This Week in Enterprise Tech Episode 499 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Lou Marsecca (00:00:00):
On This Week on Enterprise Tech, we have Mr. Curtis, Franklin and Mr. Brian Chee on this show today. The passwords have over stayed. They're welcome, whether it's at your organization or at your household and the is a good start, but there needs to be more advanced, secure passwordless frameworks out there. We're gonna have a discussion on what organizations should definitely consider. Plus we have a great host round table for you today. We discuss 5G and what it means to have Private 5G. We have a lot of applications and examples to go over, plus ways you can actually adopt it quickly. You definitely should miss it.
Podcasts you love from people you trust. This is TWIT.
Lou Marsecca (00:00:46):
This is TWIT. This Week on Enterprise Tech Episode 499 recorded June 24th, 2022. No forklift left behind. This episode of This Week in Enterprise Tech is brought you by Plextrac, the proactive security management platform. Save time and increase productivity with the premier cybersecurity reporting and workflow management product designed to support the complete security life cycle from assessment through mediation. Visit Plextrack.com/twit to claim your free month and by Hover, whether you're a developer photographer or a small business, Hover has something for you to expand your projects and get the visibility you want. Go to hover.com/twit to get 10% off to your first purchase of any domain extension the entire first year. And by Canary. Detect attackers on your network while avoiding irritating, false alarms. Get the alerts that matter for 10% off on a 60 day money back guarantee, go to canary.tools/twit, enter the go TWIT and the had a hear about us box. Welcome to This Week in Enterprise Tech the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this role's connected. I'm your host Louis Masecca, your guide through this big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals, the experts in their fields, starting with our very own Mr. Brian Chee, net architect, sky fiber, and all around tech geek. 'Chee-bert" How are you doing my friend? What's been keeping you busy this week.
Brian Chee (00:02:20):
I've been tinkering, but warning. This is a soapbox. I was woken up this morning and saw the decision on overturning Roe versus Wade, and was very, very disappointed in the us Supreme court. And I will say lots and lots of states are now chiming in saying, no, we're going to keep protecting women's reproductive rights. And I know Washington state's doing that. Hawaii was actually the first state in the union to implement the protections and I'm hoping more states do also. And my last pitch is vote. Vote, always vote often and make your displeasure known to your Congress, critters and ran
Lou Marsecca (00:03:15):
Name into that. Thank you, Brian. Good seeing you, my friend. Well, we also have like welcome back as well. Our senior analyst and DIA and he's security and enterprise expert. He is Mr. Curtis Franklin. Curtis, how are you doing this week? And what's keeping you busy.
Curtis Franklin (00:03:29):
Well, I'm a little bit less tired than I was this time last week, because I've actually had a a week of sleeping in my own bed, which is a darn good thing. It's given me time to work on some things that are coming up. I've got some research that's gonna be coming out in July, looking forward to getting that published to all of the Omni subscribers. Also have a number of things that'll be coming up on both dark reading and on LinkedIn. So hope people will follow me both those places. And of course I'm getting ready for black cat. Now we've only got about six weeks before black cat. And one thing I do wanna let people know about if you're gonna be there on Tuesday of that week, we're having the Omnia analyst summit. I, and all my colleagues will be giving presentations, talking about our areas of specialty and then doing some round tables where we discuss the industry as a whole. The great thing about the Omni analyst summit, it is that it's absolutely free. So head over to dark reading slash Omni, and you'll be able to find the registration page. I would love to see lots of folks from the TWT riot in the desert.
Lou Marsecca (00:04:48):
That's fantastic. That's one thing with it, professionals they can't give up on free things. So hopefully you'll see a lot of, lot of attendees. So we'll see what happens there. Thanks Curtis. Well, we have a pretty busy week in the enterprise, so we should definitely get started. So today we have lots to talk about. In fact, we talked a lot about passwords in the past, but I think they've overstay their welcome. There's not just a need for getting rid of them, but there's a need for more advanced and secured passwordless frameworks as well. We're gonna discuss what organizations should consider there. Plus we here to offer you a host round table. That's right. We're, we've discussed 5g in the past, but we wanna talk a little bit about private 5g, what it means for you and some of the different applications and examples that go out there as well.
Lou Marsecca (00:05:32):
Lots of exciting stuff to talk about, but first, like we always do, we do have to jump and this week's news blips. Now it wouldn't be an enterprise week without at least an attempted leak, right? While the notorious spyware vendor NSO is added again, this time it's informing EU legislators, that five EU countries have used their Pegasus surveillance malware. And according to this Wired article, not only has this malware been abused around the world, the Google threats analysis group in project zero have published findings that there are now iOS and Android versions in the wild as well. Now Google researchers say they've detected victims of the spyware in Italy and Kazakhstan on both Android and iOS devices. Now the Android version gets the code name hermit. Now the issue Google has raised is the fact that vendors like NSO are enabling the proliferation of dangerous hacking tools.
Lou Marsecca (00:06:21):
Assuming government that would not be able to develop these capabilities in house. In fact, they track more than 30 spiral makers worldwide that that actually offer an array of technical capabilities and levels of sophistication to government backed clients in their analysis of the iOS version. Google research found that attackers distributed the iOS by were using a fake app, meant to look like the Vodafone or my Vodafone app from the popular international mobile carrier in both Android and iOS attacks. Attackers may have simply tricked targets into downloading what appeared to be a messaging app by distributing a malicious link for victims to click on. Now we know apple, doesn't let you side things unless you've signed by or signed by a trusted apple cert through, or whether it's through their store or they've used accepted third party certificates for that process while attackers were actually able to distribute the malicious app because RCS labs had registered with Apple's enterprise developer program, apparently through a shell company called three to one mobile S SRL to obtain a certificate that allows them to actually silo the apps without going through Apple's typical app store review process.
Lou Marsecca (00:07:30):
Now three out of six of the exploits are from, for actually from public jail break exploits. And the researcher shows that while not all actors are as successful or well known as a company like NSO group, many small and mid-size players together in a rapid growing industry are creating real risk for internet users worldwide.
Curtis Franklin (00:07:53):
We're ready for some good news. Researchers say that only 3% of open source software bugs are actually attackable now application security and DevOps pros are overworked and overt stress, nothing new there, but data from a new study implies that a focus on fixing and mitigating only what's truly attackable could drastically reduce the strain on those teams. The new 2022 APSEC progress report by shift left suggests that a focus on attackable vulnerabilities can help AppSec and dev teams more effectively sh sift through issues. The new focus on software supply chain vulnerabilities, third party risk, and multi-layer software dependencies had made application security much more visible and far more challenging than ever before face it security teams and developers can only get to say X vulnerabilities in Y applications within any given time period. They need a way to make sure the ones they fix or mitigate with compensating controls are the vulnerabilities that count the idea of analyzing for attack ability involves among other things, assessing factors like whether the package that contains the CVE is loaded by the application, whether it's in use by the application, whether the package is an attacker controlled path, and whether it's reachable via data flows as an example of why this is important.
Curtis Franklin (00:09:22):
Think about the log for vulnerabilities that were huge news a few weeks ago, and caused many late nights and long weekends for devs. Sec ops seems, but the shift left report noted that 96% of the vulnerable log for J dependencies weren't attackable. Now the devil as always is in the details teams in their management need to understand just how a service or application determines whether or not vulnerabilities are attackable. In addition, an attack ability prioritization is only as good as the vulnerability data feeding into it. So it is caveat mTOR for security teams to truly look under the hood, to see how they source their vulnerability data.
Brian Chee (00:10:09):
Well big thank you to dark reading for this article. And the headline is VPNs persist despite zero trust fervor. Well, zero trust initiatives may be on the security roadmap for most enterprises today, but remote access architecture today is still highly dependent upon virtual private network technology. Newly published data shows that approximately 90% of organizations still utilize VPN in some capacity to secure remote access for their users, meantime across a broad population of it and security practitioners, fewer than one in three, say they have plans to, or have begun to roll out zero trust access to supple supplant VPN, sorry. The results are from a survey conducted by Sapio research on behalf of Banon security, which reached out to 1025. It respondents focusing the bulk of the research on the 410 who were aware of both VPN and zero trust network access. The study shows that among that group, a full 97% reported that adopting a zero trust model is a priority for them slightly over half of those aware of both VPN and Z T N a said, they've begun to roll out a zero trust solutions. Well, in my opinion, the two technologies are not mutually exclusive and for a time will most likely coexist similar to how it has been common to still use SSL and SSH, even if tunneling through a VPN I'm of the opinion that within reason a multi-layered approach would also provide for additional protection from a single technological breach within reason, keeping in mind that all this security comes with overhead
Lou Marsecca (00:12:00):
Because you, there continues to be a deficit in cyber security professionals out there. Now, some organizations are trying to grow them in house, but others are trying to get people into the field before they hit the workforce. Now, according to this Bloomberg article, there are a set of summer camps imagined by the NSA offering a big, a bit of funding there, and a run actually run by independent institutions. Now the program, Jen cyber started with an eight camp pilot back in 2014. That was actually only a year after the NSA's reputation was severely tarnished by former contractor, Edward Snowden's revelations about its surveillance techniques. Now it now consists of 102 camps across 38 states with at least 140 camps expected in 45 states. Next year. Now each runs five days with an additional session before and after. And to date more than 20,000 teenagers have already attended these camps.
Lou Marsecca (00:12:53):
And the goal is to ignite the interest in cybersecurity to people before they actually hit the professional world. Now, part of the program's mission is also to increase female and minority participation in the field. They actually now offer both male and female sessions for the camp. So coding and computer camps are new. Everyone from tech giants to fashion models have started programs hoping to turn young minds toward Silicon valley, but the NSA's version includes cryptography lessons on thinking like an adversary mock trials of real life, computer security cases, as well as practical instruction in monitoring network traffic, making your own firewall and a password security. The camps also seek to help young people navigate cyber stalking and cyber bullying and knit cyber security con considerations into daily life. Now the summer camp teachers discuss cyber ethics on a daily basis, but they make little mention of NSA's own controversial history.
Lou Marsecca (00:13:50):
No joke there. Now the NSA won't stay say actually how much they give to fund the free camps, but the national so science foundation, which cofunds the project has given more than 3 million some years than the Citadel says, gen cyber awarded $130,000 grant to run two courses this summer with additional sessions before and after equivalent to be more than $3,500 for each attendee. Now, if nothing else, what this is actually doing is actually infusing the idea of cyber security in the young minds early on in their lives and careers. It gives them some possible direction and it provides a level of importance to the concept. I, for one hope more programs like these, even on other technical areas will actually help creative minds out there. Well, folks that does it for the blips next up, we have the news bites, but before we get to the news bites, we do have to think a really great sponsor of this week, enterprise tech and that's Plex track the premier cybersecurity reporting and workflow management platform that empowers teams to win the right security battles.
Lou Marsecca (00:14:53):
Now, what if you could streamline the communication across the entire security department so that every team member could do their job more effectively now from simplified day to aggregation and reporting to integrated ticketing for remediation to analytics and visualizations for board reporting, plaque extract touches every aspect of the security management workflow gain a real time view of your security posture by bringing all your data sources together into one powerful platform. You can triage scanner results, generate powerful analytics and visualizations, assign remediation tasks, attest to your posture and track progress over time. Now, as a satisfied Plextrac client, put it what we see Plextrac as part of our strategy to move quicker and be proactive. Now we have a real time view of what we need to focus on, and I have an easy way of showing senior leadership flex track serves every aspect of the enterprise security team program with features designed to improve workflow collaboration and communication for each role, including red team data aggregation that's right import data from all of your automated vulnerability, scanners and tools, triage, and report results.
Lou Marsecca (00:16:07):
In half the time. They also have blue team remediation assigned remediation tasks, right on the platform or through a simple integration with the ticketing tools your team already uses and track progress over time. Plus they have stakeholder communication use powerful, yet simple analytics to attest to security posture and prioritize issues, tailor attestation and communication to the needs of both team members and to your C-suite continuous purple teaming assessment is there as well begin purple teaming or PowerUp your current strategies with run books that invest in industry tool for test plan, execution, security teams of all sizes and maturities can maximize the efficiency and effectiveness of their workflows with Plextrac customers report that they see Plextrac as a part of our strategy to move quicker and be proactive that the platform has a five times return on investment in year one. And then it gives their cybersecurity operations.
Lou Marsecca (00:17:04):
A 30% increase in efficiency. Plextrac improves the entire security engagement life cycle. By making it easy to generate security reports, deliver them securely and track the issues to completions straight from the platform. Book a demo today. Try Plextrac free for one month and see how it can change your life as a security professional. Simply go to Plextrac.com/twit and claim your free month that's Plextrac.com/twit. And we thank Plextrac for their supports of this week and enterprise tech. Well folks, it's now time for the bites. Now in our RSA episode, we talked a lot about passwords, password lists, MFA, you know, passwords themselves. They've definitely overstay their welcome, and I think they're more trouble than they're worth now. We're we talked about ditching passwords for MFA and, and how it's essentially a necessity going forward for organizations, but they too also present a bunch of problems.
Lou Marsecca (00:18:09):
In fact, you know, we talked a lot about actually moving towards more advanced and secure passwordless framers, including biometrics. In fact, you know, you guys have actually talked a lot about the facts that some organizations are actually mixing these things together, whether they're mixing two FA and SMS to maybe using tokens using desktop agents. And the problem with that is it just kind of institutes and creates a lot of confusing for organizations. I want to bring you guys in and, and talk a little bit about some of the options that are out there cheaper. I want to throw it to you first. You know, there are, there are options right now for organizations to adopt some more secure passwordless type frameworks. What are you seeing? That's really kind of adopting faster than others? What are some of the newer ones that, that organizations are pointing to?
Brian Chee (00:18:57):
One of the technologies that I've been seeing a lot of talk about is Fido and the fi Alliance has done a great job of trying to get rid of the FUD, the fear, uncertainty, and doubt behind MFA. Well, here is my complaint. It's still too complicated, just watching the DevOps while dev sec ops channel at the university of Hawaii on people that are trying to convert their apps over. It's tough. There's a lot of little twidly bits that you have to get into. And if you are not keeping up, you can inadvertently open your website to some nasty stuff. So OWA, which is one of the big ones in this game is great. And there's open source implementations of it, but you have to keep on top of it. And my other complaint is single sign on is great. But if you L you know, accidentally don't keep up, or you introduce some vulnerabilities into your single sign on system, you may open the keys to the kingdom.
Brian Chee (00:20:12):
And my last complaint is the authentication sources are still very much a competition on who's going to be what active directory is. Wonderful. I like it, and I'm sure Lou likes it. He has to work with it every day. Within the university it's been L D and I will say, this is one shot at the Microsoft licensing people. You are losing to LDAP for one reason. And one reason only FTE counts acted directory is licensed by total number of FTE users, but that includes alumni. So if universities want to keep in touch with their alumnus, which are a big source of funding, they're saying, no, we're not doing active directory, active directory. If it's theirs only gonna be an afterthought, it's gonna be L D because of licensing costs. And then a lot of hardware, people are still going TXT, CACs which is wonderful.
Brian Chee (00:21:20):
But TXT is complicated to implement, and it's not, well, the cur some of the implementations are not very secure. So with these many moving parts and this much confusion MFA, I don't think is going to get too much traction until these vendors and these developers start at least having a meeting of minds anyway. So some of the things that worry me, so out of this dark reading article they're saying they're claiming in the article 81% of hacking related breaches are caused by password related issues with only 36% of users that seem willing to make the jump to MFA. Those are kind of depressing numbers. So I, I took some pot shots at Microsoft active directory for, for that. I apologize to Mr. Lou, but I'm sure there's some interesting things happening, cuz you can have some very, very gr spectacular single sign on solutions that have MFA. And I know active directory is changing and especially active directory in the cloud has made it a lot more approachable, especially on the per seat license cost. But what things can you share with us about where Microsoft is going with its products line?
Lou Marsecca (00:22:48):
Well, you know, it's interesting you brought up Fido cause I think that the Fido two standards, one of those things that's on the forefront of everyone's mind. And I think the challenge here, and I actually want to get Curtis' thoughts on this in a second, because I think the biggest thing is the fact that, you know, organizations continue to change, need to change how they are authenticating their users and, you know, new technologies keep coming up big organizations like apple, Google, Microsoft, the Okta of the world are moving to a lot more of the newer standards, which could, can actually create some level of consumer and enterprise fatigue. You know, they they're, they're getting tired of having to constantly change things or adopt things or, or move to something new. And, you know, and, and like I was saying, you know, we are adopting some of the newer standards in some of the things that we do and which means that would mean that organizations will need to kind of come along with us.
Lou Marsecca (00:23:37):
And so that, that can be a challenge across the board. And that could be a reason why things are actually adopting slowly. Another thing I actually see that I want to add as well is some of these newer technologies. Sometimes they are doing things behind the scenes to verify things. The frameworks wise that might require some level of latency. Like for instance, they're verifying with multiple different providers, or they are trying to you know, use your biometric server that you just, you know, attested to on your device and, and being able to get that information and apply. So you, the user's essentially waiting around for all this to kind of go on. And in fact, there's some research by Microsoft that says only an average person's attention. Span's only approximately eight seconds. So they're, they're gonna think things are slow and not want to.
Lou Marsecca (00:24:24):
They might even close the page because things are kind of redirecting and doing, doing things behind the scenes. So there's some complexities there there's fatigue. People don't wanna move on to the new things. And when they do move on to the new things, there's some technology challenges that go along with them that cause organizations some level of distrust to how useful and performant they are. So Curtis, I want to throw this over to you. Are you seeing this in some of the reasons, at least that's what I'm seeing in some of the organizations why they're not adopting? Is it, is this some of the things that you're seeing as well?
Curtis Franklin (00:24:53):
Well, I think that for some organizations we're, we're finding that the real obstacle to moving away from passwords is that they consider passwords to be good enough. And as you well know, when you get to enterprise software, if you have something that's considered by management to be good enough, then it takes one heck of a perceived benefit to move people off of that. Why? Because it's expensive to move. Let let's forget the number of, or the, the licensing cost or the cost of development or anything like that. A profound number of enterprise users essentially do computing by muscle memory. That's why I'm sure Luke can tell you that there is significant heartburn. Every time there's a change to a menu in one of the office app, suite of applications. Why? Because there are users who are used to going to the first item to the right of the login clicking once going down six items clicking doing this, they don't read.
Curtis Franklin (00:26:15):
They certainly don't try to understand what's going on it's muscle memory only. So if you change things that require muscle memory, for example, going from passwords to any number of multifactor authentication processes, it needs to show some real benefits. And simply saying it's more secure is not enough of a benefit to many, many organizations. In addition, we've got an awful lot of, of different possibilities. I mean, there are things like one time passwords that are based on, on time signatures, SMS, email, two factor authentication pushed two factor authentication, universal sec, two factor authentication, tokens, web off desktop agents. All of these are out there saying, Hey, we are the thing that really needs to replace passwords. And the fact is that if you have a multitude of these being used by an individual's different services and applications, then the user fatigue is just as great as it is with different passwords.
Curtis Franklin (00:27:31):
Now, there are a lot of companies out there trying very hard to move away from anything that requires any user authentication when I was at RSA. And even when I was at Splunk's conference be user behavioral analytics UBA and user and endpoint, behavioral analytics, U EBA are both seeing a lot of attention being paid to them because they can help determine how strong a particular login authentication sequence needs to be. If everything looks just like it always looks in terms of the individual and this computer logging in, then maybe you don't need anything at all. Whereas if you have a number of differences, you know, IP, IP address and time of day and where they're trying to go, all these things, maybe you want to make it really challenging for the user to log in. So there are a lot of different things, but still the biggest hurdle isn't dollars. It's good enough. Right. Right.
Lou Marsecca (00:28:46):
Yeah. I, I think that, that, you know, this article actually brought out some really interesting facts is that they're trying to ingrain some of these things by using, you know, some organizations like for instance, gaming organizations, you know, they're actually, they're actually infusing multi-factor authentication into their login so that younger folks actually get used to it. So that it becomes more part of like you were saying, muscle memory to use these types of technologies. And I think that's interesting because that then gets people more often off of the password world. And I think this also happens, I've watched this actually in my kids' case they use you know, specific things at school and they, you know, they started using password managers and they started using authenticators that went, that they used via their email and so, or MFA via their email.
Lou Marsecca (00:29:31):
So I think it's very interesting to see how that they're starting to get this early on and it gets more part of their muscle memory and their expectations later on. But, you know, cheaper, I wanna throw this back over to you because I think that the biggest thing here is there's no bullet proof solution out there. Some people are, are actually talking about the squirrel protocol. That's actually Steve Gibson's protocol in there. And again, a lot of, lot of good, unique things that are going on there as well, but there's no Bulletproof protocol here. And I think like, like Curtis has said is it's really time. It's challenging to actually integrate these things. And so they just kind of go fall back to passwords themselves, you know, what is an organization to do if these are really tough to actually implement and integrate. And is it just make sense to continue using passwords? It just have policies around them.
Brian Chee (00:30:26):
I think a lot of it is there are some suggestions out there scrolls, definitely. One of 'em. The folks at apple are trying to push very hard to make the iPhone, the center of your authentication world. I actually use dual because that's what the university Hawaii standardized on. And so I had different things. It's been a amazing pain. When I changed from the iPhone six S over to the iPhone 12 pro moving my authenticator apps was actually really painful. So I think one of the things the industry is forgetting is that people don't like changing because of sticks. You know, the old carrot versus the stick users, don't like changing. They don't like change period, and there needs to be an advantage to them. And my personal opinion is we need a standard. We need a standard that works across multiple platforms, none of this apple only, or Android only, or whatever.
Brian Chee (00:31:40):
There needs to be a better solution. It needs to be an industry standard. So we need to go and get people to quit arguing and start cooperating. And there needs to be a carrot. And it is my opinion that if we had a device that could be used by the general public that maybe you stick your thumb, you know, your biometric authentication on a dongle, and then you can kind of use it with Bluetooth or a tap and go or something like that. So that people can give up on passwords. Because everybody that I've talked to ju almost without fail hate passwords, you know, especially having to change them, that that's the number one pain point for users that I've dealt with. So if there was a standard that's cross platform, that's easy to use. I think that's a enough of a carrot to get people to move.
Brian Chee (00:32:40):
And I'd like to see that happen, but you know what, we, we need something change. We, it needs to have it needs to be easy. It needs to be something that manufacturers can agree upon. And I applaud applaud what apple is doing, but the fact that they're using it as a marketing lever to get people over to the iPhone platform is the wrong move. And I, I, one last thing folks, there are lots and lots of places where you're not allowed to take a phone, try, you know, some banks you're not allowed to have a phone, a lot of Contra you know, actual intellectual property, confidential research. You're not allowed to have a phone. The military, you're not allowed to have a phone own so it needs to be something that is dedicated to being an authentication dongle that doesn't have general use functions is a more palatable answer. Now I realize that's, you know, a fairly small minority, but it's a very powerful minority. And when you have the military adopt something, all of a sudden it becomes a defacto standard. So yeah, it's gotta be done. Yes. We're sounding like a broken record. But this is probably the number one bug Abu in our industry. And we are not going to move forward until we can start solving these problems. So there
Lou Marsecca (00:34:26):
Agreed 100%. Thank you, cheaper. Well folks that does it for the bites. Next up, we're gonna discuss in depth a little bit about 5g and as well as private 5g. But before we get to that, we do have to thank another great sponsor of this weekend enterprise tech. And that's hover. It's time to make plans and let hover help you achieve them. If you're a blogger, creating a portfolio, building an online store, or you just wanna make a more memorable redirect to your LinkedIn page, hover has the best domains and email addresses just for you. An email at your domain name is key to connecting with customers or billing trust for your brand. They have domain based emails for all of your needs, small or large. It's easy to set up. You can add as many mailboxes to your domain as you need. And when your domain renews, your mailboxes will too.
Lou Marsecca (00:35:14):
Now, the prices are unbeatable. Their most popular mailbox is a no brainer solution for your business owners get access from anywhere. Use your email app you're already comfortable with, or if apps, aren't your thing, and their web mail can be accessed wherever you are. Now. Personally, I really like hovers, ease of use, say they have a huge collection of TLDs plus super easy to transfer. That's right. Makes my life easier. If you ever tried to transfer using some of the other guys out there, it's kind of a headache now, hover, isn't here to upsell you or, or on your stuff you don't need. They just wanna help you. That's right. They have pro level tools, powerful domain and email management tools that are intuitive and easy to use, whether you're a web pro or just getting started, but it's private and secure with who is privacy protection included with your domain purchase.
Lou Marsecca (00:36:00):
Your private information will remain just that private. And it's a great way to reduce spam and protect yourself from unwanted solicitations. Plus hover connect lets you pick the service you wanna use to build and host your web app and website as well. Connect helps you start with using your domain name with just a couple clicks. Now at Harvard, you're a customer and not a source of data. Take back control of your data with reliable track. Free email. Hover is trusted by hundreds of thousands of customers who use the domain names and emails to turn their ideas into reality. Whether you're a developer photographer or small business, hover is something for you to expand your projects and get the visibility you want. Go to hover.com/twit to get 10% off your first purchase of your domain extension for the entire first year. That's hover.com/twi for 10% off your domain extension for a full year.
Lou Marsecca (00:36:55):
And we thank hover for their support of this week in enterprise tech. Well folks, it's now time for our host round table. Now we've discussed 5g in the past, but we haven't really discussed the private 5g side of things. The, the, we talked about public networks and how some of our mobile public networks are moving to 5g, but there's a lot of applications for private 5g achievement. I wanna throw this to you just first to, to kinda give us an understanding what does private 5g, what does it mean and how far does it go down the line here?
Brian Chee (00:37:30):
Well, the marketing definitions are blurry. You know, any new technology marketing folks, aren't gonna always check with their engineers before they start using labels. So sadly 5g has also come to include the 60 gigahertz world that if you look at the tech specs and you know, what it can do and so forth, it actually looks like more like a replacement for wifi point to point or point to multipoint shots, point shots. So working with that, you know, de facto definition I actually got a chance to physically work with SI Lu corporation. We've actually had them on the show. They started doing some of the very first fixed 5g and they had 60 gig Hertz point to point and point to multipoint devices that gave you upwards of 10 gig wireless backbones. And it's great, cuz then you can have a 10 gig wireless link between your buildings and so forth.
Brian Chee (00:38:44):
Now some of the very earliest 60 gigahertz stuff that I actually saw was actually at the Sony open. One of the biggest problems with golf tournaments that are televised is they really hate those big cables run across the fairways and greens on very high end country clubs. And so I actually saw Sony corporation play with some you know, very early prototypes of 60 gigahertz devices that will shoot from the greens and from the fairways where they had their cameras back to the production truck. So private 5g and this case, this is actually a newest, one of the newest offerings for micro tick. That's actually 60 gigahertz with a five gigahertz backup which has made them super popular. I can't get my hands on a set because they keep selling out anyway. Private 5g is not just what used to be called bypass wireless, meaning you're bypass, bypassing the phone companies or the lease line companies and so forth bypass wireless means I don't want to have to pay someone for that link.
Brian Chee (00:40:04):
It also me has come to me. I can't dig up the street super popular in high density areas like New York, Tokyo, San Francisco, and so forth. In fact we actually did some wireless bypass in Tokyo and it was literally to get across the street and we just lit, we stuck it inside the windows and shot across the street and saved ourselves an amazing amount of money. So bypass wireless should be lumped in with this also, how do we get from one point to another without having to spend a lot of money. Lastly, before I finish this ran there is now private 5g that you can buy that is cellular like in operation. So if you have a 5g phone, say we actually had someone on the show where you literally just scan a QR code with your iPhone and it will set up a separate EIM electronic SIM so that you could use the private 5g network that you set up with your, your your vendor.
Brian Chee (00:41:20):
And the cool thing is because it's licensed and normally the vendors that do set up handle the licensing for you. You can avoid some of the interference that you get with an unlicensed band. So keep in mind, 60 gigahertz is just like wifi at five gigahertz or 2.4 gigahertz. It is unlicensed. And in all reality, if someone happens to have something on the same channel that's flooding or spilling over into your dishes, you are out of luck, whereas true private 5g when it's 5g mobile or cellular whichever word you like. Those are licensed. So the, a lot of the vendors that are offering private 5g are saying, we can give you something dramatically more reliable and lower latency than your wifi. And that's why, in some cases, people are putting these in a big one are hospitals. Another big one is finance they're actually because they want the privacy healthcare, oh, it's hard.
Brian Chee (00:42:33):
I said healthcare and campus, you know, academics having a separate, secure cellular like infrastructure for say, like campus security or something like that. So it's changing the way things are going. It's no longer going to be, oh, immediately let's do a wifi network. Now there's some new options to be able to avoid digging. And especially in some large high density cities like New York or Tokyo getting permission to dig up the street is challenging. So wireless bypass has gotten lumped in and I think it should stay that way at least for a little while until people start understanding private 5g better.
Lou Marsecca (00:43:26):
That's true. True. Now there are some conspiracies that come along a little bit with the 5g and the 60 gigahertz band as well. What are, what are some of those conspiracies in fact that if you go searching on red, it's really the only thing that you find about around 5g, 60 gigahger Hertz. What what's going on there? What what, what can you guys tell me?
Brian Chee (00:43:47):
It's it's tinfoil hat people <laugh> now 5g, well, 60 gig Hertz let's let's contrary on 60 gig Hertz, cuz the there's a lot of conspiracy on 60 gig Hertz, keep in mind 60 gig your Hertz, the, the, the FRA the RF signal is small enough and high frequency enough that oxygen gets in the way. So we're talking very short range. So being able to shoot down a back alley or across the street, or maybe, you know, Daisy chain across campus, that's fine. And we're talking about things that are very low power. So to the tinfoil hat people, <laugh> you get more radiation exposure from that microwave in your home. Actually you get more radiation exposure from a nice sunny day. That's my opinion, but you know, there's an awful lot of scientists behind me.
Lou Marsecca (00:44:50):
<Laugh> that's right. Thank you. Cheaper. Yeah, I think that the interesting thing that I find with private 5g especially is just the, the, the amount of applications. And I wanna, I wanna get your guys' thoughts on some of these applications, but one thing I saw that's, you know, really interesting personal experience here is, you know, I worked in, I worked in a brewery for a while as a systems control engineer. And one of the things that they had was pretty advanced at the time was autonomous vehicles that they were actually moving around the brewery and the, and the warehouse to move pallets of beer on and off trucks and being able to pick up the, the latest you know, brewed beer and move it into the, into the cooling facilities. And so that was all done autonomously and the way they used to do it was actually through really expensive magnetic tracks that they had put into the cement.
Lou Marsecca (00:45:36):
But because they had to expand the brewery that got more expensive and, and, and they just couldn't continue to maintain that. And so they moved more towards wireless technology and, and more using AI to be able to, to be able to move these things around. And the challenge there was, there was a lot of disruption. There was some sometimes those that the wireless could be interrupted by other devices in the different spectrums, especially with, you know, wifi the way it is today. And so moving towards the applications, using 5g, they get a little bit more reliability because of the fact that they can move in between public and private networks pretty easily. They have it's easy to move throughout the, the shop floor or the, or the organization's floor or the warehouse and allows these, these vehicles to be able to communicate at high speed at much lower power. So I definitely feel like that is a really good application which is in the industrial case or the manufacturing pace case. But Curtis, I wanna throw this to you cuz you, you, you talked to a lot of industries out there, a lot of organizations. What other some, what are some of the other applications you're seeing from the private 5g case?
Curtis Franklin (00:46:44):
Well, obviously as you pointed out OT, our operational technology is a big one. This is where you're doing shop floor, where you're doing all sorts of industrial control, those sorts of things. They are very, very big. You're also seeing it used to replace what tends to be known as NPLS or private cabled links on inside city, not necessarily campus, but citywide networks for a lot of the reasons that Brian was talking about. You know, I think that where you're going to see a real takeover is the NPLS or lease line market. You you'll still have some very big pipes that have to be leased, but for a lot of the smaller 5g is the way to go for a whole variety of reasons. And one of those, it has to be noted, does include in most cases, security especially on the OT side the security of networks are notoriously bad, largely because a lot of the engineers have typically said, why would anyone want to get into our network?
Curtis Franklin (00:48:12):
And the answer is so that they can laterally move into the rest of your it network and also hold your operational technology subject to ransomware such, but 5g has better protection. Won't say it's hack proof. It's a little bit more hack resistant than a standard cable. But you do have a lot of interesting possibilities and I, I do want to bring up one of the things that is really interesting with 5g on the healthcare side the security of healthcare devices is really tricky. And the big reason is that the software used on healthcare devices, regulated healthcare devices. We're not talking about like the the home blood pressure cuffs, but you know, cat scan machines, things like that. The software is part of the approved device. Therefore, if you change the software, you have to go through a renewed approval process.
Curtis Franklin (00:49:29):
These are horrifically expensive and can take quite a long time. And so the manufacturers are highly reluctant to do updates to the firmware, the software on those machines. That's one of the reasons why they become quite susceptible right to intrusions. Now, if you can take the networking layer one away from cables and especially away from commodity internet and turn it over to something like private 5g, you have the opportunity to put some privacy controls and some security controls in at the network edge to protect the devices that sit there on the device edge. And that's a key component to why a lot of healthcare organizations are looking strongly at private 5g because they do allow for some security protection. That's just not available. If you're running everything over commodity internet.
Lou Marsecca (00:50:41):
Indeed, indeed. Well, there's, there's lots more to talk about here, but I do wanna, we have to go one more to sponsor. And then when we come back, we have some more to talk about about, you know, even 5g as a service. But before we get to that, let's go ahead and thank another great sponsor of this weekend, enterprise tech, and that's think Canary. Now, if there's anything we've learned from the last year is that companies must make it a priority to layer the security of their networks. That's right. Add layers. Now, one of these layers needs to be things to Canary. Unfortunately, companies usually find out too late that they've been compromised even after they've already spent millions of dollars on it. Security. Now attackers are sneaky. We know that unknown to companies, they prowl networks looking for valuable data while attackers browse active directory for file servers, explore file shares.
Lou Marsecca (00:51:25):
They will be looking for documents. They'll try default passwords against network devices and web services. And they'll scan for open services across your network. While things canaries are designed to look like the things that hackers wanna get to canaries can be deployed throughout your entire network. And you can make them look identical, identical. So a router, a switch, a NAS server, a Lenux box, a windows server. So attackers won't know they've been caught. You can name them in the ways that the hackers gets their attention, right? You, you can enroll them in an actual directory. And when attackers investigate further, they give themselves away the Canary tokens act as tiny trip wires that can be dropped into hundreds of places. Canary is designed to be installed and configured in minutes, and you won't have to think about them again. And if an alert happens, Canary will notify you any way you want.
Lou Marsecca (00:52:16):
You can alerts by email or text message on your console through slack, web hook, CI log, or even there just user API. Now data breaches happen typically through your staff. And when they do companies often don't know they've been compromised. It takes an average of 191 days for a company to realize that there's been a data breach. Now, Canary solves that problem. Canary was created by people who train companies, militaries, and governments on how to break into networks. And with that knowledge they built Canary. You'll find canaries deployed all over the world and are one of the best tools against data breaches. Visit Canary to tools slash TWIs. And for $7,500 per year, you'll get five canaries, your own hosted console, upgrade, support and maintenance. And if you use code TWI and the, how do you hear about a box? You'll get 10% off the price for life.
Lou Marsecca (00:53:08):
We know you'll love your things Canary, but if you're not happy, you can always return your canaries, but their two month money back guarantee for a full refund, that's Canary that tools slash TWI and enter the code twist in the how to hear about us box. And we think things can air their support of this week and enterprise tech. Well, folks, we've been talking about 5g, private 5g, some of the applications out there, and even some of the conspiracies behind it, but there are some interesting things here as well because you know, net 5g being implemented requires some additional layering in your network. Is that right? Sheer
Brian Chee (00:53:45):
To an extent a private 5g system when you're talking about bypass wireless, it looks like wire. It that's all it is. So any kind of separation and extra security you implement with your existing network infrastructure. Now, when you start talking about 5g, private 5g in the cellular world, then yeah, there's a bunch of things involved and it's basically implementing think of the hassle you went through implementing a PBX. It's similar. There's some interesting things. Now, one of the things, yeah, there, there's a, there's a good place to start. We're going, I'm hoping these URLs make it into the show notes. But one of the things that I stumbled across during research for the show was an offering from Nipon telephone and Telegraph NTT. And it's 5g as a service now, again in the, in the world where we're starting to merge the telecom group and the it group nine times outta 10 you're, you're not given more people.
Brian Chee (00:54:59):
So the, as a service has been very, very popular with all kinds of different it or telecom organizations and being able to lose the hassle of managing a private 5g infrastructure. At least in Japan means that gee, I, I can outsource that. And then all we have to do is work on getting a gateway inside our, our network that is then usually protected through a encrypted VPN link or sometimes lease lines. I'm not quite sure how NTT has offered the connection back into your private network, but I suspect those are gonna be some of the offerings I've hear rumblings from at and T and T-Mobile and Verizon, that this is a market that they'd like to tap. Eventually I gotta imagine part of the problem is the American FCC the Japanese, especially NTT has some advantages, the Japanese government in this CA, especially in this case, it's very pro business.
Brian Chee (00:56:15):
And I worked with Fujitsu limited Japan, and they had very close ties to NTT. And there's some really cool things that happen now, for those of you that are listening. I do wanna say one thing, private cellular systems, which is what we're really talking about have been around for a long time. There are lots and lots and lots of roadblocks to implementing them. <Affirmative> but I actually had one that was off a communications van in Bosnia, and I just had a crank up mast and I actually was running an Erickson two G cellular system. And because we were under NATO I actually got to bypass a lot of those issues, but the cool thing is, and this also applies to the private 5g is a lot of these systems actually allow you to do segmentation of your clients. So you can push messaging out.
Brian Chee (00:57:16):
You can push updates. There's a lot of really cool things that you can do with a private 5g system. And it was just starting to appear in private two G I used it for NATOs so that I could send out SMS alerting from the command structure in the correct language, because I could group people by languages. So it's been around for a while and I gotta imagine that as the private 5g vendors start learning how to market this stuff, we're gonna start seeing a lot of really cool ways of segmenting your employees or segmenting your teams. Whether it's robots doing stocking or whether it's humans doing healthcare, there's gonna be some interesting things. And the day of it and telecom being separate, I think is gone. So looking forward to seeing what happens, it's gonna be fun.
Lou Marsecca (00:58:20):
I find there's some interesting questions that come, come up in my mind. I'm wondering if you guys maybe can help me. Some organizations come out there. They say, Hey, we want to have, we want to add more reliability to our network whether it's in a industrial setting or whatnot, and today they add wifi and sometimes use a back haul that, or, or a backup network that is essentially maybe wireless or wifi or, or even like you said, 4g 5g, what is, what is the advantage of just going directly to 5g 60 gigger Hertz in this case? And just using that regardless of the wifi there. And and then having to switch over when there's fill over, what is there advantage to that? Or should, are there organizations who already have it, should they just switch or should they just keep what they have? And, and if you're starting new, try to go to this new model,
Brian Chee (00:59:09):
Tough one. I'm gonna toss this to Kurt, cuz Kurt's, Kurt's got the ham radio background. Well it is actually a pretty big difference between wifi and 60 gig and he's prepared. He's got the skills.
Curtis Franklin (00:59:24):
Yeah, the, the, the big thing about 60 gig is that as Brian has mentioned, you have things like oxygen and especially moisture in the air. If you're, if you're humid 60 gig is attenuated pretty heavily as it goes any distance. Now with that said, if you are piggybacking your private 5g on say a metropolitan carriers, 5g deployment, then you've got lots and lots of, of the, the little micro cells to, to carry you different places. So the, the good side about 5g is that it directly hooks into wider area networks. You don't have to have an, an additional gateway that goes from your local area network to your wide area network. You can typically have a wider variety of network access devices because ISIS, because, you know, face it, I it's interesting. I'll show how old I am. I can remember when you actually had to buy an add in card to get wifi for your laptop or desktop computer.
Curtis Franklin (01:00:51):
And there were a bunch of them now face it. You take the wifi that's built into your computer or your smart device. You don't think about adding on wifi with 5g. You tend to think about adding it on so you can be more deliberate about what you do now. Wifi is always going to be somewhat cheaper at the end point, but when you look at wide area network that doesn't require a gateway and the security provided by 60 gigahertz over any of the frequencies that wifi is currently operating on. You can see that there can be some pretty compelling arguments for moving over to, to private 5g for your metropolitan networking.
Lou Marsecca (01:01:57):
I do wanna throw this one more time as a cheaper cause cheaper. I was, you know, thinking about this as I was thinking about adoption for organizations and, you know, I was thinking this has gotta be expensive, right? Is there some cheaper options
Brian Chee (01:02:08):
Actually the 60 Giger solutions, one of the 60 gigahertz solutions from micro tick are friends in lot via they have a system go, just go on Amazon and search for wireless wire. The wireless wire system actually comes now in three different flavors. They're actually packaged together with two sides. You know, the near side, far side already to go all preset up. Literally you turn it on and you go oh, I think you gotta go and put some passwords on him, but that's about it. So the short range with the 90 degree panel antenna you could actually get a set for $125 and those will shoot maybe six to 800 feet. They have a similar system also called wireless wire, but with parabolic antenna that are three degrees. So you gotta take a lot more time, aiming them. Those can shoot multiple miles.
Brian Chee (01:03:19):
And then the last one was their new cube. Is the one that I talked about that is 60 gigahertz, but with a five gigahertz fallback I'm not quite sure what their the price on the cubes are going to be, but I actually bought a set of parabolics to go from the Pacific basin research center roof over to a bathroom at point panic, which is a surf spot. So we could link up the new underwater observatory that was under 300 bucks for a set including mounting brackets, which is pretty cool. Not
Lou Marsecca (01:03:58):
Bad. Yeah. For, for sprawls business. That's not too bad, actually. I was thinking it was gonna be thousands of dollars. So that's actually, I mean, I paid thousands of dollars for, for a wifi six system that didn't even work. I ended up sending it back. So that's actually pretty inexpensive,
Brian Chee (01:04:12):
The low end wireless wire. I've actually used it to shoot across streets through windows and they work just fine.
Lou Marsecca (01:04:20):
Unbelievable. Unbelievable. Well guys, time flies when you having fun and these host roundtables are a lot of fun, great topic today. Unfortunately we run outta time. So folks you've done it again. You've sat through another hour of the best thing, enterprise it and podcast in the universe who definitely tune your podcast to towt. We thank you very much to do that. And of course subscribe, but I wanna thank everyone who makes this show possible, especially to our, co-host sorry, Mr. Curtis Franklin Curtis, what's going on for you in the coming week? Where can people find you?
Curtis Franklin (01:04:53):
Well, I'm gonna be sitting at my desk doing a lot of research and writing up a big research project. That's due out in the middle of July, also beginning ready for Dar for black hat and the Omnia analyst summit. In addition to black hat, I am gonna be sticking around and attending DEFCON. So if anybody in the TWT riot is gonna be at either black cat or DEFCON would love to meet you face to face could be really interesting to get together. And I'll have some articles coming up on dark reading and of course for our subscribers at Omnia. So lots of words gonna be pouring out of my keyboard over the next few weeks before I hit the road again.
Lou Marsecca (01:05:45):
Thank you, sir. Looking forward to all those words. Appreciate it, Curtis. Well, we also thank our very own Mr. Brian, she as well sheer. It's great to see my friend, where can people find you? Where can people get ahold of you?
Brian Chee (01:05:57):
I'm grab me on Twitter. I'm a D V N E T a B advanced net lab on Twitter. And you know, we've been throwing all kinds of stuff off. Actually, if you've been following on Twitter, Twitter, you actually saw duke energy replacing the power pole behind my home. I was actually sitting there, you know, taking snaps and watching them do it. And they put a new transformer up and all that, all getting ready to go and feed a new underground power system. So that was kind of interesting to watch. Also, you know, feel free. I'm, I'd love to hear show ideas from you folks, especially on host round tables that you might want to hear in the future. If it's something that I can research and get us background on or something that the other guys are guys or girl, Heather Williams is definitely one of our team. We'll go and see, cuz I'm going to try very hard to go and put more host round tables into the schedule because the feedback from you folks has been that you like them. So I can also be reached on email cheaper, C H E E B E R T twi.tv or better yet throw email ATW twi.tv and that'll hit all the hosts. We'd love to hear your ideas. We'd love to hear your comments and take care of everybody and stay safe.
Lou Marsecca (01:07:25):
You too, as well, take care of cheaper. Well, we also have to thank you as well. You are the person who drops in each and every week to get your enterprise. Goodness, we wanna make it easy for you to watch the show and catch up and listen on, get your enterprise. And it news so good to our show page right now, TWI do TV slash TWI. It's really easy there you'll find all the amazing back episodes. The show notes, the coast information to get information, of course, the links that we do during the show as well, but more importantly, next to those videos, you'll get those helpful subscribe and download links, support the show by getting your audio version, your video version of your choice and listen on any one of your devices or any one of your applications, your podcast applications, cuz we're on all of them.
Lou Marsecca (01:08:05):
Podcasts, your apple podcast, YouTube, you name it. We're there. Subscribe. We love to have your support. And plus you may have also heard, we also have club TWI as well. That's right. So members only ad free podcast service with a bonus twit plus fee that you can't get anywhere else. And it's only $7 a month and you get a lot of great things with a club too. In fact, you get exclusive access to the members, only discord server. You can chat with host and producers, separate discussion channels. Plus they also have a lot of special events on there too. You definitely should check that out. Join club TWI and be part of that movement. Be part of that fun, go to twi.tv/club TWI. Plus you may have also heard, we also have corporate group plans for club TWI as well. That's right. It'd a great way to give your team access to our ad free tech podcasts.
Lou Marsecca (01:08:51):
The plan started at just five members at a discounted rate of just $6 each per month. And you can get as many seats as you like added there. This is a great way for your it departments, your sales departments, your developers, your tech teams to stay up to date with access to all of our podcasts and just like the regular membership. You can join the TWI discord server as well and get that TWI plus bonus feet as well. So definitely join club, TWI twi.tv/club TWI. After you subscribe, definitely impress your friends, your coworkers, your family members, with the gift of TWI, TWI and TWI. We talk a lot of fun tech topics on this show and I guarantee they will find it fun and interesting as well. So definitely give them a gift to quiet and have them listen and subscribe. Now after you subscribed, if you're available on Fridays at 1:30 PM Pacific time, we do the show live, come see how it's made behind the scenes.
Lou Marsecca (01:09:42):
Come see how the pizza's made all the fun stuff, the banter that we do doing and before and after the show, of course it's at live.twi.tv. There's all the streams on there. There's YouTube streams and all the streams. So go to live.twi.tv. Of course, if you want to watch the show live, you might as well jump into the chat room live as well. We have a live chat room, IRC do twi.tv, all the amazing characters that are in there. There they are. We have Gumby. We have loquacious. We have re Mike, we have chicken head. We have everybody in there. Wag G we have so many characters, new ones every week return ones. They have some great conversations. We have a lot of fun. In fact, we get some really great show titles from them as well. So thank you guys for being there.
Lou Marsecca (01:10:24):
Lou Marsecca (01:11:16):
I want to thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support these suite and everybody's tech each and every week. And we really couldn't do the show without them. So thank you guys for all your support over the years. And I also wanna thank all the engineers and staff at twit. Also wanna thank Mr. Brian. She just one more time. He's not only our co-host, but he's also our Titleist producer as well. He does all the bookings for the show and the plannings for the show and we really couldn't do without him. So thank you cheaper for all your support. Now, before we sign out, we also thank our editor for today. He's Kevin he's Mr. Kevin he's. He's behind the scenes master at making us look good after the fact. So thank you for your support, Kevin and all your help. And of course, we all also have to thank our TD for today. He's our talented Mr. Ant Pruitt. He does an amazing fabulous show called hands on photography, where I learn new things each week about photography editing, all fun stuff, ant what's going on this week in hands out photography.
Speaker 4 (01:12:10):
Well, Mr. Lou, I talked about your first paid photography gig, but I'm gonna put that to the side just for a second. I just wanna say women out there, there are a lot of men that are not in leadership and we support you and we got your back. That's all I'm gonna say on that.
Lou Marsecca (01:12:29):
Thank you, sir. Appreciate that. Well, until next time I'm Lewis ska. Just reminding you, if you wanna know what's going on in the enterprise, just keep TWI.
Speaker 5 (01:12:39):
Is that an iPhone in your hand? Wait a second. Is that an apple watch on your wrist? And do I, do I see an iPad sitting there on the table? Oh my goodness. You are the perfect person to be watching iOS today. The show where Rosemary orchard and I mic a Sergeant talk, all things iOS TV OS watch OS home pod OS. It's all the OSS that apple has on offer and we show you how to make the most of those gadgets. Just head to twit TV slash iOS to check it out.