with PCs and Max. And it's got a bunch of customization. Like I said, it, it's, it's highly customizable, and yet it doesn't go to the, I mean, you can't do various colored lights under it and all that. It's, it's, it is a professional keyboard. So I, for my disco evenings of typing, I've gotta look somewhere else. But but this, this is it. Yep. An went and found the the Wombat site. So it comes and it even includes things like a keyboard, puller in the package. And good instructions. The documentation is good. So far I'm, I'm really impressed by this thing.

Louis Maresca (00:08:31):
Very cool. Very cool. Thanks for showing me another thing that I have to go and get. Appreciate that

Curtis Franklin (00:08:36):
Curtis. I do what I can to bust your budget.

Louis Maresca (00:08:40):
<Laugh>. Thank you guys. Well, it's great in having you, everyone here. We definitely should get started cuz we have a lot to talk about in the enterprise this week. Now 5G is always on in the news, in the network. Mostly people due to the, to their disappointments in the F 5g. However, there's some things looming around it, and that's 5G network slicing. The question is, could it be a security risk? The Fed State? Definitely think so. We'll talk about that. Plus today we have Emmanuellele Rivet of PWC from Australia's biggest professional services firm. We're gonna talk about the metaverse and just how prepared your organization should be as you think about pivoting towards virtual. So you definitely should stick around lots to talk about here. But first, like we always do, we have to talk about some enterprise tech news blips this week.

Now this, this gov article talks about how the S shawan hash function has been widely used for over two decades after its introduction in 1995. Now its initials stand for Secure Hash Algorithm and have been used by the federal Information processing standard for the entire period of that time. Now, shawan is a building block for many security applications, such as validating websites. You may have heard of that. Now that means when you load a website, you can trust it that it's actually purported or from its source, it's genuine from its source. However, it's not without some flaws. That's right. A theoretical C collision attack was first proposed in 2004. Now due to its high complexity, it was I not implemented in practice until 2017 using a large GPU cluster. Now, most recently, an almost practical or more practical chosen prefixed collision attack against shall one has been proposed.

Now, there is more powerful attacks that allows the creation of colliding messages with two arbitrary fee prefixes, which has threatened the real world use of any of those protocols. Now, today's powerful computers can create fraudulent messages that result in the same hash as the original, potentially compromising the authentic message. While it's time for you to part ways with shot one, because it has reached the end of its life, according to NIST or the National Institute of Standards and Technology, it will stop using s sh one and its remaining specified protocols by December 31st, 2030. So it sounds like you have a little bit of a time here. Now, what does that mean for you? Well, there are some options out there like s sh two that's using the Merkel dime guard structures, which have several variants, including the 2 56 bit hash. There's also the Shaw three, which is actually uses ACK sponge functions and has numerous options including 2 56, 3 84, and five 12 bit, which actually offers a little bit more performance as well. Now, do yourself and your organization a favor and take yourself out of harm's way as soon as you can by updating your cert. It can be a challenge sometimes, and it requires some planning to not interrupt your services, but still in the end, it'll allow you to focus more time and energy on more complex attack vectors.

Curtis Franklin (00:11:29):
Well, most of the time when we think of cybersecurity and physical or real world security, we think of them as two very different things. When one crosses over into the other, though, the impact can be multiplied in some really terrible ways. An article this week on dark reading detailed some of the ways in which state sponsored a p t group charming kitten, also known as TA 4 53, which has been linked to Iran's Islamic Revolutionary Guard Corps, has updated its fishing techniques and added real world operations like kidnapping to its portfolio. Charming gitten has been tracked since 2020, but has recently been using a new methods and targeting different targets that in the past, in the latest campaigns, researchers from Proofpoint have observed more aggressive activity, which could be used to support attempted kinetic operations. From the Revolutionary Guard in kinetic operations is code for things like murder, for hire and kidnapping.

As evidence of the new campaigns, researchers point to a campaign in 2021 in which TA 4 53 spoofed two scholars at the University of London to try and gain access to email inboxes belonging to journalists, think tank, think tank personnel, academics, and others. In August of this year, Google researchers said the group had started employing a data theft tool targeting Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials. Now, the information gained from these accounts could be used for location tracking and more. And let's say now that the Revolutionary Guard is known for using location tracking and other tactics to find dissidents. Now earlier, charming kitten email campaigns almost always targeted academics, researchers, diplomats, dissidents, journalists, human rights activists. These Newt campaigns tend to start with weeks of very innocuous conversations on accounts created by the actors before they launched the actual attack. And the new campaigns have targeted specific researchers in the medical field, an aerospace engineer, a real estate agent, and travel agents among others. Now, Proofpoint has said it could state with moderate confidence that the more aggressive activity could represent collaboration with another branch of the Iranian state, including the I R G C KUDs force, which carries out physical operations. If your business or research includes activities in the Middle East, be careful out there. And I would say raise your paranoia level when it comes to email texts and other communications from anyone or any group you don't know very, very well.

Brian Chee (00:14:23):
Well, I think the soundtrack for this m i t news article should be the James Bond theme, because they're talking about extracting audio from visual information. And well, let's go into the story. Researchers at M I T, Microsoft and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing a minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato chip bag, photographed from 15 feet away through soundproof glass. In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year's C graph. The Premier Computer Graphics Conference quote, when sound hits an object, it causes the object to vibrate, says Abe Davis, a graduate student, an electrical engineering computer science at m i t and first author on the new paper.

The motion of this vibration creates a very subtle visual signal that's usually invisible to the naked eye. People don't realize that this information was there all along. Well. Joining Davis on the CIG graph paper are Fredo Duran and Bill Freeman, both m i t professors of computer Science and engineering. Neil Wawa, a graduate student in Freeman's Group, Neil Ru, Michael Rubenstein of Microsoft Research who did his PhD with Freeman and Gotham Maso of Adobe Research. Well, the gist is you need a high speed camera running so you can get enough frames per second. Going back to the audio, however, the team also was able to use, utilize a quirk in some typical commodity cameras to extrapolate enough information for a lower fidelity version, even using a 60 frame per second camera. Now, I, I'm going to have a real quick sidebar here. M i t media Lab is also the group that had a person that created a really, really interesting set of algorithms that are very much in use by police departments all around the world using regular video, they can actually overlay each frame to create additional resolution so that even on poor or, or, you know, even on poor video, you can still bring out detail enough to be able to read license plates.

So anyway, all this is pretty cool. And yet, another reason why high security conference rooms are boxes inside buildings. And I gotta imagine this trick is going to show up as a gadget from the Q branch in a future bond movie.

Louis Maresca (00:17:21):
Cybersecurity programs, especially ones run by government agencies are supposed to be used to get ahead of the bad guys, right? Well, what if the bad guys also use them to make everyone think they were behind? Well, according to this Krebs on, I'm sorry, curbs on security article in regard, a program run by the US Federal Bureau of Investigations to build cyber and physical threat information sharing partnerships with the private sector this week saw it's database of contact information on more than more than 80,000 members go up, up for sale on an English language cybercrime firm, a forum. At the same time, the same hackers responsible also set up shop within an account on the info guard portal, posing as a financial industry c e o, vetted by the F B I. That's right, if you aren't familiar with Breached, it's a relatively new cybercrime forum used by threat actors.

Now, the Breach Forum is wildly considered the second incarnation of RAID forums. However, this past week, it dropped bomb on its users when someone posted the user database for InfraGuard, including names and contact information for tens and of thousands of InfraGuard members. Infraguard connects critical infrastructure owners, operators to stakeholders with the F to provide education, networking and information sharing on security threats and risks. Well, not anymore, who knows what kind of other false information has been disseminated throughout it. You may be wondering how did they get into the program while the users selling the account information spilled the beans to curb or to kreb, they use the social security number and other personal data of financial companies, c e o to set up shop as a new account. That's right. They just used their information. They asked, they're actually asking for $50,000 for the data and the way they actually siphon the data as they used a Python script to access the api, I once they had an account.

Now what this brings to mind is the fact that the b I had a poor vetting system here in place for the members of the program. In fact, the actual c e o, which the hacker impersonated admitted, they actually never were contacted by the FBI about the program or the account. Right. After all that has me wondering, are these programs to actually help security professionals or are they more for show? Well, folks that does it for the blips, next up the bites 5G network slicing might just have some security holes. We'll definitely talk about that. But before we do, we do have to thank a really great sponsor of this weekend enterprise tech, and that's Cisco orchestrated by the experts at C D W, the helpful people at C D W understand that hybrid work continues to evolve and that your organization must evolve with it to succeed with so many options to collaborate remotely, you need a strong and consistent network to empower your workforce and keep them together.

Now, consider Cisco hybrid work solution design and manage by C D W experts to deliver the same quality network experience to all of your offices, even your satellite ones, connecting your team from pretty much anywhere. Because Cisco networking keeps things flowing smoothly and securely with embedded security compliance and multi-factor authentication that protects collaboration among your spread out team. With real-time visibility into distributed applications, security, user and service performance, you get better line of sight into how your network is operating and how better to grow your organization. And Cisco networking levels, the playing field, providing access to flexible high-end collaborative experiences that create an inclusive work environment. When you need to get more out of your technology, Cisco makes hybrid work possible. CDW makes it powerful. Learn more at And we thank Cisco orchestrated by the experts at CDW for their support of this week and enterprise tech.

Well, folks, it's time for the bites. Now, con 5G is, you know, it's constantly in the news. Now, whether it's telecoms bragging about the new speeds or that they might have a home internet replacement for you, but there's not much talk about the downsides of it. Well, according to this dark reading article, a work group pulled together by the US National Security Agency has issued a report outlining the cybersecurity threats related to the mobile broadband 5G network slicing. If you aren't familiar with network slicing, it's essentially allows operators to bring together several network attributes or components potentially across multiple operators that support specific applications or services for 5G users. Now, each slice of the network can have its own logical topology security rules and performance characteristics. Now, that's where the weakness actually lies, although it adds to the flexibility of everything. It also creates a large surface area of threat capabilities in both in its policies and its standards as well as supply chain. And more. Now to talk more about the practical applications here, the potential threats, this also includes the now of service attacks, which I isn't great here, as well as man in the middle attacks, also configuration attacks. Well, I'm gonna, I bring my co-host back in because I think this is a big topic in, in just in general around networking cheaper. I wanna throw this to you first. Now, n network slicing isn't a new thing, right? It's, it's been around for a while. What makes it so significant from a 5G perspective?

Brian Chee (00:22:37):
Okay, so first off, network slicing is just a new name. It's the ba the ba, you know, it's really just V VLANs. They're calling my spin is, they're calling it network slicing so that we don't use VLAN for this particular technology. It's a kissing cousin to what's commonly available in the SD WAN world where you can basically label things just like a V A N and have the hardware and firmware obviously segment things off. So the idea is that, you know, if you, if you don't have permissions, you don't get access to it. Now, here's the issue, and this is why the NSA's trying to raise a flag saying, oh, excuse me, pay attention here. A vlan or in this case, the slice is all traffic on the same pipe. It's just labeled differently. You know, think of it as a single line train track that happens to have lots and lots of freight cars on it, and the freight cars have, you know, different, you know, groupings.

So grouping number one might go to vendor A, grouping number two might go to vendor C and grouping number 30 might go to vendor 15. You know, it's just a way of sorting things. So here's, here's why the NSA's raising the flag, because it's still a single line train track. If you can see that train track, in theory, if you're running a sniffer, you can look at all the packets, it doesn't matter. Now, the way you solve this is one of the tricks we did and for a lot of trade shows is we would aggregate only back in a trusted area, you know, back in a data center, move things around, and then when we get to the edge, we'd break it out so that only a single V L A N appears on a single port as untagged. So we h we actually hide the tag numbers from the general public.

 You know, slicing is great, slicing is wonderful. You can do lots of things like being able to have, instead of having data, say going from your delivery trucks, having to go all the way across country, hit your AP n then go all the way back across the country to a data center that might only be a mile away from that delivery agent. Sounds inefficient, doesn't it? Well, by doing the slicing game and having the labels exposed earlier, it allows you to peel them off locally so that we have less roundtrip, more efficiency and so forth. But like I said when I started this ramble if someone can see that single line train track, in theory, if they have a promiscuous mode driver for their network interface of whatever you should be able to see everything on that single track. So beware.

Louis Maresca (00:26:00):
So bring it up. A good point, Kurt, I just wanna throw this to you because, you know, it sounds like to me with the way that, especially that Ji Burt described it, it's essentially maybe the way the network operators are actually implementing or setting this up, could it be if they really do isolate things more physically, maybe to different radio networks or whatnot, they would have less of a risk here and that organizations would be able to feel a little bit more comfortable with this, with cut the set of things?

Curtis Franklin (00:26:26):
Well, the real problem is what you just described is a recipe for lowering revenue from 5g. And I will give you one guess as to the odds of that happening. Because what, what we have with 5G is a regulated resource, the frequencies, the bits of spectrum that are used, and what the carriers have done is figure out a way to maximize the use of that spectrum. In the same way that with voice calls over wireless, they're basically selling the same resource thousands of times using time slicing. They found ways that they can, using a, a knowledge of the way the spectrum is used, sell it more ways. The reason that this is critical for the enterprise is that 5G is being used to an extent that 3g, 4G LTE were not as private networks by enterprises of the use of cell as a privately run network is on the rise.

And so now you have the opportunity for sophisticated threat actors to, as Brian said, hop on the the track and just watch every car that goes by when they see one that they like, they can set about sniffing it. Now, you'll hear the carriers talk about all kinds of fabulous encryption that no one could ever decrypt these messages. And by the way, it's illegal. Well, you know, if they were disturbed by it being illegal, they wouldn't be bad guys. And the perfect encryption algorithm doesn't really exist yet. There are good ones. But as the processing plants available, two threat actors get more capable. The ability to brute force and programmatically get in and find keys goes up. So this is a significant issue. It's not gonna go away because as I said, getting rid of it or changing it dramatically would also have an impact on the revenue stream for the carriers. So customers have to start looking at adding their protection through process technology or procedure in order to keep their transmission going out over 5G safe.

Brian Chee (00:29:33):
So I think I wanna follow on, so I'm gonna ask you at, to bring up a url, I found a really good article from the folks, I think it's called Red Scan dot com. Yeah, there we go. I'm mentioning this more mostly cuz I want to want it to get into the show notes, but a lot of folks are under the improper perception that VLANs are secure. It's like, no, they're not. It's good that you're separating your traffic out. That's a very good first step. But like I said, it's a single train track and it's something that you, if someone, say for instance, I, I've known of several people say, I don't wanna have to keep provisioning my switches. I want I want them to just, you know, make a change in the software, you know, and grab onto the different VLANs.

So I don't wanna have to make ch blah, blah, blah wine, wine, wine. No <laugh>, when you throw a lot of different VLANs, they're called, you know, tagged trunks so that someone at a desktop can just change their VLAN tag and switch networks. That might sound really convenient, but from a security standpoint, that is a disaster waiting to happen because when you start doing, you know, looking at a lot of console systems for security and so forth, where people show up is usually done via v a s. Not everybody uses the CDR information CDN information like total view from path solutions. So sometimes being on a different V L A will trigger an alert that you're in a building that you're not really in anyway. So there's a lot of things. So that quick trick that I mentioned where I'll only use trunks when I have to cross WANs and things like that, when I have a trusted link, I'll usually send it through a bulk encrypt of some sort.

And obviously I'm not gonna use Shaw one. It's, it's dead <laugh>. But I'll, when it finally gets to the edge, a lot of these attacks that we, you know, that t's scrolling through for me, thank you Mr. Ant. these really aren't as effective at getting access to someone else's information. When you don't use tags, when you break everything apart behind the scenes and drop the data onto the physical port at the edge without any tags, it doesn't allow anyone to, you know, do a lot of different things. Now obviously, if someone's got a sophisticated piece of hack wear using the c d P protocol and things like that means you're attacking the switch itself. Can't help you there. Patch, patch and update as fast as you can. Test it, deploy, test it, deploy. There's a lot of things that can be done, but not exposing your corporate tags out at the edge, especially if it's in a public area or semi-public area, just sounds like a really good plan. Especially you folks in finance. Your people are going to go crazy if you have a trunk out in a public area. So try not to do that. But you know what, I've had enough of soapboxing, I think it's time to go back to Mr. Lou.

Louis Maresca (00:33:16):
Thank you very much Mr. Scheiber. Well you know, I wanna get to my favorite part of the show, which is the guests. So let's, let's close the bites up for now. But before we get there, we do have like another great sponsor of this week at Enterprise Tech. And that's Code Comments, an original podcast from Red Hat. Now, you know, when you're working on a project and you, you leave behind those small little reminders in the code. That's right. A code comment, you know, to help others learn from your work. Well, this podcast takes that idea by letting you listen in on two experienced technologies as they describe their building process. And there's a lot of work required to bring a project from a whiteboard to development, and none of us can do it alone. Well, the host Burr Sutter, these, the Red Hatter and a lifelong developer advocate and a community organizer.

And in each episode verse sits down with experienced technologies from across the industry to trade stories and talk about what they've learned from their experiences. Now, the cool thing about this podcast is it brings the real world experts to you to provide tools and techniques that apply to your scenarios. In fact, there's the deep learning episode that brings you toolkits and tools to help reduce that barrier of entry for your organization and also get rid of all of that noise and get you there. Fast episodes are available anywhere you listen to your podcast. And at Red comments podcast, search for code comments in your podcast player will also include a link in the show notes. My thanks to Code comments, those support of this week in enterprise tech. Well, folks, it's my favorite part of the show. We actually get to bring a guest to drop some knowledge on the TW riot today. We have a menu, ve of p Wsc, austra's biggest professional services firm. Welcome to the show menu.

Emmanuelle Rivet (00:34:57):
Hey, thanks so much, Lou. Thanks for having me.

Louis Maresca (00:34:59):
Absolutely. Now, before we get to talking about the Metaverse, cause there's lots to talk about there. Our audience loves to hear people's origin stories. Can you maybe take us through a journey through tech and where it brought you to PWC?

Emmanuelle Rivet (00:35:12):
All right, well, so that's, that's a tricky question, particularly for a Friday afternoon, but look, I think I so I, as you can probably hear, I started my career with PWC in France, and then I moved to the US right around 1999. So I got immediately plunged into boom. And it's a immediate burst. So I think, you know, I, I got to experience tech, the hardware perhaps, but I also got drawn into the, the, the pace of the, of the sector. And then obviously I'm someone who is very curious, always ready to say yes to any new adventure and learn about new things. So that's kind of how I, I ended up in ti Silicon Valley and, you know, now been here for almost 23 years.

Louis Maresca (00:36:02):
Wow. Wow. Now, PWC, obviously, they, they offer a lot of different solutions to a lot of different organizations out there. And one thing that we're hearing a lot about, especially from a remote workforce perspective, is the fact that they like the concept of the metaverse and the fact that it has more immersive experiences, the ability to create a community and really offer more connection there. Can you, can we, can you maybe take us through from a, from a enterprise perspective, what organizations are really trying to target when it comes to Metaverse?

Emmanuelle Rivet (00:36:33):
Right. Yeah, no, thanks for your question. And and there are different things that Enterprise are currently experimenting and trying to achieve with the Metaverse, right? They're, they're trying to experiment with the metaverse when it comes to the workforce experience and how they engage the workforce in a different way. They're trying to use the metaverse for connecting with their customers and engaging their communities in all different ways. There we're starting to see a lot more application around the metaverse with respect to how company may do process simulation and therefore process optimization efficiently. And then ultimately, I think there will be this expected use of the metaverse for delivering your product and services right in is 3D connected environments.

Louis Maresca (00:37:22):
Yeah, we, we hear a lot about, you know, obviously meta, the company Meta is doing a lot of work here and, and obviously they talk more about it from the consumer scenario perspective, but I hear a lot about how organizations kind of want the ability to transcend both business and consumer scenarios. They want to be able to offer applications and services that kind of spread across both consumer and business. And do you see that, that targeting from, from like a services perspective? Like if an organization wants to put out their I don't know, a guide to their you know, maybe how to repair something or whatnot, they want to be able to offer that to both professional services as well as to consumers? Or are they, are you seeing more target on the business side?

Emmanuelle Rivet (00:38:07):
I think so, that's a good question, right? Because since we're still in the early stages of the metaverse, there's different experimentation going on. And so we're seeing a little bit of everything and as we actually very often tell our clients, it's just a matter of what is, what are you trying to solve, right? From a broader business standpoint, and then is that technology the right answer and how can it be used to try to address it? But to your point, yeah, there, there is a lot of internal use of the metaverse for training and experience. And when we say Metaverse, right, since it's very much evolving, there's like building blocks like VR et cetera, that's used for training when it's used again internally metaverse environment for employee connectivity and, and onboarding. And when it comes to external use of the metaverse, again, it's more for delivering product and services ultimately. But for now it's kind of, you know, engaging with customers and trying different different experiences.

Louis Maresca (00:39:08):
The one thing you hear a lot about you know, I I I'll read a lot of articles in regards to Metaverse being kind of synonymous with Web 3.0 and blockchain. What, what's the integration there?

Emmanuelle Rivet (00:39:20):
Yeah, I laugh cuz I think we <laugh>, this is probably not one day that passes or at least one week maybe where we don't have that, that discussion internally and with others cuz we're kind of connected to to a bit of an ecosystem that's close to that space. And so I'll give you my interpretation cuz cause it's just against, it's an evolving space. You have different different views on this, but I would say the Metaverse really represent those 3d highly immersive connected world, right? And Web three is more the blockchain based internet connected this internet blockchain based infrastructure with a set of protocol for decentralization and governance that really is gonna be what could, but Metaverse could leave separate from internet to, from web three. But in my mind, where they both overlap is when web three really support transactions in the metaverse. And I hope it made sense to you, cuz I know we have that debate very often.

Louis Maresca (00:40:34):
Yeah, I think it, it's interesting because I think, you know, it, a lot of organizations they want to bring the concept of, you know, this kind of decentralized mechanism not having a central location, but they still want the ability to have this immersive community and the experience. And I think it, it sometimes almost kind of butts heads to the scenarios that they want, but it's pretty interesting to see how they, how things are integrated along the way. Now when it comes to Metaverse you know, we, we hear a lot about the fact that there's obviously, there's some security risks that go along with it as well. You know, making sure that you're securing things. What, what are some of the things that organizations should, should kind of focus on when they're, when they're thinking about security and trust and so on? When the metaverse

Emmanuelle Rivet (00:41:21):
Yeah, I think you're heading right to to the, the, the, the core of the challenges, right? Like with any new technology and the metaverse is almost like a culmination is actually a culmination of technologies that are still evolving, right? So as within new technology, you have tremendous opportunities, but you also have a number of, of risks that you need to be mindful of. And you mentioned security and it's actually spot on actually. We did back this summer a survey of about the thousand executives and they told us what they were the most concerned about with their metaverse plan was cybersecurity, privacy authentication of identity, and also, quite candidly the regulatory uncertainty. Cuz it's obviously a space that's not yet regulated.

Louis Maresca (00:42:12):
Yeah, I think the interesting that you brought up identity because I think we, we, we hear a lot about the fact that now you're creating kind of like a digital twin of you and yourself and your identity, and you're using that as your identity in these new spaces. Is this, is this kind of throwing organizations a little bit for a loop and, and, and they're worried about how they're gonna keep that you know, secure and ensure that they're focused on policy and so on as they get into this space.

Emmanuelle Rivet (00:42:39):
Yeah, I, I absolutely agree with you. I mean that's, that's, that's a critical topic and obviously it's a different level, right? Because there is, if you use the Metaverse in a fairly closed, you know, environment for your own employee, or if you try to experiment with like more open, you know, publicly available metaverse environments, then it's another level of, of challenges. But I I I'm with you that the, the, the key is identify the risks, see how you can mitigate it if there are traditional means that you can leverage to mitigate that risk or if there is new things you need to think about, right? And cer certainly for authentication of identity even in identity, right? I have had discussions with folks in HR or wondering like, do they need to have a policy for how employees show up in the metaverse, right? The way you used to have, you know, dress codes for the physical workplace,

Louis Maresca (00:43:39):
Right? Well, we have lots more to talk about about the metaverse and I do wanna bring my co-host back in, but before we do, we do have to thank another great sponsor of this week in enterprise tech and that's thanks to Canary. Now, tons of security products would be useful. Only you changed everything you did and made them the center of universe. This never happens. So they have to sit half deployed forever. Well, think Canary doesn't try to monopolize your time or dominate your thinking, deploy your birds and forget about them all together. Now Canary will remain silent until you need them the most because thousands of ignored alerts help nobody, right? While attackers prowling a target network. Look for juicy content. That's right. They browse active directory for file servers and explore file shares looking for documents. They try default passwords against network devices and web services and scan for open services across the network.

When they encounter a thanks Canary, the services on offer are designed to solicit further investigation. That's right. At which point they've actually betrayed themselves and your canary notifies you of the incident. The order configure and deploy your canaries throughout your network is can be hardware, virtual or cloud-based birds. Make one Windows file server, another a router, throw in a few Linux web servers in there as well. While you're at it, each one hosts realistic services and looks and acts like it's namesake. Then you wait. Who thinks Canaries run silently in the background waiting for intruders plus setting yourself up is easy. That's right. Each customer gets their own hosted management console with which allows you to configure settings, manage your think canaries and handle events. Your think Canaries constantly report in and provide an up to the minute report on their status. But this is isn't another pane of glass that you need to monitor constantly.

But even customers with hundreds of canaries received just a handful of events per year. Or when an incident occurs, Vince Canary will alert you via email, text message, slack notification, web hook, or even the old-fashioned syslog. That's right, most companies discover it, they've been breached way too late. Things Canaries fixes this. Just three minutes of setup, no ongoing overhead and nearly zero false positives. And you can detect attackers long before they dig in. It's no wonder why things canaries, hardware, VM, and cloud-based canaries are deployed and loved on all seven continents. Visit and for just $7,500 per year, you'll get five Canaries, your own hosted console upgrade support and maintenance. If you use Code Twit and the how here Red Box, you'll get 10% off the price for life. We know you'll love your things Canaries, but if you're not happy, you can always return your Canaries with their two month money back guarantee for a full refund. That's and enter the code twit and the hat you hear about us box. And we thank thanks Canary for their support of this week in enterprise tech. Well folks, we've been talking with ve from PWC about the Metaverse, but I do wanna bring my co-host back in because I'm sure they have tons of questions here. Cheaper. I wanna throw this over to you first.

Brian Chee (00:46:54):
Well, I would be remiss if I didn't ask the question that I know the viewers are gonna want to ask. And it's when Neil Stevenson published his book Snow Crash and oh by the way, coined the word metaverse. It set some, shall we say, interesting expectations and there has been a effort at what was, let's call it Metaverse 0.1, and that was called Second Life. Lots of people have said that Second Life well didn't even have a chance because Snow Crash raised such unbelievable expectations. Well now we have a little bit that went the other direction. We have Minecraft people making virtual Taj Mahals. So here's, here's where it actually gets to a question. I put Metaverse efforts into two categories. One, a representation that doesn't necessarily have to represent reality. You know, where you are the perfect version of yourself, so to speak because we don't care.

I think that's kind of what Google is doing with their virtual meeting rooms. Then there's the other side of the coin where you're trying to render the real world as accurately as possible for things like good example, Naval Architects where they want to represent the changes in a ship remodel or something, and the owners or potential owners wanna walk around to make sure there's enough elbow room and things like that. So the question for you is, since your customers are actually starting to ask and have conversations about implementing the metaverse for their line of business, which side of the coin are people actually asking about? Do they want a real world representation or do is a comic book good enough?

Emmanuelle Rivet (00:48:57):
T Yeah well it, so it's great question. It actually depends on, I feel like auditors always say like, depends, and consultants always say depends. But it's true because it really deep, it's really depending on what your, so first what you're trying to achieve when you use the metaverse and then kind of almost at even a higher level what industry you are in, right? Because if you are in the entertainment and media business, likely you want this fantasy world. And particularly if it's for your to engage with your customers. If you are in financial services and you are trying to appeal to the next generation of, of customers who needs to understand what financial services are and are actually curious at an earlier age about financial education, then you want to bring them in an environment that yes, might be a little bit gamified so that you kind of engage with them, but also an environment that's gonna, you know, look and feel a lot more real so that they, they can relate to it, they can really trust what a potential avatar like advisor is gonna, is gonna tell them, right?

So, and I think the more mature metaverse avatars technology is gonna go, the more barriers to entry by business are gonna be removed because we're gonna move away from that gamification fantasy world, which still has a world as a, as a place to play. But but, but very much for professional services, for example, as you mentioned, right? The more avatars and environment are gonna look real the more I think the ability to engage in the willingness to engage is gonna, is gonna increase and barriers to entries and adoptions are gonna lower.

Brian Chee (00:50:53):
So one of the comments from a survey, which will def definitely plug, is your organization described the metaverse as an evolution, not a revolution, which I think is a really great way to set expectations. So what I'd like you to do is what did you folks ask in that survey that became a report?

Emmanuelle Rivet (00:51:20):
Actually, we ask a lot of questions in that survey, but certainly first we ask both consumers and enterprises what their understanding of the metaverse was, which actually was interesting. Cause the enterprise world was, or seemed to be at least or said to be a lot more on top of the metaverse than perhaps a consumer world where I think it was 82, 80 3% of the executives inquired, said they expect Metaverse plan to be part of their business activities in the next three years. And then on the other hand, 44% of the consumers we inquired said they never heard about the Metaverse, right? So, so we asked those two groups to see and contrast what their, what their understanding was. And then we, we asked about what the, their primary, particularly on the consumer business side, which I'm sure you guys are interested, is we asked what, what would be your first use case or application for the Metaverse? And sure enough, and that's probably why it goes back to dis evolution, right? What's probably more ready and approachable today is vr, a little bit ar but certainly VR and respondents really cited a use of those metaverse 3D environment for training, onboarding, and employee connectivity. And then there was like a, an a fourth highly cited use case, which was customer engagement.

Louis Maresca (00:52:52):
Fantastic, thank you. I do wanna throw this over to Kurt as well. Kurt.

Curtis Franklin (00:53:00):
Thanks very much. I appreciate that. Well, one of the things that, that I'm interested in, we've been talking about basically how we take lots of what are traditionally face-to-face human interactions and move them into the virtual space. I'm much more interested in being able to do things through the metaverse that we can't do in the physical face-to-face world. I think back to the time the first time I wore an Oculus Rift headset was at SAP Sapphire, when I got the chance to walk through a database and look at doing analysis in three dimensions. What kind of, you know, either analytics or design or other things do you see on the horizon through the metaverse you know, things that it makes possible that we can't do, even if we get together over a tabletop and talk,

Emmanuelle Rivet (00:54:10):
Right? Yeah. So, so this is where it gets a little bit into early stage experiments and use cases, but you are exactly right that one of the things we're seeing is using the metaverse to do digital rendering of, of physical things and worlds and environments, but certainly a physical rendering of a product or a physical rendering of a retail store, right? And then that allows company to do pretty effectively with limited waste and, and, and, and at speed. Some experimentation around if you reconfigure your retail space a different way, do you have the same, and you can, there are analytics now that can track what avatars or individuals virtual individuals do in vr, but you can see how behaviors may be impacted by how you organized the store. So I think we're gonna, we're gonna see a lot, a lot more of that. And I think that's where the enterprise get really interested, right? Because there's real impact around productivity and, and potentially cost saving and efficiency that's gonna accelerate adoption.

Curtis Franklin (00:55:25):
Well, that, you know, that, that ex that sounds exciting and those are the sorts of things that I get excited about when I think about the metaverse, but it also I think creates another possibility. You know, for years there was a digital divide that was one of the things that separated the developed world from the developing world within a country as large as the us. It separated those in urban areas from those who were out in the more rural areas. And is it inevitable that the move to the Metaverse will create a larger digital divide? Or do you think the networks, whether it's through the various satellite based networks or build out in countries are, are now proceeding far enough that we're not going to have to worry about basic infrastructure causing a huge disparity in the opportunities to take advantage of the metaverse?

Emmanuelle Rivet (00:56:37):
So I, you know, it's obviously challenging question and I I, I'm a very hopeful person and I, I really wish for this production of Digital Divide. So I do think though we are probably better off than when mobile phone and still there's not a sufficient penetration and coverage of, of the internet and access to to devices globally. But I do think we're gonna follow perhaps a similar path where the technology is first a little bit expensive, and then as the technology gets better and cost to produce reduce, you have increased accessibility. I think we are also at the point of time where we're fortunate, I think you were talking earlier about 5g, right? A place where you have other supporting technologies around connectivity, around computing quantum computing, h computings that are gonna enable a little bit those experience. And that's already in development. So I'm really hopeful that we'll see a shorten adoption cycle with hopefully a, a divide that can be bridged quickly.

Louis Maresca (00:57:54):
Well, it's amazing how time flies when you're having fun, Emmanuelle, it's great having you on the show. Thank you so much for being here. Unfortunately, we're running a little low on time, but I wanna give you maybe a chance to tell the folks at home or organizations where they can get started maybe integrating or starting on the metaverse. Maybe they get started with PWC

Emmanuelle Rivet (00:58:12):
<Laugh>. Absolutely. they can start, but you know what, actually I won't be too selfish and I would say just start experimenting because once you start experimenting and you experiment with your employees and you put technology in the hands of, of people then magic happens. So I'll definitely encourage people to experience and see what the art of the possibilities and obviously we're, we're more than happy to sit down and, and, and, and flesh out with you what that part of the possible could be for you.

Louis Maresca (00:58:44):
Fantastic. Well, folks, you've done it again. You sat through another hour of the best thing enterprise and IT podcast in the universe to definitely tune your podcaster to twit. I want to thank everyone who makes this show possible, especially to my wonderful co-host, Sarga Theo and Mr. Brian Chi ert, what's going on for you the coming weeks at, where could People Find You?

Brian Chee (00:59:04):
Well, first off, Q Hero protagonist. Do you think maybe I like Snow Crash. I don't remember how, I'm not sure how many times I've reread that book. Anyway, <laugh> I will rant and rave and, you know, share some interesting things once in a while, share some boring things. I just shared a really interesting picture that I stole off a wisp Facebook group showing what the differences are between flat polish, A K A U P C, fiber connectors, and a P c or angle polish connectors. And between the two shall not mix. So I should try and share tidbits that I have from my company that in back in Honolulu, I try to share some things that I'm doing with maker Makerspace and things like that. But you know what, what I really like doing is I like hearing your opinions. I want to hear your ideas for what things we should cover in our show.

This is I think our third foray into the Metaverse in one way or another. We've done a couple on a ar vr, we're gonna have more hopefully just as you can reschedule that company. But you're welcome to throw it at me. So on Twitter, I'm a D V N E T L A B, and while I am on Mastodon I'm still learning. And I'm don't wanna say that too publicly yet until I don't embarrass myself on it, <laugh>. But you're welcome to throw email at me too. I am scheiber, spelled C H E E B E R T twit tv. You're also welcome to throw email at twit twit tv, which will hit all the hosts. We'd love to hear from you. And I think we still have viewers on all seven continents because I did actually hear from a viewer that does downloads at McMurdo Sound in Antarctica. So cool.

Louis Maresca (01:01:15):
So cool. Thanks sheer for being here, but we'll be all sound. Thank you. Very on Mr. Curtis Franklin. Curtis, what's going on for you in the coming weeks and work? Could people find you?

Curtis Franklin (01:01:24):
Well, you know, one of the things I'm doing around the holidays is trying to bring some order to my office space. And as I was going through, you know, we've been talking about a technology at the very early stages of its development, and I found this, which is my badge from the first Newton Unplugged. That was a conference for solu system integrators and value added resellers around the Apple Newton, which I think probably defined technology that was a bit before its time. Hopefully nothing in the metaverse will have that fate, but while I'm not cleaning up around here, I am still writing, trying to get a bunch of stuff out that will be at dark reading for subscribers to Omnia. It'll be there. I am still on Twitter trying to decide if that's gonna remain viable, but for now I'm there at KG four gwa. I'm also doing things on Mastodon. So go over and you know, search around Mastodon. I'm on LinkedIn, you can follow me there. I do various live things on LinkedIn as well as published articles. So if you want to follow me away from twt the opportunities are there I hope you will. I love to hear from you and can't wait to see who everyone again next week.

Louis Maresca (01:02:56):
Thanks Curtis. Well, we also have to thank you as well. You're the person who drops in each and every week to watch and to listen to our show, to get your enterprise. Goodness. We wanna make it easy for you to watch and listen and catch up on your enterprise and IT news soon go. So go to our show page right now, There we are. You'll find all the amazing back episodes, the show notes, the cohost, co-host information, the guest information, of course, the links of the stories that we do during the show, but more importantly next to those videos there you'll get those helpful. Subscribe and download links. Support the show by any, your audio version, your video version of your choice. Listen on any one of your devices or any one of your podcast applications, cuz we're on all of them. It's definitely subscribe and support the show.

Now you may have also heard of Club Twit as well. That's right. It's a great way to support our network and our show. It's a members only ad free podcast service with a bonus TWIT plus feed that you can't get anywhere else. And it's only $7 a month and there's a lot of great things that come along with it. That's right, you get exclusive access to the members only Discord server. There's a lot of great channels on there. You can chat with host producers. You have separate discussion channels really, there's some really great special events that show up on there. So definitely join Club Twitter and be part of that. You can go to twit tv slash club twit. Now, club Twit also offers corporate group plans as well. It's a great way to give your team access to our Ad-Free Tech podcast. And the plans start with five members at just at discount rate of just $6 each per month.

And you can add as many seats as you like. And this is a great way for your IT department, your developers, your tech teams, your sales teams to stay up to date and access to all of our podcasts. And just like regular memberships, you, they can join the This Sword Server and also get that TWI plus bonus feed. So definitely check out club Twitter at twit tv slash club. Now, after you subscribe, you can impress your family members, your coworkers, your friends with the gift of TWI holiday season. You might as well give 'em a gift, right? And that's, we can definitely give 'em a gift to TWI cause we talk a lot about some fun tech topics on this show, and I guarantee they will find it fun and interesting as well. So definitely share twit with and twit with them. Now after you subscribe, if you're available at 1:30 PM Pacific time on Fridays, we do this show live.

So check out the live, come see how the pizza's made, all the behind the scenes, all the fun stuff that we do before and after the show. Come watch the live stream, live dot twi tv and if you're, you're gonna watch the show live, you might as well jump into the amazing and infamous IRC chat as well. That's at We love the chat room. We have some great discussions in there during the show and after the show. Plus it's a really great way to give us feedback. So now definitely you can hit me up LinkedIn, great place to go. Twitter.Com/Lu. Maam, there I post all my enterprise tidbits. You can do a direct message me, show ideas you can hear about what projects I'm working on. I post both, both on on twi Twitter as well as on on LinkedIn.

So definitely check out those two mediums and social networks. So of course I also have Maid on Luma on the on the Twit social. So definitely hit me up there as well. And if you wanna check out what I do during my normal work week, definitely check out There. We post the latest and greatest ways that we allow you to customize your office experience to make it more customizable, more productive for you. So definitely check that out. I wanna thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this weekend enterprise tech each and every week, and we really, really couldn't do the show without them. So thank you for all the support over the years. I also wanna thank all the engineers and staff at twit. Happy holidays to them. They definitely support the show and we really do, couldn't do the show without them.

Of course. Thank you again to Mr. Bryan. She, he's not only our co-host, but he's also our tireless producer. He, that's right, he does all the bookings and the plannings for the show and really couldn't do the show without him. So thank you cheaper for all your support over the years. Of course. Before we sign out, I wanna thank our editor for today because they make us look good after the fact. Plus, I also wanna thank our amazing td, Mr. Anne per, he does a fabulous show on twit called Hands-on Photography, which I learned from each and every week and what's coming on this week's hands-on Photography.

Ant Pruitt  (01:07:06):
Hey, thanks for the plug, Mr. Lou. this week I'll take a look at the Cannon R seven and played around with it for a little while and see how it does with its stills and see how it does with video quality and color grading. And it, it was a lot of fun. A lot of fun. So go ahead and check that out. Twit.Tv/For hands on photography.

Louis Maresca (01:07:30):
Now, years back, I was waiting for the Canon R seven. I just was waiting for, I had all canon lenses and everything, and they just didn't come out with it. And so I transitioned everything over to Sony and I'm with Sony house. I really wish that they had this camera back then. <Laugh> such an amazing device.

Ant Pruitt  (01:07:46):
But you're still in good hands with Sony, though. I, I don't have any hate on Sony.

Louis Maresca (01:07:50):
That's true. Look, you know, my wife wasn't very happy. <Laugh>.

Ant Pruitt  (01:07:53):

Louis Maresca (01:07:55):
Blame it on Sony. Thank you and great to see you. And until next time, I'm Lewis Maresco. Just reminding you, if you wanna know what's going on in the enterprise, just keep quiet.

Jason Howell (01:08:05):
Don't miss All About Android. Every week we talk about the latest news, hardware, apps, and now all the developer goodness happening in the Android ecosystem. I'm Jason Howell, also joined by Ron Richards, Florence Ion and our newest co-host on the panel win to Dao, who brings her developer chops. Really great stuff. We also invite people from all over the Android ecosystem to talk about this mobile platform we love so much. Join us every Tuesday, All About Android on

All Transcripts posts