Host Jeremy Cowan puts his feet up as the Trending Tech podcast is taken over by ChatGPT. It’s all about Trust as Deepika Chauhan, chief product officer at DigiCert, confronts the digital security challenges facing us all, and Jim Morrish, chief research officer at Transforma Insights, shares the inside scoop on rapidly rising cyber defence opportunities and revenues. Plus, find out what Taylor Swift and Queen Elizabeth II have in common.
Listen to all episodes
Jeremy Cowan: [00:00:00] Hi, and welcome to Trending Tech podcast number 36 on Digital Trust & Security and just to see what we can trust in our inbox and in our ears these days. I turned to ChatGPT and gave it this command. ‘Write a lighthearted 90 seconds introduction for the Trending Tech podcast, sponsored by IoT-Now.com, VanillaPlus.com, and TheEE.ai with guests Deepika Chauhan of DigiCert, and Jim Morrish of Transforma Insights’, and no kidding, 15 seconds later I had this:.
“Welcome to the Trending Tech Podcast, the show that’s guaranteed to make you feel smarter about technology than your parents. I’m your host, ChatGPT, and I’m here to bring you the latest and greatest in the world of tech, sponsored by [00:01:00] iot-now.com, vanillaplus.com, and theee.ai. Today we have two special guests joining us.
“First up, we have Deepika Chauhan, the Chief Product Officer at DigiCert. She’s here to talk about the latest in digital security and how to keep your online presence safe from all those pesky hackers. And joining her is Jim Morrish, the Chief Research Officer at Transforma Insights. He’s here to give us the inside scoop on the latest tech trends, including everything from AI to IoT, and everything in between.”
Okay, the humour is nice and light. Maybe the syntax could be improved, but let’s be honest, it’s not bad. Not bad at all, especially as I never even told ChatGPT what the topic was. Although I might query the job titles, this would’ve taken me a lot more than 15 seconds to put together. [00:02:00] Frankly, I’d still be swigging my coffee.
So let’s rewind and start. Hi, and welcome to the real start of Episode 36 of the Trending Tech podcast. It’s the one on digital trust and takeover by ChatGPT. My name’s Jeremy Cowan and I’m co-founder of the telecoms and technology sites already mentioned twice. Thanks for joining our growing global band of listeners.
As you heard, today we are joined by Deepika Chauhan, Chief Product Officer of DigiCert, a global provider of Digital Trust.
Deepika: Very nice to be here as well. Excited to have the conversations on such an interesting topic.
Jeremy Cowan: Indeed. And yes, you may have had a spooky insight that we’re also joined here by Jim Morrish, co-founder of the analyst and consultancy firm, Transforma Insights.
Jim is part co-host today. In fact, he’ll be taking over from me very soon as I’m stepping out of the tech scene. [00:03:00] But we also want to hear his tech expertise, so welcome Jim.
Jim: Thank you Jeremy. It’s great to be here.
Jeremy Cowan: Good to have you back again. And thank you for everyone joining our, sometimes serious, sometimes lighthearted look at digital transformation for enterprises.
Now, before we get stuck into digital trust, let’s take a quick look at some serious tech news stories our experts have spotted. And later we’ll have our usual tongue-in-cheek chat in the closing section called What The Tech, where we explore recent tech news stories that amazed or amused us. Jim, I’ll come to you first if I may.
What’s the serious tech news story that you found for us?
Jim: Yeah. Thanks Jeremy. So the thing that popped up and hit my radar, particularly thinking about this podcast was a story around Orange Cyber Defense. (https://newsroom.orange.com/orangecyberdefense-newrecruitingseason//?lang=en) And they’ve, they’re recruiting 800 people in Europe in 2023. Last [00:04:00] year they recruited 777.
Currently they’ve got about 3000 staff. And that just underlines the scale, I think of the resources which are being dedicated to security. And there’s a few other data points that set me thinking. I found a few other data points. So, Ericcson or their CradlePoint subsidiary acquired Ericom in April 23.
QPT value added infrastructure made an acquisition, Hewlett Packard Enterprise, K K R, you know, all within the last six months or so. And it really underlines to me the emphasis that’s gonna be placed on technology-based scalable solutions because everybody seems to be hunting out resource and there’s a limited resource pool and they’re resourcing to acquiring capabilities.
So I think anything that comes in that’s technology-based and scalable is going to be quite valuable in that context.
Jeremy Cowan: I think you’re right. And talking about value. Looking at that story, I was struck that Orange’s cyber defense revenues have increased fivefold over the past eight years. That’s huge. But perhaps it shouldn’t be surprising. My gut instinct is [00:05:00] it’s gonna be much more in the next eight years.
Jim: I would expect that it is gonna grow very quickly. I was slightly surprised at the fivefold. I’m not sure if that represents what the actual industry has done or whether they’ve been capturing market share, but certainly it underlines for me that it is something that is probably far more of an industrial concept, you know, the industrialization of security and the application of that to enterprises, then possibly many might necessarily imagine.
I think it’s regarded as something which is often regarded as something which is almost infinitely scalable and products based and, and it’s not. There’s real resources, an almost industrial process being applied to it.
Jeremy Cowan: Yeah. Deepika, any thoughts on this?
Deepika: Yeah, I think it’s very interesting what Jim is mentioning because in our customer conversation we are seeing something similar that with the rapid complexity of the IT infrastructure across all the verticals.
What we are seeing is the complexity of IT infrastructure is not just limited to taking care of the servers, the laptops, the [00:06:00] users, it’s all the different devices that exists as well. And so the headache for the IT teams has increased. It’s not just the devices, it’s also the software. The software that we use h as so many different libraries and we don’t know where they’re coming from. They’re coming from third parties. Have they been signed? Are they secure? So more and more we are seeing the digital trust is becoming a strategic imperative for companies across the globe, across the verticals. And it’s not surprising as a result that many of these other companies are increasing the revenues from cyber-defence.
Jeremy Cowan: I think that’s a fascinating insight on it. From the trust angle. Deepika, which serious tech news story caught your attention.
So very interesting. Somehow connected to what Jim was talking about. The rapid industrialisation of the digital trust aspects. I also think there’s a rapid [00:07:00] consumerisation of the security aspects. (https://arstechnica.com/information-technology/2023/04/open-garage-doors-anywhere-in-the-world-by-exploiting-this-smart-device/ )
The story that caught my attention was it appeared recently, a couple of weeks back. That open garage doors anywhere in the world can be exploited by a smart device. So essentially we have the story of, there’s a universal controller, and the controller can be used to open the garage doors by the consumers as well as some of the home security.
But what researchers found was these controllers were using universal passwords, and using the universal passwords, they were also broadcasting the unencrypted email addresses as well as the device ID and the first name and the initial. So as a result of that, the researchers were able to find out by looking at the firmware, what that universal password was, because all the controllers were using that, and they were able to find out the information about other users and they were [00:08:00] able to actually using any device, to open garage doors as well as alarm systems, disable and enable them for anyone. So this was a major hack and this kind of speaks how essential it is to embed security on all these devices because something so basic that we use day in and day out.
Every time I’m using my garage door openers, I’m gonna be concerned about it. I thought that was very interesting.
Jeremy Cowan: Yeah, this was on arstechnica.com, wasn’t it? It is breathtaking that that kind of lack of attention to security is being perpetuated. Jim, I was shocked, but perhaps I shouldn’t be.
Was it a surprise to you?
Jim: Well, yes and no. So me of the elements of that have happened before. I mean the standard devices and the borrowing of codes to open things. I mean, that’s been demonstrated. That can happen with cars. The universal passwords, those have been deployed into cameras, [00:09:00] security cameras of all things.
And the sharing of email addresses, those kind of things has been demonstrated that there are smart home solutions, which do that kind of thing. But that really is a full house. I mean, that’s a clean sweep of all of the really major problems, which have emerged.
There, there was one thing, as you described that Deepika, there’s one little element of security that it didn’t quite ping, I think, which is a few years ago there was a story of a, of a doll, a children’s doll, which is kind of a baby monitor.
And, and also meant to be able to converse with the child. And that could be hacked via Bluetooth by somebody standing nearby. So if you live in an apartment or your child’s bedroom is near a pavement or something, somebody outside could pop up their Bluetooth phone, connect to the doll and start talking to your child now.
And they didn’t manage to do anything quite that bad. But otherwise, I think that’s pretty much a clean sweep. Yeah. So, so well done
Deepika: and Jim. This also reminds me of the story a few years back in Vegas Dark Trace actually found that through sensors in the fish tank in a Vegas [00:10:00] casino they were able to enter and get the high roller database basically.
I mean, again, it was the same kind of element , that something so small and what anyone would consider insignificant actually is used as a way to enter the infrastructure and the network to connect, collect really critical information. So you see elements of this repeat again and again and again and hopefully we are learning, but we have long way to go.
Jim: Yeah. I believe that casino in question, I think they had an approach where they, they regarded everything that was on the network as trustworthy. So all that person needs to do is find one way of getting onto the network and it was the and it was the fish tank monitoring.
Yeah. But I guess that brings us onto discussions around certifying things and making sure that, you know, things are sending the right kind of information to the right kind of destination.
Jeremy Cowan: That’s a nice link. If anyone in the meantime wants to check out the stories that they’re hearing today for themselves, we are going to put the [00:11:00] links to all the news stories in the transcript so you can follow them there.
Yeah, as Jim rightly says, this takes us to the beating heart of today’s podcast on Digital Trust. Jim over to you, first:
Jim: Yes definitely. So Deepika, a little about DigitCert. If you don’t mind. So I gathered DigitCert as a company was established out of frustration, I think, when the founders discovered that they couldn’t make simple digital transactions.
And these were frustrating and time consuming. It, it kind of sounds like there’s a story there. So what is it that happened and what did the founders do about it?
Deepika: Yeah, so something very simple. It happened almost 20 years back. It was established SSL certificates were at the core of making sure the digital transactions were secure.
So the founders were developing a web transaction engine of a website and they were trying to get a secure certificate, SSL certificate, and it was very complicated for them to get the certificate, to deploy the [00:12:00] certificates. And so they decided, you know, it’s a very common problem. Why don’t we just start providing this as a service to the customers? So at the very core, it was being customer obsessed about this very common problem that a lot of other developers were facing and then making it available. And that was a genesis of DigiCert where it started with providing a very easy to use service, for customers.
And you know, I love this story, because This is one of the challenge for security as well, because the security needs to have great user experience. The number one reason why many people bypass security is because of the user experience. If your user experience is bad, either we don’t do it, we ignore it, or it becomes an afterthought.
So it’s always a balance between user experience as well as installing security. And that was a genesis of[00:13:00] the DigiCert journey.
Jeremy Cowan: Can we fast forward to today’s internet of things where IoT can support anything from smart home solutions to enterprise digital transformation? I mean, clearly all solutions need to be secure and reliable. What are the key problems faced in securing IoT Transactions?
Deepika: I would say the key problem today is that security is an afterthought in the IoT devices.
There’s so many different iot devices, from medical devices to consumer devices to industrial devices, to automotive. And every device they have different maturity cycle depending on the vertical they are in. But I would still say for most of them security is and afterthought. As, as an example, just six months back, FDA published a research And they looked at the medical devices in the hospitals, and they found more than 53% of the [00:14:00] devices had vulnerabilities.
And recently as a result, FDA has issued a guideline, but that just speaks to once you start researching, you find how so many devices we use day in and day out, whether in context of our work or daily lives, which have vulnerabilities. So it’s an afterthought. I would say in the five years we have come a long way and we are becoming more thoughtful, especially in terms of the customer conversation legislators are having in this segment.
But we have a long way to go as well. The basic authentication, encryption, and non-repudiation. And let me just speak to it. When a device is talking to a device, how do you know it is actually that device and not something else? Or how do you know it’s actually that user? When a software is getting installed on the device, how do you know there’s not malware or these devices are so long lived?
How do you know the vulnerabilities have not been discovered [00:15:00] and the software has not been patched ? And how do you know the device to device communication is encrypted, and so the basic three legs of this two, the authentication, the encryption, and non-repudiation, that’s why is very critical. And it’s not there in most of the devices.
Jim: Thank you. So I understand that you’re offering a new digital trust solution to unify certification authority-agnostic certificate management and public key infrastructure, or PKI, as it’s known services. How does this help tackle those challenges?
Deepika: Yeah, so for the, IT what we see is.
As you mentioned, Jim earlier in your story, the complexity of the IT infrastructure with the rapid digitisation has exploded. You have new surface attack area because of more software as well as more devices. You have remote workers now with multiple devices and multiple deployment methods. As a result, the [00:16:00] number of certificates within any enterprise has exploded..
And those certificates come from a number of certificate authorities. So what the customers are really looking for is. How do I get a handle on my entire landscape? Because over the years they’ve faced almost every year, almost every other company, irrespective of vertical or geo, has faced outages. And these outages can go north of $10 million on an average.
Even recently, Elon Musk actually had a tweet about one of the outages related to certificate expiration. And we have seen this in Google. We have seen Shopify, even some of the best companies have suffered it. So having a solution which is allowing the customer to discover the entire landscape of certificates, no one there is expiring, have notification and automated so that.
Then don’t have to [00:17:00] deal with certificate related outages because it’s a huge disruption in the service. That is the value in terms of digital trust.
Jeremy Cowan: Deepika what are the next security and trust hurdles that need to be overcome in IoT if we can get past the ones you’ve already outlined. And when can the IoT sector expect to see some real solutions here?
Deepika: Yeah, so what’s exciting is that. We are seeing changes in the mindset in different industries within the IoT because IOT is not one world.
There are many microsystems within that, depending on the verticals. So recently the Matter standards, MA TTER from Connectivity Standard Alliance has come out where the consumer devices in home, you know, they’re Matter certified. And what they’re establishing is what is a secure way for these devices to talk to each other.
So if your garage controller was actually matter compliant, [00:18:00] we wouldn’t be having the challenge that we are talking about now. So that’s talking about security in within the home. And it’s a great example. Where Many of the vendors within that ecosystem connected and created a consortium. It’s like, this is something that we have to solve for the devices to take off because they could see the challenges.
Now the second thing is sometime you’re seeing government regulations, so just last week FDA came out with new regulations about the medical devices and what the guidances for the medical devices to install the security related best practices when they’re deploying it within the hospital network, whether it’s the insulin pumps or the patient monitors.
And automotive is a similar story. So you’re seeing more and more, whether it’s government regulated or industry groups combining themselves to create these security standards. There’s a talk of internet of medical things, just like internet of [00:19:00] consumer things, and you have the widespread adoption taking place slowly.
Jeremy Cowan: Looking at something that we talked about earlier, Deepika, we were referencing ChatGPT. Now, I know this isn’t directly in your area, but just looking at it from a high level, there was some interesting research recently from NordVPN that showed a 625% rise from January and February this year compared to last year in ChatGPT hacking posts on dark web forums. How can users stay cyber secure when dealing with chat bots?
Deepika: That’s a great question. And look, all of us are trying to use ChatGPT in the work as well as home environment because of the productivity advantages that it provides. But ChatGPT is also getting smarter based on the information it’s gleaning. And how do we make sure. it’s not a case of [00:20:00] garbage in, garbage out in terms of the data which is fed to make it smarter is actually the right data. It’s not the fake data. And so there’s a, there’s a basic components of I think the authentication and the non-repudiation, which are still critical.
If ChatGPT, for example, is covering the internet to find out the information, how does it know which one is the right information and which one is not the right information? And I think over there. There are a lot of other, in fact, media organisation, which have formed separately from the AI, the Content Authenticity Initiative.
You know, and if there’s a perception of what content is authentic, then I think ChatGPT has extra levels to provide that information so that they know what is so-called fake content versus what is authentic content and gives that information to the users. That’s just one dimension, there are many [00:21:00] dimensions, of course.
Jeremy Cowan: Understood. Jim, we are already seeing examples of, you know, failures in Bard and ChatGPT bringing out or sharing information that is factually incorrect. Is there anything that you would add to what Deepika has already said on this particular aspect of the use of AI?
Jim: Yes, there is actually. And what I would do is I would reframe the question and imagine it in five or 10 years time because this stuff gets easier.
And right now ChatGPT seems pretty advanced and bard’s pretty advanced as well, but that’s gonna be commonplace within a year or two. And then more sophisticated things are gonna be around in five and 10 years and, and to use. To put a positive spin on it. The technology will be democratized.
And, and there’s a corollary to that, which will mean that anybody can get their hands on it. At that point. It’s gonna be a lot easier to get hold of something which has the capabilities that is represented by ChatGPT. The GPT four version today, [00:22:00] the more sophisticated version. Yeah, it’ll be much easier for, for somebody of nefarious intents to get hold of that kind of capability.
And at that point it’s very easy to deploy a model which is not necessarily accountable or managed by a company that’s as responsible as OpenAI. To, for instance engage in fraud or fraudulent conversations with people and try and get people part with money to make investments in imaginary stocks or something like that.
So, I think in five or 10 years time, the there’s gonna be a, a really quite significant problem associated with this just because it’s been democratized and it’s no longer focused on, on a few models, which are managed in a fairly responsible way. And at that point we we’re gonna have to be really quite careful.
It’s going to be much more akin to the way that we would deal with emails. You know, I think everybody who’s listening to this would be extremely careful about clicking on link that comes to them in an email from an unknown location. Or if you do think it’s a real link, you might actually go [00:23:00] via Google to a website and search and find the same information via a safe route.
And of course, and maybe Deepika has a view on this but it may be that these AI models or chat models, actually needs to be certified. And that is interrogated before your browser allows you to get into a conversation with
Deepika: Yeah, it’s similar to, it’s the maturing model in the moment.
The AI is in the early in fancy, in a, in a way, and it’s, it’s gonna mature. So just like with the web, you know, slowly you started using the web and then how did you secure transactions and security practices were embedded. The same thing is gonna happen and authenticating the different agencies at the, at the core of it, the authentication will flow into all these areas.
Who is it that’s providing the information? Is the information secure? And that’s where some of the basic tenets and principles that we’ve used for certificate authorities and PKI will be relevant.
Jeremy Cowan: That’s really thought provoking. Thank you both. Okay. Let’s kick back for a moment and see What The Tech has amazed or amused you lately.
Jim, I’m gonna ask you to go first. What have you seen?
Jim: So, so an entertaining story, which is quite closely related to this kind of security theme we’ve been talking about. Was an article suggested that, that one of the most frequently used passwords in 2022. Was Taylor Swift. I should say here at this point that, that none of my passwords include the words Taylor or Swift, but it seems that many out there do.
But, but it did strike me spinning back to the beginning or earlier in this conversation that isn’t as bad as the the default passwords programmed into carriage doors because that’s out there as public information. At least somebody has to guess. Taylor Swift. So it is an improvement on that.
Jeremy Cowan: Yeah, last year seemed to be one of the popular ones was Queen Elizabeth and so was bad bunny, Jennifer Lopez, Ben Affleck and Elon Musk. I think Bennifer as Ben Affleck and JLo [00:25:00] seem to be tagged on social are probably a bit too 2022. I’m willing to bet Charles and Camilla are not trending. Deepika, any thoughts on this? What can we learn from this?
Deepika: Well, you know, this is, this is very interesting.
I mean, I think that’s why the zero trust policies are becoming more and more common because the password by itself is restricted to the imagination of people. Some people are looking at their own algorithms and creating their own algorithms. Some people are using the password management systems, but I think this is where the zero trust.
initiatives are gonna become very, very critical because we can’t… it seems we are not mature enough to manage our passwords.
Jeremy Cowan: No indeed.
Jim: It, it is in fact being regulated in some markets. Certainly in Australia there are regulations where you, you are not allowed to use default passwords and users must configure them.
So, so there are steps being taken in that direction.
Jeremy Cowan: Yeah. It’s about time. Deepika. [00:26:00] What in the news has made you smile or frown?
Deepika: Well something that I found is mu was recently, there’s a news in BBC. Would you open up to a chat bot therapist? So all of us are used to asking Alexa questions, silly questions but really having a companion as this article spoke about and sharing some of the deepest thoughts was a step too far from where we are today.
Jeremy Cowan: Hmm.
It’s certainly something that I can see huge benefits for with people who face the challenge of autism. Obviously, being prepared to meet outsiders in the real world was one of the suggestions in the article. And I hadn’t even considered that when I started reading. Or it could be something providing support for the lonely that was a BBC online report was it Deepika?
Deepika: It was a BBC report. Yes!
Jeremy Cowan: Okay, well again, we’ll stick the [00:27:00] link in the news to that. https://www.bbc.com/news/business-65110680 Okay. If you wanna follow up on any of these stories, you just go to the transcript and do let us know on LinkedIn what you think. You can find me for your comments at Jeremy Cowan in LinkedIn. That’s C o w a n.
So before we go, let me say a big thank you first to Jim Morrish of Transforma Insights. It’s always a great pleasure to have your expertise. Jim.
Jim: Thank you, Jeremy. It’s been great to join you and great to have a conversation with Deepika as well.
Jeremy Cowan: And how can people reach you for more information, Jim?
Jim: Well the best way to reach me would be to email email@example.com. So I will get emails to that address. Yeah, look forward to hearing from anybody with with interesting questions or comments on the topics of today or wider IoT and digital transformation.
Jeremy Cowan: Indeed.
And huge thanks also to Deepika Chauhan of DigiCert.
Thanks for sharing your insights, Deepika, and thank you so much for [00:28:00] your patience in the time it’s taken us to get to this point. I’m delighted to have you on podcast today.
Deepika: Thanks, Jeremy. It’s been great to be here. And thank you Jim and Jeremy for a great conversation.
Jeremy Cowan: And how can listeners contact you Deepika?
Deepika: Listeners can reach DigiCert at digicert.com as well as through LinkedIn or Twitter handles.
Jeremy Cowan: That’s brilliant. Okay, and thank you too to our rapidly growing audience around the world. Don’t forget, you can subscribe to the Trending Tech podcast wherever you found us today. Until the next time, keep safe, keep checking vanillaplus.com. iot-now.com, and theee.ai, where you’ll find more tech news plus videos, top level interviews, event reviews, and so much more. And join us again soon for another Trending Tech podcast, looking at Enterprise Digital Transformations. Bye for now.