Most technological advancements in IT or OT are made with the best of intentions. What happens when the technology you have acquired causes unintended consequences? I sit down with Ryan Morris of Morris Management Partners to discuss what he sees in the world of OT and the opportunities for existing and prospective clients.
[00:00:07] [SPEAKER_00]: Welcome to MSP 1337. I'm your host Chris Johnson, a show dedicated to cybersecurity
[00:00:13] [SPEAKER_00]: challenges, solutions, a journey together, not alone.
[00:00:22] [SPEAKER_00]: Welcome everybody to another episode of MSP 1337. I'm joined this week by no matter
[00:00:28] [SPEAKER_00]: flu. No words come out of my mouth today appropriately. I'm joined by none other than
[00:00:33] [SPEAKER_00]: Ryan Morris, Ryan Morris, welcome to the show.
[00:00:36] [SPEAKER_01]: Thank you very much, Chris. It is very good to be here with you.
[00:00:39] [SPEAKER_00]: So title of today's episode is the unintended consequences of good technology choices.
[00:00:46] [SPEAKER_00]: I like the throw choices on there because I think most technologies by their very
[00:00:51] [SPEAKER_00]: nature were not ever built for nefarious or bad things. I'd say most, but in this
[00:00:57] [SPEAKER_00]: particular case we're talking about the acquisition or building of technology for good
[00:01:04] [SPEAKER_00]: purposes that can have unintended consequences.
[00:01:07] [SPEAKER_00]: And I've talked about this on other episodes, talking about things like patch management,
[00:01:13] [SPEAKER_00]: you know, the vulnerabilities that come out and you know, sometimes before you get to
[00:01:18] [SPEAKER_00]: vulnerabilities, you identify things that are bugs or unintended features.
[00:01:23] [SPEAKER_00]: And so I think this is some respects as similar to that. Like until something negative
[00:01:28] [SPEAKER_00]: comes about from it, it doesn't necessarily mean it's bad.
[00:01:31] [SPEAKER_00]: So I think today what I think is important is if you would just share a little bit
[00:01:36] [SPEAKER_00]: about kind of where you've been that got to this idea behind, you know, what are the
[00:01:40] [SPEAKER_00]: unintended consequences? Because I think more important than anything isn't whether or
[00:01:45] [SPEAKER_00]: not you have this happening in your environment might not. But that you're thinking about
[00:01:50] [SPEAKER_00]: it and that you've got some sort of like strategy around if these things aren't to occur.
[00:01:54] [SPEAKER_00]: What could I have done? And what can I do in the future? So the next time I evaluate
[00:01:57] [SPEAKER_00]: technology, I'm incorporating that into my decision making process.
[00:02:03] [SPEAKER_01]: Absolutely. So the
[00:02:06] [SPEAKER_01]: the basic theory here is that all technology is interconnected, nothing that we buy,
[00:02:13] [SPEAKER_01]: sell or use in this industry does anything by itself, right? We live in a world where
[00:02:19] [SPEAKER_01]: all systems touch all other systems eventually and that is almost the intended purpose of everything,
[00:02:26] [SPEAKER_01]: right? We want to deploy networking connections so that people can share information.
[00:02:31] [SPEAKER_01]: We want to have data migration and mobility so that we can share information with each
[00:02:37] [SPEAKER_01]: other across geographical or organizational boundaries, right? The purpose of technology
[00:02:43] [SPEAKER_01]: is to forge connections. When we like, like your basic opening theory, right? These are
[00:02:50] [SPEAKER_01]: good tools. These are intended for blood and positive purposes, but they can be used against
[00:02:57] [SPEAKER_01]: us if people don't choose, right? Like every technology and history of humankind. It is
[00:03:05] [SPEAKER_01]: agnostic. The the tool itself is not good or bad. It's the question is how do you use it?
[00:03:10] [SPEAKER_01]: The observation that I'm making is that it's not even as simple as whoops, I didn't anticipate
[00:03:18] [SPEAKER_01]: somebody would use this technology for a bad purpose. I'm going to go as far as to say new
[00:03:25] [SPEAKER_01]: technology used exactly the way that it was intended to accomplish exactly the benefits that we
[00:03:32] [SPEAKER_01]: were promising causes, new problems, new considerations that the sellers of the new technology
[00:03:41] [SPEAKER_01]: either didn't understand or didn't want to get my or down in because they're slow down
[00:03:46] [SPEAKER_01]: and they're sales cycle. It's not like I have a technology and it was used incorrectly
[00:03:53] [SPEAKER_01]: what I'm observing and a space where we can spend some good time kind of looking at
[00:03:58] [SPEAKER_01]: some real world scenarios is in the area of the overlap or the crossover in the world of IT
[00:04:06] [SPEAKER_01]: and OT, right? There are digital systems that you and I and everybody in our industry space
[00:04:11] [SPEAKER_01]: we grew up understanding the purpose and the function of all of this information technology
[00:04:19] [SPEAKER_01]: in parallel and often dramatically predating our information technology systems. There are these
[00:04:27] [SPEAKER_01]: operational technology platforms that do things that are necessary for the actual execution
[00:04:34] [SPEAKER_01]: of an organization, right? Think, factory, think highly regulated utilities. Think about
[00:04:41] [SPEAKER_01]: anything that operates in the physical space, green screen AS 400, those these things that have
[00:04:48] [SPEAKER_01]: been deployed for 50 years and they make a robot arm go left and right and left and right. Right?
[00:04:55] [SPEAKER_01]: Like it does, there's an entire category there. When these two worlds overlap with each other
[00:05:01] [SPEAKER_01]: you will find that the very best application with the very best intentions of a new IT or OT
[00:05:10] [SPEAKER_01]: solution, the very best application with the very best intentions, often will break the systems
[00:05:17] [SPEAKER_00]: on the other side of the app. Sure. You know it's funny I was thinking back to another episode
[00:05:24] [SPEAKER_00]: that we did that was, you know, I sorry, IOT and then OT and it's interesting. We're talking
[00:05:33] [SPEAKER_00]: about the potential, the unintended consequences and that whole episode focused on, do you
[00:05:41] [SPEAKER_00]: know what your assets are? And in the context was assets that are now visible on at least one
[00:05:48] [SPEAKER_00]: year of the year of the year of the year of the year of the year of the year of the year of the year of
[00:05:49] [SPEAKER_00]: your V-land. So on your network and I think to your point, we're talking about just connecting it to the
[00:05:55] [SPEAKER_00]: network and what are those potential consequences? And that episode that we focused on, you know,
[00:06:02] [SPEAKER_00]: what are your assets? Like the numbers that are mirrored of scenarios on that one very narrow focus.
[00:06:09] [SPEAKER_00]: I'm curious, did you have any examples of scenarios where like, oh by the way, because you did
[00:06:16] [SPEAKER_01]: X, you now have Y. What are you going to do about it? Yep and yeah well and it's almost always
[00:06:24] [SPEAKER_01]: the answer of the technology industry. It's like we built and deployed one thing that broke a
[00:06:30] [SPEAKER_01]: previous system which just creates the need for a new system. Sure. Without actually going back
[00:06:36] [SPEAKER_01]: and correcting the original flaw, a good example for you right? So I spend a lot of time in the OT space
[00:06:42] [SPEAKER_01]: in industrial software, manufacturing operations, automation of robotics and warehouse and factory
[00:06:50] [SPEAKER_01]: systems right? The nominal advanced technologies, everything from product design,
[00:06:57] [SPEAKER_01]: manufacturing, all the digital simulation and testing right, the nominal advanced technologies
[00:07:04] [SPEAKER_01]: as an industry they are not quick when it comes to adopting new models into deployments because they
[00:07:12] [SPEAKER_01]: deal with hard coded systems that have been in place for generations in many cases, right? Like if you
[00:07:19] [SPEAKER_01]: are an automobile manufacturer those robots in your factory that do the spot welding on sheet metal,
[00:07:26] [SPEAKER_01]: you're not going to change the underlying operating system of that robot on a foot, right? You're
[00:07:33] [SPEAKER_01]: not going to place kind of like a car exactly. The most it's a different width of car than what
[00:07:40] [SPEAKER_01]: you're standardized on it's still going to be an axle. Yeah, you're moving heavy things in the
[00:07:46] [SPEAKER_01]: physical world. You've achieved the underlying systems alone for as long as humanly possible,
[00:07:53] [SPEAKER_01]: but they are now coming into a cloud-based, fast and subscription world which again that's a very good
[00:08:01] [SPEAKER_01]: thing. From a customer's perspective I can deploy faster, I can consume the technology on a more
[00:08:09] [SPEAKER_01]: as needed or as used basis. They're good financial economic benefits for the user. They're
[00:08:15] [SPEAKER_01]: tremendous advantages, the vendors who sell this kind of software they've had an awakening,
[00:08:22] [SPEAKER_01]: they're moving aggressively in that direction and saying not only is it good for the customer,
[00:08:26] [SPEAKER_01]: but it's good for us right subscription revenue drives up the valuation of the software company.
[00:08:32] [SPEAKER_01]: You see how it's being used everybody wins. This is a brilliant thing. Good technology,
[00:08:37] [SPEAKER_01]: successfully deployed for the benefit that it was intended. Oh, by the way, if you take what
[00:08:45] [SPEAKER_01]: used to be an old AS400 green screen application that has historically been physically deployed
[00:08:52] [SPEAKER_01]: on a device or a machine in a specific location, right? Like if it's not actually in the robot,
[00:09:01] [SPEAKER_01]: itself it's physically deployed within walking distance of that machine that's going on.
[00:09:07] [SPEAKER_01]: Might even be inside the yellow line. Exactly, it's like you know the stuff has always been there
[00:09:15] [SPEAKER_01]: and now it's available on the cloud. We can monitor, we can manage it, we can track usage,
[00:09:21] [SPEAKER_01]: identify bottlenecks, we can do continuous quality improvement on software based on real customer
[00:09:27] [SPEAKER_01]: environments. Oh by the way, it's now available on your VLAN. It is now discoverable as a digital asset
[00:09:37] [SPEAKER_01]: you have just introduced a cybersecurity threat, a surface area that is vulnerable to an exposed
[00:09:45] [SPEAKER_01]: surface area. That literally never had to consider those things before, right? Like we remember the
[00:09:52] [SPEAKER_01]: old movies about technology and hacking, right? Where the only way to hack the machine was to physically
[00:09:58] [SPEAKER_01]: enter the facility in Tom Cruise hanging down out of a ceiling vent or whatever, right? Yeah,
[00:10:04] [SPEAKER_00]: hackers with the motor box that gets plugged in to the. Yeah, you've got to physically be there.
[00:10:10] [SPEAKER_01]: And so there was physical security that overlaid very limited digital security issues. That entire
[00:10:17] [SPEAKER_01]: universe of technology systems has now just been fast forwarded immediately into the most aggressive,
[00:10:25] [SPEAKER_01]: most vulnerable cyber environment that you can imagine zero of the operators of those original
[00:10:32] [SPEAKER_01]: technologies are cyber guys. Zero of their budgets include an allocation for, well do we
[00:10:40] [SPEAKER_01]: harden the systems before we deploy them to to to the actual go live environment? They
[00:10:49] [SPEAKER_01]: were given a sales pitch by a technology vendor. You did the business case, you looked at the
[00:10:54] [SPEAKER_01]: technology case, you were like brave new world, right? This is brilliant new technology. It's
[00:11:00] [SPEAKER_01]: exactly what we intended it to do. And then, oh, by the way, the guy in the IT department who happens
[00:11:07] [SPEAKER_01]: to have network access responsibilities gets an alert that says there is now a foreign object that
[00:11:14] [SPEAKER_01]: has entered your domain. Is this an operation? And it is 100% unprotected beyond just the basic
[00:11:24] [SPEAKER_01]: heart shell of your firewall architecture, right? It's it was never conceived as a networkable digital
[00:11:32] [SPEAKER_01]: asset. And so it doesn't have like I mean, your email, your web browser, your fast applications,
[00:11:40] [SPEAKER_01]: all the technologies that we understand and use either as the end user or as the service provider,
[00:11:47] [SPEAKER_01]: right? For every single thing that you touch every day was born and bred in an environment where
[00:11:53] [SPEAKER_01]: somebody had to at least consider the implications of cybersecurity. The O2, about and on off switch
[00:12:00] [SPEAKER_01]: that's analog. Exactly exactly. And that is again, this is one of those areas where
[00:12:08] [SPEAKER_01]: okay, so yes it does introduce a whole new vulnerability but it introduces an opportunity either
[00:12:15] [SPEAKER_01]: to improve your credibility with the end user or to forever bankrupt your credibility.
[00:12:21] [SPEAKER_00]: And you've been sort of talking about the merger of ITOT for a while now, there's an article
[00:12:27] [SPEAKER_00]: actually on Compty as website about the merging of ITOT utilizing digital twin technology. I think
[00:12:34] [SPEAKER_00]: is the title of the article. I think back if we go back to when you were talking about like
[00:12:39] [SPEAKER_00]: say eight years ago, we had two other industries this well, I'll just say specifically one industry that was
[00:12:45] [SPEAKER_00]: really starting to see or feel the effects of living in the digital world. So thinking about things
[00:12:52] [SPEAKER_00]: like dichomemaging, MRI machines, largely in healthcare, so going back to 2013 and even earlier when
[00:12:59] [SPEAKER_00]: we started seeing these things that had computers in them, I love how you mentioned AS 400. It's
[00:13:04] [SPEAKER_00]: not that the AS 400 wasn't potentially connected to the internet in a different scenario just in this
[00:13:09] [SPEAKER_00]: particular case. They had no reason to connect it when these were built. But what's really interesting to
[00:13:14] [SPEAKER_00]: me is I think about the challenges that were still still billing what today in healthcare of like,
[00:13:20] [SPEAKER_00]: well, I'm going to upgrade your system because it's run on Windows 7. You're talking about AS 400.
[00:13:25] [SPEAKER_00]: It's only doesn't upgrade path. Like, oh, if you're running AS 400, what version of the software
[00:13:30] [SPEAKER_00]: are you running? I don't care. I don't even know what versions they would be, right?
[00:13:34] [SPEAKER_00]: But I think there's a different problem here and it's not the technologies necessarily as the
[00:13:40] [SPEAKER_00]: is that we're introducing technologies that by their very nature are vulnerable. It's like,
[00:13:45] [SPEAKER_00]: I'd like to use the example of like, you don't let your pet walk on a busy street. You keep the
[00:13:52] [SPEAKER_00]: dog on a leash, right? Because there's a good chance it's going to get run over. So if I look at
[00:13:57] [SPEAKER_00]: it through that lens, I'm thinking, okay, well, what am I doing to ensure that the environment
[00:14:01] [SPEAKER_00]: that I want to bring this asset into is ready? I think that actually is the premise of why
[00:14:08] [SPEAKER_00]: I'm doing what I'm doing at Comtean, why many of the cyber evangelists we hear out there are
[00:14:13] [SPEAKER_00]: making the claims of like, you need to get your house in order before you start saying, hey,
[00:14:18] [SPEAKER_00]: I'm opening the doors for open house and anybody who wants to come in can come in because
[00:14:22] [SPEAKER_00]: I have cameras in place and I have, you know, proper vetting of like identifying if there's a threat
[00:14:28] [SPEAKER_00]: that's entering the premises versus yeah, got locks on all my doors. Good luck. You're like,
[00:14:33] [SPEAKER_01]: were you just made your lock beyond the Wi-Fi? And it doesn't have network access controls around
[00:14:42] [SPEAKER_01]: it, right? But see, this is exactly where you're going. I can remember eight years ago,
[00:14:48] [SPEAKER_01]: we had a conversation where we stated that within the next five years and we didn't predict
[00:14:55] [SPEAKER_01]: the pandemic or anything so everything got accelerated even more than what we found way back then,
[00:15:00] [SPEAKER_01]: we made the observation in the prediction that within a certain number of years, more than 50
[00:15:07] [SPEAKER_01]: percent of all IT technology acquisition would be paid for and authorized by a decision maker
[00:15:14] [SPEAKER_01]: of cyber-GVIT department, right? And back then we looked at it from, you know, if I'm an MSP
[00:15:20] [SPEAKER_01]: and I am selling systems administration, right, outsourced technology administration as
[00:15:27] [SPEAKER_01]: my basic reason for existence, historically we only talked to the IT department. We talked to the
[00:15:33] [SPEAKER_01]: CIO, the IT director, we talked to the people in that side of the house and we did not have
[00:15:39] [SPEAKER_01]: connections with the marketing department, the warehouse, the customer service department, the manufacturing
[00:15:45] [SPEAKER_01]: floor and back then the observation was get ready. These other humans are going to be consuming
[00:15:52] [SPEAKER_01]: technology. That subscription has an underlying economic model, turbocharged, that transition.
[00:16:00] [SPEAKER_01]: What we thought was going to take five years, wound up taking about three and we live in a world now
[00:16:07] [SPEAKER_01]: where everybody you talk to is going to tell you that something like six and a half or seven out of
[00:16:22] [SPEAKER_00]: an hour makes sense, right? Because if you think about where technology is going to be used,
[00:16:28] [SPEAKER_00]: it's really only a small percentage in the IT department. Absolutely, right? We, the IT department
[00:16:34] [SPEAKER_01]: is responsible for the holistic environment, everything connected to everything else operating,
[00:16:42] [SPEAKER_01]: the ability reliability security in the business. I have to support it, but I didn't approve of it.
[00:16:47] [SPEAKER_01]: Exactly. I don't know what that is. Frankly, think about my example in the, in the
[00:16:54] [SPEAKER_01]: O.T. world, right? You are an IT guy, advanced degree years of experience, bona fide rocket science
[00:17:01] [SPEAKER_01]: credentials for understanding really advanced and complicated systems. Does that mean that you
[00:17:17] [SPEAKER_01]: or aerodynamic testing and simulation, or an digital model? Do you have engineering and physics
[00:17:25] [SPEAKER_01]: and materials stress tolerance background in addition to your IT rocket science skills? No. Right?
[00:17:32] [SPEAKER_01]: And that's true, whether you're in the manufacturing side, in the finance side, like you said,
[00:17:38] [SPEAKER_01]: in the healthcare operations diagnostic environment. The IT guy comes in and says,
[00:17:43] [SPEAKER_01]: I can literally fly any plane you put me in. You just give me the controls. I can fly this
[00:17:50] [SPEAKER_01]: point. What is the plane? Oh, it's a digital simulation platform or it's an MRI machine. Do I
[00:17:58] [SPEAKER_01]: have any expertise whatsoever about what it is? No, but I can turn it on and make it accessible.
[00:18:05] [SPEAKER_01]: I can make everything operate effectively, but the subject matter expert is responsible for all
[00:18:12] [SPEAKER_01]: that inside the boundaries conversation. But again, you got to ask the mirror version of that
[00:18:17] [SPEAKER_01]: question. Rocket science skills on their side of advanced application functionality. They know what
[00:18:24] [SPEAKER_01]: they are doing. Are they trained on cybersecurity? Are they trained on network access control? No,
[00:18:32] [SPEAKER_01]: absolutely not. And that gap is exactly where we find the vulnerability. We're describing consumerism
[00:18:39] [SPEAKER_00]: and it's finance. We like things fast and cheap. And when it comes to the patient's part of that
[00:18:46] [SPEAKER_00]: fast and cheap, it's not there. So I remember when the links is router, the everybody remembers
[00:18:52] [SPEAKER_00]: the purple boxes, they had a little button on the front that when you pushed it, basically gave
[00:18:58] [SPEAKER_00]: you the capability if you're running any of the other links as equivalent, it just connected.
[00:19:03] [SPEAKER_00]: Like, now we're even better with iOS 18. I can be like, do you don't know the code for the internet?
[00:19:08] [SPEAKER_00]: Are the Wi-Fi here? Let me share the QR code on my phone that I just generated for you right
[00:19:12] [SPEAKER_00]: now to keep things secure and safe. It's an underlying challenge we've always had. The technology
[00:19:19] [SPEAKER_00]: developed is at a faster pace than the mindset of well-end we need to secure it. I would also
[00:19:28] [SPEAKER_00]: argue though that from eight years ago to today, one thing that has shifted is the acronyms
[00:19:33] [SPEAKER_00]: and language of understanding the definitions of what variables need to be understood by the
[00:19:39] [SPEAKER_00]: general consumer of business, business technology, operational technologies has matured significantly
[00:19:45] [SPEAKER_00]: in one key area. Is this secure? Was security considered at inception? Not everybody's asking it,
[00:19:53] [SPEAKER_00]: but I would even say a year ago, then the noise was more of a whisper. Now it's getting really
[00:19:58] [SPEAKER_00]: noisy. It doesn't mean it's changing yet the implementation of truly secure, but I think the
[00:20:05] [SPEAKER_00]: consequences being felt even by those that didn't do anything wrong, that were doing it right.
[00:20:12] [SPEAKER_00]: They still feel the impact for those that are making mistakes and they're now starting to hold
[00:20:17] [SPEAKER_00]: others accountable. So I think we're at a tipping point, perhaps in this OT space because it's been
[00:20:24] [SPEAKER_00]: here for a long time. It just hasn't been very visible for a long time. It's the same idea I think
[00:20:29] [SPEAKER_00]: with AI. We've had AI for a long time. I mean when was the last time you talked to that
[00:20:34] [SPEAKER_00]: female voice that you get a, you know, sends back commands to you that I don't want to wake up
[00:20:39] [SPEAKER_00]: because I think she's asleep. When she's angry, she does not give me any of the answers that I want.
[00:20:45] [SPEAKER_00]: But if you fast forward to today and it's funny because my cousin is actually in Berlin talking
[00:20:52] [SPEAKER_00]: about AI at the some Intel show talking about AI and the abilities now on a laptop running an
[00:21:00] [SPEAKER_00]: Intel AI enabled processor. And I'm like, the reason we didn't talk about generative AI five years ago
[00:21:06] [SPEAKER_00]: in a water cooler conversation is because we couldn't afford access to it. And I think the
[00:21:12] [SPEAKER_00]: OT is a similar idea, right? Like the reason why it's not been huge across the board all the time
[00:21:19] [SPEAKER_00]: because the cost to develop the connector to gain access to the OT device without spending,
[00:21:24] [SPEAKER_00]: you know hiring a programmer and developer to build out all the things. We don't need those things
[00:21:29] [SPEAKER_00]: at the same level anymore. I can go into an AI tool and say, hey look, I have A and I have B and I
[00:21:34] [SPEAKER_00]: need them to talk to each other and it's like, this is what you need to do and you're like cool.
[00:21:39] [SPEAKER_00]: That took two years of research down to 25 seconds now I can go build this. But the AI tools aren't
[00:21:46] [SPEAKER_00]: designed to say, hey, you know what? I hope you're considering that this is a secure implementation.
[00:21:53] [SPEAKER_00]: So so like where do we go? Like I mean, we've talked about all of the unintended consequences
[00:21:58] [SPEAKER_00]: of like what happens when it's exposed on the network and I think anybody listening, we don't
[00:22:03] [SPEAKER_00]: have to tell you what happens because it's been exposed. That's what the media is for.
[00:22:07] [SPEAKER_00]: But where's the, you know, we had a little bit of time left like, how do we tell our audience
[00:22:12] [SPEAKER_00]: and tell those that, you know, they may share this with? That there's a path forward. This can be done the right way.
[00:22:20] [SPEAKER_01]: Yeah. We'll see and this is where I think it's exactly the right time for this conversation,
[00:22:26] [SPEAKER_01]: just as you said. There's, there's enough non-specialists awareness like like the inter-table
[00:22:34] [SPEAKER_01]: conversation about cybersecurity among people who have no idea about cybersecurity. We've gotten to
[00:22:40] [SPEAKER_01]: that point where the CEO, the CEO, don't have a clue what the systems need to be. But they're
[00:22:47] [SPEAKER_01]: pissed about right? Like they're, they're looking around and going, I'm not going to be on the
[00:22:52] [SPEAKER_01]: evening news. I don't want to be not one. So that the demand is therefore it, which means and the
[00:22:58] [SPEAKER_01]: solution is not obvious, which that just sounds like an opportunity, right? I think this is a
[00:23:04] [SPEAKER_01]: phenomenal opportunity for technology solution providers and for the vendors that we work with.
[00:23:09] [SPEAKER_01]: I think of it on both sides of the table there. If I am the MSP, I have long-term contract
[00:23:16] [SPEAKER_01]: relationship with my customer. Hopefully I am diligently exercising a regular cadence of QBRs.
[00:23:23] [SPEAKER_01]: I need to add a section to that meeting agenda that says other business applications and tools.
[00:23:32] [SPEAKER_01]: Right? Outside of the IT stack above the seven layers of the network and the infrastructure
[00:23:37] [SPEAKER_01]: and all of the deployment and user access into the actual business logic layer. We need to move
[00:23:45] [SPEAKER_01]: up into that layer of the stack and say, what else are you running? What are you considering,
[00:23:51] [SPEAKER_01]: changing? What are you considering adding and let us be the responsible adults who say,
[00:23:57] [SPEAKER_01]: when you consider any of those things bring it to us, we will put it through the packaging
[00:24:02] [SPEAKER_01]: in the filtering process to ensure that when it goes in, it always goes in. In a secure way,
[00:24:10] [SPEAKER_01]: doesn't disrupt or break any of the rules for their holistic system that's already in place,
[00:24:15] [SPEAKER_01]: but it also doesn't slow down the adoption of the acquisition of that new technology that's
[00:24:20] [SPEAKER_01]: going to change the way you do your business, right? You don't have to become a subject matter expert
[00:24:27] [SPEAKER_01]: in engineering or, you know, magnetic resonance imaging technology. You don't have to do that.
[00:24:33] [SPEAKER_00]: But you do know a little man with the magic. You put the whiskers on the little man with the
[00:24:38] [SPEAKER_01]: is out of your talking about? Yes, absolutely. You can you can draw very many things.
[00:24:43] [SPEAKER_01]: This is the thing. You don't have to be an expert inside the box, but you do have to be an expert
[00:24:49] [SPEAKER_01]: on the box and how it connects and interacts with the rest of the system. If a customer comes to
[00:24:56] [SPEAKER_01]: and says, by the way, I'm about to deploy this new digital manufacturing automation system and
[00:25:02] [SPEAKER_01]: a can my network handle it and b-win can it be ready to go live? When you come back to them and say
[00:25:08] [SPEAKER_01]: I'm standing in the business case. I understand the operational dynamics of that. Let me be the
[00:25:13] [SPEAKER_01]: responsible grownup who says, let's put this through the protocols to ensure that it is and remains
[00:25:19] [SPEAKER_01]: as secure as your system needs to be. They will look at you with an entirely new set of
[00:25:25] [SPEAKER_01]: acts. You are no longer just the guy who runs the systems. Now, you're the one who says every decision
[00:25:33] [SPEAKER_01]: in technology and business improvement that you guys make, you bring it back through me and I will be
[00:25:38] [SPEAKER_01]: your voice. So, reason if you are a seller, a vendor of those kinds of technologies, think on
[00:25:45] [SPEAKER_01]: the other side of the table. If you are somebody who sells those technologies and you are only
[00:25:51] [SPEAKER_01]: talking to your subject matter expert, right? I sell finance application in tech that you can put
[00:25:58] [SPEAKER_01]: into the CFO's office and operation. If you are selling directly to the CFO and you do not have
[00:26:05] [SPEAKER_01]: a channel in your ecosystem that is directly connected to systems administration,
[00:26:14] [SPEAKER_01]: security, connectivity, etc. If that branch of your ecosystem is not directly engaged,
[00:26:22] [SPEAKER_01]: that's go to market now, practice for you as a as a social worker. Because I said, if you're the one who
[00:26:28] [SPEAKER_01]: brings it up, they look at you with a whole new set of eyes and they go, wow, you actually understand
[00:26:33] [SPEAKER_01]: what I'm trying to do and you can help me get there faster. But imagine being the guy on the other
[00:26:38] [SPEAKER_01]: side who comes in and says, hey, I can put all your digital manufacturing stuff in the cloud.
[00:26:43] [SPEAKER_01]: And then somebody says, by the way, have you stopped to consider the cybersecurity implications
[00:26:49] [SPEAKER_01]: of doing that thing you just recommended? The guy on the other side of the table who goes,
[00:26:55] [SPEAKER_01]: I'm not a cyber guy, I didn't even stop and think about the cybersecurity thing. What just happened
[00:27:00] [SPEAKER_01]: to your credibility? You will never be taken seriously by senior executives,
[00:27:07] [SPEAKER_01]: outside of technology domains ever again. This is an opportunity to bring those functional
[00:27:13] [SPEAKER_01]: pieces of the ecosystem together in an operational sense, not just in a channel program sense.
[00:27:20] [SPEAKER_00]: Well, I think you can trivialize some of this too, not the cybersecurity part. I don't want
[00:27:24] [SPEAKER_00]: trivialize that. But if I think about what you said earlier about the networking, what's the impact?
[00:27:28] [SPEAKER_00]: How might network handle this? What am I, what am I load? I remember back, I was just seeing,
[00:27:34] [SPEAKER_00]: I forget the article was, we're talking about when Wi-Fi started to become like the,
[00:27:39] [SPEAKER_00]: not Wi-Fi as we use it today. But wireless connectivity for a laptop or an asset, right?
[00:27:46] [SPEAKER_00]: And how we can program them via command line, we had the wireless connection. So
[00:27:51] [SPEAKER_00]: like, I wasn't tired anymore and man was it slow, but slow to get to what my 112
[00:27:57] [SPEAKER_00]: bought rate, modem, right? Like, wasn't really fancy fast. So like that was great.
[00:28:03] [SPEAKER_00]: But I was thinking about some of the things that happened in the early like 2001 to 2005,
[00:28:08] [SPEAKER_00]: some of the projects that I worked on that it was a large, is for the graphics design
[00:28:13] [SPEAKER_00]: for a very large company in the racing space. I'll leave it at that. And their problems were
[00:28:20] [SPEAKER_00]: tied to there was technology where you could upload data, you could download data and you could do
[00:28:25] [SPEAKER_00]: large file sizes if you had the money for the bandwidth. These guys were running into the brick wall
[00:28:31] [SPEAKER_00]: of the cost per data like per mag upload costs. And so they looked into what would it cost to
[00:28:38] [SPEAKER_00]: do, dedicated fiber or data transfer between one office and another that was, you know, 600 miles away.
[00:28:47] [SPEAKER_00]: And it saved them six figures overnight on what was probably a million dollar project, but it saved
[00:28:53] [SPEAKER_00]: them six figures annually on on the cost. So it basically bought back its investment real quick.
[00:28:59] [SPEAKER_00]: What's interesting about that is the impact to their entire ecosystem by bringing those large
[00:29:05] [SPEAKER_00]: scale design and print tools on the network caused some pretty massive disruptions to their
[00:29:13] [SPEAKER_00]: product efficiency. That was 20 plus years ago. You've asked forward today, I get it, cybersecurity
[00:29:19] [SPEAKER_00]: is important, but it's the same conceptual problem. What are the variables that we need to consider
[00:29:26] [SPEAKER_00]: when we bring something that has never been connected to the network? Has never been seen outside
[00:29:32] [SPEAKER_00]: of the four walls because maybe it's on an isolated network, right? That's possible. We've seen
[00:29:36] [SPEAKER_00]: di-commonging and print networks where it's like you go into this room, you plug in and you can print
[00:29:40] [SPEAKER_00]: to your heart's content because you're not bothering anybody else. Awesome. But when you look at it
[00:29:45] [SPEAKER_00]: the lens of what you described, this is just one more variable. cybersecurity is just one more
[00:29:50] [SPEAKER_00]: thing that needs to be discussed. Like is it going to producing things that are intellectual
[00:29:55] [SPEAKER_00]: property? Is there sensitive information on there? Are there impacts if I do push the green or
[00:30:01] [SPEAKER_00]: the red button because I now can see them from outer space or wherever it might be that I have an
[00:30:06] [SPEAKER_01]: internet link? Yep. That's the thing, right? It is years ago when we first started talking about
[00:30:14] [SPEAKER_01]: this, the merging of the IT and the OT world. One of the things that I observed was
[00:30:21] [SPEAKER_01]: the pricing scheme for a per unit or per device administration fee. I put a server, I put an edge
[00:30:31] [SPEAKER_01]: device, I put anything on there and I can say X number of dollars per device per month,
[00:30:36] [SPEAKER_01]: that's how I will administer and manage those things. And then we went on OT and sensor-based
[00:30:42] [SPEAKER_01]: digital connections to devices, objects literally strewn across the planet and it went from
[00:30:48] [SPEAKER_01]: there's 77 objects on your network to their 77 million objects potentially. Right? Like,
[00:30:56] [SPEAKER_01]: it has an API address we were counting it now. Exactly. And then you went,
[00:31:01] [SPEAKER_01]: sweet, my domain just got multiplied by 1,000 therefore my billables are going to get multiplied by
[00:31:05] [SPEAKER_01]: 1,000. Well they're not. Right? The real world will dictate the world can't support that financially.
[00:31:11] [SPEAKER_01]: Cannot financially make those numbers jive so they're have to be a radical reconsideration of the
[00:31:17] [SPEAKER_01]: way that we deal with those kinds of devices. Well the first one was simpler than that,
[00:31:21] [SPEAKER_00]: office suite remember when it went to the multi-device licensing so you could do a five assets per
[00:31:27] [SPEAKER_00]: user that through the entire MSP space upside down and like wait a second. I'm not incorporating
[00:31:32] [SPEAKER_00]: this device asset and licensing for 365 to the hard asset anymore because it's now on five assets
[00:31:39] [SPEAKER_00]: and they immediately had to change the model. This one however took a lot more time because the
[00:31:45] [SPEAKER_00]: tools that we had were so inaccurate largely the vendor selling products like that.
[00:31:51] [SPEAKER_00]: None of the product was bad but they would identify assets oftentimes that weren't there or
[00:31:56] [SPEAKER_00]: it was there and then gone. So you have these like 30 day cycles of it won't hit your
[00:32:02] [SPEAKER_00]: bottom line until 30 days as past was it still showing up on the network.
[00:32:07] [SPEAKER_00]: This is now we've amplified it to your point of the umteenth multiplier
[00:32:14] [SPEAKER_00]: on something that you have no idea as soon as it gets connected what the multiplier actually
[00:32:20] [SPEAKER_01]: is going to be. Yep and see this is the thing licensing in the financials of it is one consideration
[00:32:27] [SPEAKER_01]: bandwidth load management and network performance is another thing but just the logic
[00:32:34] [SPEAKER_01]: of what the technology is intended to do right. My eternal optimism in this space is that we continue
[00:32:41] [SPEAKER_01]: to invent and deploy more and better technologies than we've ever even considered right. I look
[00:32:48] [SPEAKER_01]: around at the stuff we have available to sell today and compare it to 20 years ago and think wow
[00:32:55] [SPEAKER_01]: we're in a completely different industry and five years from now we will do the same thing again
[00:33:01] [SPEAKER_01]: that's a great thing but are we actually stopping to ask the question of what are not just the
[00:33:08] [SPEAKER_01]: devices and the objects but what are those business functions and what are the business processes
[00:33:14] [SPEAKER_01]: that are tied to those things and are they actually not just digitally connected and discoverable
[00:33:21] [SPEAKER_01]: but are they manageable in a performance environment because you know what if you send me an email
[00:33:27] [SPEAKER_01]: with a big fat attachment and it takes an extra 30 seconds to download on my mobile. Yeah okay that's
[00:33:33] [SPEAKER_01]: not ideal but it's not going to end the world but if this is a robot arm in an automobile manufacturing
[00:33:39] [SPEAKER_01]: plant and it buffers because there's too many devices on the network architecture that's not just
[00:33:47] [SPEAKER_01]: the little bit of a problem you literally break industry and this is that's the thing that I can't
[00:33:55] [SPEAKER_00]: find the packets back together again in the right order in a robotic space that can be a really
[00:34:01] [SPEAKER_00]: big problem. It could be a the D even B not probably a good thing yeah exactly this is this is what I
[00:34:09] [SPEAKER_01]: wanted to make sure everybody kind of like you got to stop taking big deep breath and reconsider
[00:34:15] [SPEAKER_01]: the conversation right we are we are bringing more and better technology to market now than we ever have
[00:34:23] [SPEAKER_01]: customers are not looking at us as a necessary evil or as an expense line for the operation
[00:34:29] [SPEAKER_01]: they're looking at technology as a way to fundamentally reconsider business in every sub category
[00:34:38] [SPEAKER_01]: of industry. Everybody is saying technology's going to change the world okay but only if somebody
[00:34:45] [SPEAKER_01]: actually thinks through what connects to what how does it actually function where are the gaps in
[00:34:53] [SPEAKER_01]: connectivity where are the gaps in operating productivity where do we need to make sure that there's
[00:34:58] [SPEAKER_01]: vulnerability management and all of the cybersecurity controls right now we live in too many sub domains.
[00:35:06] [SPEAKER_01]: There's a network guide there's a cyber guide there's a business application guide there's a data
[00:35:10] [SPEAKER_01]: backup guide all of these things are way too disconnected and this is an opportunity for
[00:35:18] [SPEAKER_01]: the voice of reason for a solution provider of pick your business model you get to come in now
[00:35:24] [SPEAKER_01]: take a big deep breath sit down in a board room with senior level decision makers
[00:35:29] [SPEAKER_01]: significantly removed from network operations and stay to them if you choose bright
[00:35:34] [SPEAKER_01]: but only if you have adult supervision for how you actually can figure and deploy this stuff
[00:35:40] [SPEAKER_01]: on that guy for you a put me on retainer for VCI services and being you need to consume all of
[00:35:49] [SPEAKER_01]: my contract based services for continuous performance management not just in email systems but for
[00:35:57] [SPEAKER_00]: every dimension of your enterprise. It's kind of like saying do you look both ways before you
[00:36:02] [SPEAKER_00]: across the street? Well yeah when it's traffic when you know traffic is high but otherwise no
[00:36:07] [SPEAKER_00]: why don't you do it all the time? Well because when traffic's not high there's really no cars
[00:36:12] [SPEAKER_01]: until there is. Until there is and then again the consequences of will the server went offline for 15
[00:36:20] [SPEAKER_01]: minutes and then we were able to recover in every business continuity everybody congratulates
[00:36:24] [SPEAKER_01]: everybody 15 minutes a downtime in a manufacturing facility can cause we just live through this by the way
[00:36:33] [SPEAKER_01]: in the city world. One when one boat got stuck in the side of the globe and this is
[00:36:42] [SPEAKER_01]: higher chain when completely haywire and it nearly bankrupted modern economies all around the earth
[00:36:51] [SPEAKER_01]: these kinds of opportunities and consequences that we have to be considering and I want everybody
[00:36:57] [SPEAKER_01]: to like stop and go okay so this is more responsibility it's more work but there's tremendous
[00:37:05] [SPEAKER_01]: access and decision-makers taking us there's billable opportunities here this is a tremendous
[00:37:13] [SPEAKER_01]: upside-knock opportunity but if you say that's not my job that's somebody else's job and I'm
[00:37:18] [SPEAKER_01]: gonna sit right here and then you can't force me to do it well that's just volunteering to be left
[00:37:24] [SPEAKER_01]: behind in the sand's a time that's just right that's just voluntary obsolete I think with that
[00:37:29] [SPEAKER_00]: being left behind in the land of obsolescence is where we will end it for those of you listening
[00:37:34] [SPEAKER_00]: this has been an episode of MSP 1337 thanks and have a great week