Announcer: [00:00:01] You’re listening to Cyber Security Inside, a podcast focused on getting you up to speed on issues in cyber security–with engaging experts and stimulating conversations. To learn more, visit us at intel.com/cybersecurityinside.
Intro montage
Tom G: [00:00:40] Hi and welcome to the Cyber Security Inside podcast. I’m your host, Tom Garrison. And as always, I’m here with my cohost Camille Morhardt. How you doing Camille?
Camille: [00:00:50] I’m doing great, Tom.
Tom G: [00:00:52] You know, right before this podcast, I had to race out and I realized no longer do I need to adjust the temperature in my house because as I walked past the hallway, my thermostat lights up and it knows that I’m home now. And I was thinking, you know, just a few years ago, I’d have to go out there in the morning and turn up the heat because it was freezing cold. But, uh, yeah, it kind of knows me. It learns about my patterns. And, uh, it’s just one more thing. I kind of don’t have to worry about.
Camille: [00:01:26] Yeah, it sort of takes the fun out of what was that movie, where the, the fathers were all like completely freezing to death and they all met–it was, they were on vacation or something together, and they all met in the hallway–and there was the little girl in her pajamas and she had like turned the temperature down cause she was in her fuzzy.
Tom G: [00:01:46] Well, and, you know, uh, I had a place, we sold it now, but I had a place over in central Oregon and, and it was a godsend because we could first, we could monitor the temperature of the house when we were gone to make sure that the furnace was still working properly because otherwise all the pipes freeze and you end up with Niagara Falls inside your house.
And two, when we were going over there, as we took off, we could connect to it and turn up the heat. So by the time we got to the house, uh, it was nice and toasty for us. So yeah, I, you know, just the little creature comforts of this technology, uh, I think is just, it’s fascinating and it sort of creeps into your life, too. All this different consumer technologies sort of creeps into your life. And once it becomes part of. Who you are and how you live. You never want to get rid of it because the convenience is just fantastic.
Camille: [00:02:38] Well, I agree. And not to be too much of a downer on this one, but if you start to think about how much everybody is doing this kind of thing and connected. That’s one consumer electronic device that you’ve got connected to the internet. You’ve got it on your mobile phone. You’ve got it on your computer. You’ve got it on your wifi network. Imagine all of the other people out there, especially when you think about cities with consolidated housing and apartments and condos altogether, all built by the same developer, all probably with the same kind of, uh, consumer thermostat, in each of those units, all of those thermostats connected to everybody’s different wifi to everybody’s different mobile. And especially now that we’re all doing our work from inside of those units, you know, somehow all of a sudden the cyber security of these consumer devices is paramount even in the enterprise or in critical events.
Tom G: [00:03:38] Yeah. And we’ve, I mean, obviously, uh, we started off talking about thermostats, but it’s really any of these consumer prevalent devices that have sort of crept into our lives, into our spaces. And you’re exactly right. That the, from a cyber security standpoint, it poses an interesting question, because now who’s responsible for, for securing those environments.
Camille: [00:04:03] That is a good question. And this case, it’s not the chicken or the egg, I guess. It’s the employee or end user versus IT. Right?
Tom G: [00:04:12] Yeah. And the variability you can, I mean, you can get to almost an endless number of, of combinations and permutations of what devices and what setting and so forth. Yeah. This is a really interesting challenge, especially in now the, the age of working from home, more prevalently like we are. So I think this is a really, really interesting topic. You up for it?
Camille: [00:04:36] I know nothing about consumer tech. I would love to hear somebody who does.
Tom G: [00:04:41] All right. Let’s do it. Our guest today is Carolina Milanese. She is an industry expert in consumer tech trends. With over 15 years of experience, she’s an Analyst at Creative Strategies where she looks at the intersection between consumer tech and business. And she is a founder of The Heart of Tech, helping technology providers with their corporate social responsibility agenda. So welcome to the podcast.
Carolina: Thank you for having me.
So, you know, I think the first thing that we should probably, uh, ask is, is why are we having a consumer tech person on a cyber security podcast?
Carolina M: [00:05:25] Why am I here? (laughs) Um, there’s always funny when as a consumer tech, I need to kind of justify my existence in a business context because I’ve been doing it for uh, a long time, I spent 14 years at Gardner kind of justify my existence as a consumer tech analyst, advising the CISOs and CTOs on, on the corporate side.
The reality is that since the time of BYOD we have been taking technology that is primary consumer technology into the work environment. What has happened over COVID, II think it’s made real people realize as we are not in an office context. There’s less control over which device we as humans gravitate towards, and therefore there’s a higher need to understand, first of all, what devices we use and what we like to use and where your weakest links might be when you talk about data security and asset security.
Tom G: [00:06:24] Yeah. You know, it’s, it’s interesting just how behavior has changed because back before COVID, at least it at our company sort of working from home was something that was tolerated. It was allowed, you know, if you needed to work from home, you could work from home. But I think what COVID’s done–not just for us, but for many, many companies–is realized that wait. It’s actually in many cases, it’s better, you know, employees have even more flexibility. They can do work, uh, whenever they need to or want to. And, and so in that, from that perspective, it’s sort of here to stay. And so this merging of consumer and corporate is not just a, a COVID thing it’s a, a new normal.
Carolina M: [00:07:11] You’re absolutely right, Tom, we just did a creative strategy. A study in November is the second one we do since the beginning of a pandemic to try and assess sentiment, uh, from an employee perspective. And, and when we started to talk about going back to the office, one of the questions that we ask was “what do you want to do once you’re allowed to go back to the office?” 49% of the panelists came back saying they want to work remotely. And another 33% said that they want to work at least two or three days from home.
There’s no question in my mind that the way that we are going to interact in the office is going to change. Work and office are not going to be the same thing. I don’t have to go to the office to work. I’m going to go to the office to interact with people, which is what most people lament missing, being remote–and in a more purposeful way than we did before. And, and I think this is great because. As you say, uh, more flexibility opens up new opportunity, even from an employee perspective.
Camille: [00:08:21] Where’s that line going to be between a consumer responsibility, a quote unquote, consumer and employee who’s working at home in terms of making sure their environment is secure versus it going out and making sure all, you know, a hundred or thousands of people in their company are operating in a secure environment or in a secure way?
Carolina M: [00:08:43] It is a great question and I don’t know that we still have all the answers, to be honest with you, from a corporate perspective. My opinion is certainly it’s not on the employee. Um, as anything else, the, the burden either being, you know, security or manageability or deployment was my biggest issue that we faced during the, the beginning of a pandemics, right. People have to go and work remotely overnight. And the burden of, of that was on the employee. It can’t be like that. It has to be on, on the corporate side.
As fascinating and scary at the same time that, um, a large sample that Lenovo tested around concerns around security came back in a study, saying that 1-in3 employees are concerned about data breaches on business issued devices. Um, so there’s definitely a concern there from an employee perspective. Some them may, maybe years ago, wasn’t there.
But your question about where is it is before you were bringing a consumer device into an office. So it was clear, but you kind of have to go by the rule of the office. Right? Now you’re bringing technology in my home at the end of the day. I see that as my home. And there are things that I might not actually be happy for my IT department to be doing. The same way as I’m not happy with my not be happy with, you know, large tech companies be my home.
So is it is a tricky line to walk between how you manage and secure this, which to me, points to a higher need to focus on data then not devices. Because then the data doesn’t necessarily, you know, you’re talking more cloud than not physical location of something.
Camille: [00:10:53] Well, you, you kind of just brought up a scary point for me, I’m thinking about, okay, I’m used to any mobile device that I have, you know, if I ask it a question, it can answer or it can hear me ask it a question. And then consumers started bringing kind of more fixed devices into their living rooms or bedrooms or homes that did the same thing. And now you just introduced a concept, which I’m not sure I like so well, which is the concept of my IT department listening or sitting in the home.
So that kind of brings in some privacy issues. I’m not even sure IT would want to, uh, have that presence cause that’s a lot of potential for, uh, data they don’t want to have access to, to deal with.
Carolina M: [00:11:44] Absolutely. Yeah, absolutely. It definitely goes both ways. And there are liabilities that, you know, corporations have to be very careful about. You know, when you look at, for instance, PCs, the easiest way to solve part of that is actually not having a PC that is a corporate PC sitting on my home network. So thinkings for instance, at the ability for an organization to deploy a PC that has cellular connectivity built into it. And so you have more control over that, then not forcing me to upgrade my wifi connection and use, you know, an encrypted connection or a firewall and all the other things that tend to end up actually making my life miserable from it from a throughput perspective, right.
Sometime a lot of this security mechanism, add to the workload that the PC has to do. And therefore my experience becomes poor. So, you know, one thing that we definitely have seen OEMs and enterprise ask for more is connectivity embedded in laptops. Um, and that’s that cuts out any of that idea of, “okay, I have an IT department now in my home managing my network.” Uh, and instead is managing the PC as they always done. You know, that’s no different than what we did before.
Tom G: [00:13:16 So that says if you’re contemplating, what are some big changes that are going to happen, well, more people that are at home, either the IT shops going to have to dictate what kind of networking and what type of printer you should buy and what type of, you know, all of the other infrastructure. Or tell you, no, “you need a direct connection cellular connection, and therefore you’re going to get different kind of PC.”
Carolina M: [00:14:49] Yeah, I, I think the latter is going to be easier because it’s solving two problems, as well. There’s a security issue to it and then there is a, um, just the overload that you have, uh, from a work environment–even when your kids are going to be going to school, so you’re, we’re not, or at home trying to work.
Your broadband will be still, uh, strained by just even having one person working remotely. And, you know, in 2020 there was a lot of flexibility, um, that was, um, uh, put into the way that we were working. Right. You know, people knew that and we still are working from home, making the best of it we can do. Once we are in the position to go back to the office and it’s a choice to be home, I think that flexibility is going to go away and be, you know, there’s going to be a set of a requirement that organization will have. Even down to, “if you’re working from home, you’re going to have to have a certain chair and a certain workspace. “ Um, you know, working from the sofa is not going to be something that corporation will be happy with because there is a liability, right? There are people that are complaining about neck and back pain during this, months we’ve been working remotely. That’s okay for now, but it’s not going to be that way. You know, it’s, if you are now becoming a remote worker and that says how–from an HR perspective– you’re going to be classified.
Tom G: [00:16:25] Yeah. And, and I don’t want to go down this path, but it, you know, longer term, it even changes like how houses are built.
Carolina: Absolutely.
Tom G: But let’s not go down that path. Let’s try to stick maybe a little closer to home here. (Carolina laughs) And I’m thinking that at least to me, intuitively, I want to get your position on this intuitively to me, there’s sort of two approaches that accompany can take with regards to the division of work and home. And one is they can lock their work device completely down. And so the only thing you can do on that device is work. The other approach obviously is to maintain flexibility and I think users would probably in most cases like that more.
What do you expect with your experience in terms of how do you deal with that privacy angle of consumer data that has nothing to do with work and how our company is going to deal with that sort of merging within devices?
Carolina M: [00:17:22] Yeah, I think the device is the easier thing to fix, to be honest, and at the same time, I worry that focusing on the device, um, might give you a false sense of security because the issue is the data and the fact that we are moving more and more into a cloud world, I’m talking, not cloud from just, you know, where our information is stored, but really from a workflow perspective. So it doesn’t really matter what device I’m using because I can access what I need to access. And that to me speaks more and more about securing the data. And also to be honest, teaching people how valuable that data, that information is so, but there’s more an understanding of how I use it, where I use it, what kind of device I use it to access it and so forth. Because at the end of the day, for a long time, um, you know, even in the office, you have that full sense of security of that because it’s in the office, uh, thing stays in the office and that’s not true. Right. And since we started taking our computer home from the office, but since before of that, when we were photocopying documents, because “Hey, I have not finished reading this document in the office. I’ll photocopy, take it home and, you know, do the edits and whatever.” And I think that that now is moved to this digital world where you’re accessing information and data, um, and understanding how that needs to be protective.
So even with encrypted passwords or with watermarks or anything else that make sure that if there is a breach, um, you’re able to go back and find where that happened so that you can rectify it for the future. But securing the device, I think will get you in trouble sooner rather than later–only the device I’m talking about.
Camille: [00:20:00] Well, that sounds like there’s going to need to be some kind of massive campaigns of awareness for people who are dealing with other people’s private information or information, that’s confidential to a company–essentially, almost everybody. Because like you point out, I mean, the device can be as secure as you want, but if I’m printing something out and leaving it lying around and anybody can come through my house particularly right post-COVID right. Then you’ve you have to make sure people are aware. I would think.
Carolina M: [00:20:33] Yeah. And I think his is also about behavior, right? And that’s why I’m saying, you know, now we are living in a world where yes, I work from the kitchen or, or the, uh, the office. You know, our study found that only 40% of people that we interviewed in the US had a dedicated office space. That means that, you know, more likely than not you had kids or partners or whoever is living within that environment that could have picked up a conversation.
You know, I’m using a speaker, uh, from my, my PC at the moment. I don’t use a headset, uh, because I am in my home office. That wouldn’t be the case if I was doing this in a, in a kitchen space, right. Um, I would want that conversation to be private. And I think that a lot of, uh, is, um, it is about education. It is about new work practices, right that we need to learn to have that talk about security, uh, and, and privacy at the same time.
I think what plays in our favor from a corporate perspective is that consumers are becoming more aware of privacy and security risks. Um, and I think that gives them a better position to understand that in a corporate environment.
Camille: [00:21:54] Hmm. That’s kind of interesting. Are, are the responses to all of [00:22:00] this different? I know you mentioned you were originally from Italy and I know you contribute to writing in articles there. So you’re obviously still fluent in Italian. Are there, are there differences in different regions of the world? Just this perspective in general?
Carolina M: [00:22:16] There are differences in working remotely. Um, you know, it, Europe has always been very behind, uh, remote work and COVID has obviously accelerated that. Um, but as we were talking earlier about security, what is fascinating about a market like Italy is that they rely on mobile broadband, way more than they rely on fixed broadband. So, you know, as we were discussing earlier about connectivity, then, you know, they are a step ahead because they already more set up towards, uh, mobile connectivity versus fixed. Um, but in general, the amount of, of people that have even flexi-work as they call it in Italy, um, is, is very, very small compared to, to the US.
Camille: [00:23:48] Have we sort of bridged this divide already with the, the shared office space companies? Like I’m thinking We Work or similar types of organizations. Have they already dipped their toes in addressing this?
Carolina M: [00:24:05] Not really. Um, I, we I’ve seen smaller organization that are not as famous as, uh, we work obviously, um, change and, uh, rethink even their spaces, so they created more offices versus open offices. Some have actually packed up and, and, uh, changed locations with smaller locations. I know in the Valley that is it’s been going on for, for the past two to three months, people kind of waited to see how long this was going to take. But, um, I don’t think that people are in a rush to go into a shared environment when it’s harder to put in place rules that everybody’s gonna follow. Um, you know, it’s not like you’re going back to an office. I go back to, you know, the Intel office there’s going to be, there’s going to be a rules and regulation, that everybody’s going to is going to follow. Um, although you have some, uh, power, so to speak in a, in a We Work environment at the end of the day, you own the space to require people, uh, to follow certain rules.
I don’t know how much strength you have in forcing people to do certain things. Um, so I, I think it becomes more difficult and certainly from our studies, people were not interested in, in going back into a co-working space.
Tom G: [00:25:41] We do like to, uh, uh, have a little bit of fun with our guests to take the opportunity, to share something that you think our listeners would find. Interesting. Fascinating could be a book you read could be a movie you watched.
Carolina M: [00:25:56] So, because I knew that this was coming because I listened to the other podcasts. I did a little bit digging. I wanted to share something about women, um, because of my, uh, focus on diversity and inclusion and what I found that I didn’t know. So I’m hoping people don’t know either is that women started to wear high heel shoes following men. In the 1600s, men were wearing high heels to show their masculinity and their status. And women started to follow suit to be seen as a being on par with men.
And a second part of that was that when people started to do that, some governments like the French, um, uh, court at that time, put rules in place that said how high your high heel could be, depending on your status. So poor people could not wear high heels as high as the prince. And I thought that was fascinating.
Tom G: [00:27:04] Wow. That is very, very cool. I had no idea that high heels were about status. Oh, that’s that’s great. That’s fantastic.
Camille: [00:27:15] Time to rethink your wardrobe, Tom. (all laugh)
Tom G: [00:27:16] Yeah. Some six-inch stilettos that I’m going to walk around. I’m already 6’4”four. That’s what I need. Uh, all right, so Camille, what kind of cool things you want to share today?
Camille: [00:27:30] Well, I just watched this movie the other night and I thought it was particularly good. I know I don’t normally do entertainment bits on this, but I’m going to put this out there. Yeah. If you haven’t seen it, um, I think it’s worth a watch, uh, “One Night in Miami. It’s a one evening after a championship with Muhammad Ali and Malcolm X invites him and Sam Cook whose an entertainer/singer and Jim Brown, who’s in the NFL over to his hotel room. He invites them to have a party. And it’s, uh, I think it was originally a play it’s much more of a conversation and really just kind of getting to know who each of these men might’ve been and what they were struggling with, you know, as humans and as what they represent to the world. So I think it’s worth a watch. See what you think.
Tom G: [00:28:23] Well, I’ve heard of it. I’ve never seen it though.
Carolina M: [00:28:25] I second that. It’s an excellent movie.
Tom G: [00:28:28] So interestingly, [00:28:30] if we didn’t coordinate here, Camille, but I was going to go back–I’m usually the one that does the entertainment stuff. Uh, and I’m going to go back and entertainment world. And I just watched a new mini series. It’s called Chernobyl. They just do a great job of telling kind of what happened, but they do it from a very personal perspective and all the things that went into–not only what led up to the disaster, but, but also what did they have to do to prevent these other– I didn’t even know. There were a few things that were potential outcomes of the initial disaster that could have been far, far bigger than anything we ever heard of. But they did these heroic acts too, to prevent them from happening. And, um, obviously there’s a, there’s a lot of impacts from the radiation and everything else.
But, but anyway, it’s a great story. Uh, I learned a lot of things I didn’t know before. Um, and I think it’s, it’s worth people’s time, so that’s where I would go. [00:29:30] Um, all right, well, let’s bring this to a close and Carolina again I just want to thank you for spending the time with us. So that was a fascinating conversation to that sort of merging of consumer technologies into corporate and security and privacy. We went all over the place on that conversation and it was great. I think it really, really helped us. So thank you for coming in.
Carolina: Thank you for having me.
Announcer: [00:29:56] Stay tuned for the next episode of cyber security [00:30:00] inside. Follow @TomMGarrison and Camille @Morhardt on Twitter to continue the conversation.
