Rajan Panchanathan 00:09
Hi, welcome to the InTechnology podcast. I’m your host, Rajan Panchanathan. Today we are going to discuss a topic that’s top of mind for many, supply chain security. I’m excited to have Nima Biati, the Executive Director and General Manager for Cybersecurity Solutions at Lenovo, joining us to discuss the significant strides Lenovo has been making in securing the supply chain with a ThinkShield portfolio, particularly in partnership with Intel. Nima is a certified ethical hacker, sits on the board of directors for the FIDO Alliance and serves as a member of the European Internet Forum. Nima, welcome to the podcast. It’s great to have you here.
Nima Biati 00:56
Thank you for having me, Rajan. I’m very excited to be here, especially to talk about something near and dear to my heart, supply chain security. It’s an unfortunate topic that we have to talk about, but it’s one in which we’ve worked very hard and diligently on, both from the Lenovo ThinkShield side as well as the Intel side to help address for organizations.
Rajan Panchanathan 01:20
Yeah, it’s a very pertinent topic given the landscape today. Nima, to set the stage, let’s just first talk about the landscape itself. What are some of the most significant cybersecurity threats businesses face today?
Nima Biati 01:36
Yeah, it’s a great question, Rajan. So unfortunately, we still see ransomware continuing to rise and continuing to impact organizations. So ransomware isn’t really going away, and it’s been something that I can tell you from the very beginning of my career in cybersecurity, it’s been top of mind. I think especially in the topic or in the area of supply chain security, one of the things that really uncovered to most people, just the complexities of supply chains was the Covid pandemic. I mean, we all saw supply chains, not just in terms of technology, but in terms of construction material, clothing, sporting goods, and so we really got a view in terms of just how globally connected everything is, how complex the supply chain is, and how many hands, so to speak, an item goes through in order to it gets to its destination, whether it’s hardware or whether it’s software.
Rajan Panchanathan 02:42
And given the global regulations that have come into play and trying to make the supply chain anti-fragile, I mean, that’s caused a lot of dynamics in that particular area. Now, if we double click onto ThinkShield, Lenovo has long been a leader in providing innovative technology solutions as we know it. Can you tell us about Lenovo’s approach to cybersecurity in particular, which is in your area and specifically what ThinkShield brings to the table?
Nima Biati 03:10
So one of the things that I’m very proud of to be working at Lenovo, and I think one of the strengths that we have is that we are a R&D and innovation first company. And so we have a very rich history of R&D. When we look at how we approach security, we applied that mindset to it, but we also applied the mindset of the landscape, both in terms of the market landscape as well as the threat landscape. And through that lens, we take the approach of secure by design. And this is where supply chain security really fits in.
03:48
When we have any of our product teams sit down and come up with the next great innovative laptop as an example, the next great notebook device, the security team from that beginning point is sitting with them and working with them hand in hand to provide inputs into the capabilities, the solutions that need to be built into the platform itself to be able to provide customers security and what we call below the OS or below the operating system. Now that comes across in things like bio self-healing, firmware resiliency, firmware assurance, tamper-evident packaging even. But we actually go one step below that and what we do together with Intel on this is the supply chain. So beyond the normal discussion around the supply chain of a trusted supplier program where we vet and validate vendors, for example, we’re actually looking at the device itself and we want to address that piece of it.
04:58
Now, the ThinkShield really has three layers. I talked about the below the OS piece. There is the above OS piece, which our portfolio of solutions also addresses. So we have capabilities in our stack to be able to detect remediate ransomware attacks, detect and remediate advanced persistent threats — safeguards against data security, safeguards against being able to exfiltrate information from the device, privacy protection, a whole host of capabilities that we’ve built within the ThinkShield platform. So you’ve got the below the OS piece, you’ve got the above OS piece, and then there’s a supply chain piece. And with the supply chain piece, what we’re really solving for here is it’s not just, what I’m really excited about this Rajan is it’s not just a security story, but it also was a story around ESG, specifically around the G piece, the governance piece.
06:00
So taking the components that are in a device at the point of manufacturing and identifying what those components are, creating a golden image or a golden record of those components, so to speak. And then allowing the end customer, whether it’s that IT admin who’s going to provision those devices in their organizations, or even if that device is going straight to the end user, however it may be handled, giving that person at the end of the supply chain who’s going to reap the benefits of that device, giving them the ability to have a log, a record that says component X that went into your device at manufacturing point A or manufacturing point B, and then traveled through these different manufacturing stages, traveled through the different logistical stages. How many hands does a package change when you ship something, when it’s going through that logistical chain?
06:55
And then giving them the ability to validate and say, “These components that went in were legitimate, and now what I’m getting are those same components, they’re still legitimate.” That’s a security use case, but it’s also helping tick that G box around governance of what do I have and where was it sourced from? Where did it come from?
Rajan Panchanathan 07:22
Yeah, I mean, that’s a great point. The provenance information, the origin information that put into the traceability and visibility is as important as the security aspects is what you’re pointing out, which is a fantastic point. Let me double click on another part of this whole solution.
One of the standout aspects of Lenovo’s supply chain security strategy is its partnership with Intel.
Now both Lenovo and Intel are recognized leaders in global supply chains. How does Intel’s Transparent Supply Chain technology fit into Lenovo’s security vision overall?
Nima Biati 07:58
Yeah, so I’m really excited to talk about this question, Rajan, because we’ve just launched Lenovo ThinkShield Build Assure, powered by Intel Transparent Supply Chain. So this is really a game-breaking solution in terms of providing visibility, shining a light below the operating system, into the supply chain of the platform, giving a view, giving visibility, giving that validation that organizations in the past just didn’t have.
That’s what we’re trying to hit all the time, is being able to provide, at the end of the day, the most trusted devices to endpoint customers or to the end user. Now, that’s a target that, by design, is constantly shifting, constantly moving because the threat landscape is changing, technology’s changing, but that’s what we’re trying to drive at. And the Intel trusted supply chain piece of this forms the crux or a basis of our approach. We’ve taken a very complex topic, and security can be very complex. It can also be very ambiguous, and we’ve tried to simplify the framework at which it’s looked at to say, supply chain below OS, OS to cloud. And Intel’s Transparent Supply Chain provides us, through our collaboration and engineering, through our collaboration and the work that we do on a daily basis as two organizations coming together, the ability to have that baseline, to be able to have that core piece of covering that aspect of the threat landscape.
Rajan Panchanathan 09:44
Great. You talked about the integration of the technology, Intel’s Transparent Supply Chain technology with ThinkShield to address some of the key challenges that businesses face in securing the supply chain. Now, can you give us some examples of real-world successes? What are your customers telling and what are they experiencing when they apply these solutions?
Nima Biati 10:11
Yeah, so one of the things that I really love about my job is that I spend a lot of time with our customers. I spend a lot of time with our teams who are customer-facing, customer-centric. And one of the things that continually comes up as a use case with these customers is the ability to address hybrid. So you’ve got the supply chain aspect of it, but there’s also the hybrid aspect where devices don’t always just go to a corporate distribution center. They don’t always just end up in one place. A lot of times devices will go directly to the end user or they pass through multiple hands from manufacturing, logistics, perhaps then a channel partner, perhaps then a distribution then gets to the customer. And so this has been an area that nobody really had any visibility into in the industry. What’s actually going on with my device in those places?
11:11
And so when we talk to customers, what we hear is, “you guys are addressing an area that we all knew was there, but nobody really had a good solution to help us at least shine a light to it to see and gain visibility into what’s actually going on under the covers, so to speak.” And so I’d say that is overwhelmingly one of the core use cases or conversation pieces is visibility, visibility into the hardware supply chain.
Rajan Panchanathan 11:44
Great. That’s great. And I’m assuming this is applicable across different enterprises regardless of the sector and the size of the organization and so on, so forth.
Nima Biati 11:55
Yeah, I mean, we have customers, Rajan, that are all the way from financial services and insurance companies to manufacturing through consumer packaged goods, through healthcare, and really looking at that customer list, it’s organizations that have hundreds of thousands of employees all the way down to an organization that has several hundred employees. So security, one of the things that it’s done is, to a large extent, it’s leveled the field, so to speak, in that it’s not a, oh, cybersecurity or supply chain security is a problem of the big guys, the big companies. It’s applicable to every organization that has, whether they have a digital footprint or just frankly any organization that’s using devices.
Rajan Panchanathan 12:46
Excellent, excellent. Shifting gears a bit, Nima, can you tell us what does the future look like for cybersecurity and supply chain assurance? And how is Lenovo preparing for this next evolution in this space?
Nima Biati 13:02
Yeah, so no conversation would be complete in technology without using the word AI, so I’ll go ahead and get that out of the way. I don’t think we’ve actually said AI yet in this discussion, so let me bring that up. So AI is one of those things that has a tremendous amount of positive use cases. I mean, I was just talking to a customer the other day where they’re using models to be able to do things like being able to detect cancer earlier on in patients because they can bring together so much data and go through it in a very methodical fashion at speed and piece together parts of the puzzle that, to a normal human, don’t make any sense.
13:52
The flip side to that is AI’s lowered the bar from a technology standpoint for the attackers. It used to be 10, 15, 20 years ago, a lot of people got into hacking or were hacking or were attacking organizations. Some were doing it out of, let me see what I can do. Some were doing it to build some notoriety. Some were just curious people who wanted to see things or rather, see how things worked. Today it’s a very different environment and a very different landscape. Today these are criminal organizations. They’re run like any other organization. Some of them have bureaucracies.….they have logos, they want to build their own notoriety, but at the end of the day, they’re going after dollars and cents.
14:39
And so what AI has done, it’s lowered that technological threshold in a number of areas. One, it’s given tools to people that normally you’d have to be a software engineer. You’d have to know programming languages and know how systems operated. Today with some of these AI tools, you don’t need to know those things or it significantly lowers the bar. The other thing is that it makes the social engineering aspect, which is a big piece of hacking, much easier because creating things like deep fakes or you go look at a phishing email from six, seven years ago, it’s poorly worded. The grammar was terrible. Now you can use one of these AI tools to create a perfectly worded email for you in the same tone using the same language as your target audience. So that’s just going to continue to accelerate. So it’s going to be increasingly a game of the good guys versus the bad guys in this.
15:44
Now as it pertains to the supply chain, I think we, for example, at Lenovo use a number of capabilities and tools in our infrastructure for supply chain to provide greater efficiency. We use AI as part of our own supply chain to be able to optimize and have efficiencies. What I also look at when I look at the supply chain is that the world’s not getting any simpler. It’s getting more and more complex. And beyond that, you have increasing footprints of manufacturing, increasing logistical and distribution footprints. Also coming along with that, a host of regulatory frameworks that organizations need to fit into. And next to that, you also have coming in security models that CISOs are trying to drive against.
And so things like the supply chain security is incredibly, incredibly valuable and incredibly important. And I think it’s one of those areas that I know for us, working with Intel, we continue to invest in it. We continue to innovate in it. I tell you, earlier this week, I was on a call looking at some of the roadmap items, and it’s really exciting. Again, on one hand, it’s unfortunate because we have bad guys out there who are doing these things, and we live in a world where these types of things take place. But on the other hand, there are really, really brilliant people working on the problem statement of trying to solve some of these challenges. And so that keeps me excited about what we’re doing to stay a step ahead of the adversary.
Rajan Panchanathan 17:23
We are very excited to work with you to deliver such transformative results.
Nima Biati 17:29
And I’m very, very excited not just about the launch of ThinkShield Build Assure powered by Intel Transparent Supply Chain, but where we’re taking that roadmap together to be able to really open the aperture of visibility to really be able to expand the coverage of what we’re able to provide from a security standpoint to the supply chain that frankly, it’s going to change the way that organizations are able to address their challenges when it comes to supply chain.
Rajan Panchanathan 17:58
Now, before we wrap up, could you share some key takeaways for businesses who are looking to enhance their supply chain security?
Nima Biati 18:09
Yeah, I mean, I think the first is use trusted vendors who have… A global footprint is always a good thing. Resiliency in their supply chain. I’m proud to say Lenovo has one of the highest ranked supply chains. We’re constantly winning awards for our supply chain. So, resiliency in supply chain. Efficiency in supply chain but leverage tools to help you address those blind spots. Just because you don’t have visibility to a problem doesn’t mean that the problem doesn’t exist. If I don’t have visibility to know that my back door of my house is locked, doesn’t mean that it’s locked or not locked. I need to have visibility into that. And it’s the same thing with the supply chain. And so thankfully, there are tools that we have in the market today and tools that Lenovo and Intel continue to innovate on to help organizations shine light in those areas.
Rajan Panchanathan 19:08
Thank you so much, Nima, for sharing your insights today. It’s clear Lenovo and Intel are leading the way in supply chain security innovations. We look forward to the partnership and delivering standout results for our joint customers.
And thanks for tuning in to InTechnology. Stay secure and stay ahead of the curve in this ever-evolving digital landscape. We’ll catch you next time.
