“Startups work on IT resilience, help change their approach to cybersecurity”
A chat with Antonio Varriale, co-founder of the Blu5 group, Managing Director of the Blu5 Labs innovation center and member of the Advisory Board of our Cybershield acceleration program about his professional experience in Southeast Asia.
What if the motto 'less is more' also worked for cybersecurity? In Asia, a new vision of cyber resilience is increasingly taking hold and is based on a simple principle: instead of adding layers upon layers of security to try to reduce the number of 'ports' for malicious actors, we completely avoid providing for the use of an 'access port'.
Antonio Varriale, CTO of the Blu5 Group and head of a research and development team on cybersecurity issues for governments and companies, talks to us about this approach, also used in Singapore.
“The very concept of Network is closely connected to the concept of sharing, what we are trying to do in the West is to build ever more efficient technologies to protect, ever better developed products, at ever greater costs. In Southeast Asia, they are trying to apply solutions already known in the field of telecommunications to create connections without opening ports and without public addresses, only when a service is required: a peer to peer system that changes the rules of the game. I believe that an acceleration program like Cybershield has the opportunity to start a reflection also on this different approach to open up to new innovative solutions.”
Varriale points out that the increase in budgets for technologies and systems that serve to increase cybersecurity is not correlated with a decrease in risks and attacks, on the contrary: “Complexity is the number one enemy of security because the more complex our systems become, the greater the difficulty of managing and the greater the possibility of incurring human error. Adding layers of security also means adding potential vulnerabilities.”
A new approach, on the other hand, suggests not thinking only of a possible attack, but of optimizing infrastructures to streamline security systems and giving access only to certain services: “It is important to control who asks me for access, from which device, through which application, at what time and from what place,” suggests Varriale.
Often, companies reject the news and motivate the choice by blaming compliance, continues Varriale, “but today we need a new IT resilience system to be able to work even when a defense system fails because we can already consider our network compromised, if it isn't yet, it will be soon, given the rapid increase in attacks. But you can have ransomware running, while maintaining its operation. There are techniques and strategies to do this when I can give access to a service and I can control and border that service: connectivity and isolation at the same time. These are operations that also have an impact on energy consumption and I think that startups can try to work on these new secure connectivity techniques.”
