Skip to main content

Interview Series - Barry Hodge CEO SecurLinx Corporation

For the next entry in the Infosec Professional Interview Series, we chat with Barry Hodge CEO of SecurLinx Corporation on biometric authentication and the current trends in information security.

Ed: Hi Barry and thanks for spending the time with Infosec Professional.
How has information security changed in the last 3 years?

Barry:  As more companies expand their core operations to include web or cloud based services, the potential for compromised information flow and financial losses has grown exponentially. Identity management is extremely difficult in the virtual world and even the most routine interactions can have severe consequences. Most business leaders feel the pressure to have a presence on social media without a clear understanding of the risk/reward ratio of doing business in the “Wild West”. In my prior experience in corporate America most losses of intellectual property or business information were inside jobs. Now the losses can occur without the management team even being aware of the breach. As unsettling as these prospects are, they pale in comparison to the threat of the liability and business killing publicity associated with having losses of customers’ and employees’ private information. Awareness of the problem is high but solutions are expensive, often ineffective and can inhibit organizational productivity.  

What do you think are the main threats facing organisations in 2012?
Barry:  Other than a growing exposure to a major incident, I don’t see anything much different from the current issues in securing access to physical places and information systems. Protection from real financial loss and increasing liability for stored data are still the two major concerns. That being said, there are other localized or niche issues that are trickling down in the commercial marketplace. From health clubs to construction sites, identity management and productivity losses can cost companies dearly in a time when profit margins are slim and the viability of the business is threatened.

Are organisations ready to deal with those threats and what can they do to protect themselves?
Barry:  Some are some aren’t. Larger enterprises have solid security plans and measures in place. In my opinion, smaller organizations are open to finding a solution but they are not getting good advice or consultative services from their vendors. Most security technology companies are small relative to their potential customers and approach the sales process from a narrow point of view involving their particular product or service. Organizations that develop a holistic security plan and engage vendors who openly collaborate for the customer’s benefit will reap the greatest rewards. It starts with a strong in-house or contracted service for IT integration. Once that is in place, working on specific problems for performance improvement follows a well known path and enables the user to select the appropriate solutions. The best protection is to develop a plan and an implementation program. Getting started is the difficult task and sometimes you just have to take that first small step out of the comfort zone. On the vendor side of the equation, there is still a lot of technology and very little supportable product. Choose wisely.

The last 3 years has seen global organisations make significant in roads to protect data from a logical and network perspective.  Does physical access control need to play a greater part and are organisations aware of it's benefits?
Barry:  Physical security is becoming more significant for several reasons. As the economy has weakened, the workplace is less stable and the potential for damage through vandalism by disgruntled employees in on the rise. Add to that the threats of anything from terrorism to Occupy Wall Street mischief and the physical environment is highly vulnerable. Theft is always an issue but increasingly so in a down economy. Innovations in biometric modalities such as facial recognition and iris scanning can increase productivity and reduce cost of use while significantly improving security. One of the first places an organization should examine in a comprehensive security program is physical access control.  

Infosec has now become it's own profession, with job titles, budgets and certifications.  What challenges do infosec professional face on 2012?
Barry:  The biggest challenge in our industry is the velocity of change. Information security is an arms race as the opposition keeps upping the ante and we play defence by applying countermeasures to threats. Speaking as one with a loud voice to increase the criminal penalties for online activities that cause damage is one opportunity. Information systems terrorists are just as lethal to our economy as those that do physical damage to infrastructure. Deterrence is our greatest challenge.

What are the key questions your clients ask when looking to select a product or services offering?  Experience, RoI, cost etc?
Barry:  Our clients seek all of the above with an emphasis on ROI. Cost will decline as acceptance and volume increase. ROI is the first barrier that must be overcome. Most companies tend to overestimate what can be done in a year and underestimate what can be done in ten. The advances in the last 10 years have made biometric solutions cost effective. The next 10 will be amazing.

With the global credit crunch effecting budgets across all areas, is security now seen as a luxury good for many projects?
Barry:  Security is looked at by most companies as a cost of doing business and if my competitor isn’t investing, I can let it go too. My personal opinion is that security can be a competitive advantage if it increases employee productivity and decreases cost. It is our job to design and implement solutions for our customers that do just that. Technology should facilitate the provisions of better security and lower the cost of ownership to the organization. I believe that is possible today.

Ed: Thanks Barry for your time today and giving us your insight.


Popular posts from this blog

2020: Machine Learning, Post Quantum Crypto & Zero Trust

Welcome to a digital identity project in 2020! You'll be expected to have a plan for post-quantum cryptography.  Your network will be littered with "zero trust" buzz words, that will make you suspect everyone, everything and every transaction.  Add to that, “machines” will be learning everything, from how you like your coffee, through to every network, authentication and authorisation decision. OK, are you ready?

Machine Learning I'm not going to do an entire blog on machine learning (ML) and artificial intelligence (AI).  Firstly I'm not qualified enough on the topic and secondly I want to focus on the security implications.  Needless to say, within 3 years, most organisations will have relatively experienced teams who are handling big data capture from an and identity, access management and network perspective.

That data will be being fed into ML platforms, either on-premise, or via cloud services.  Leveraging either structured or unstructured learning, data fr…

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:

Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?

Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…