721: Dispelling Myths About Cyber Security in the Cloud w/ Thomas Truitt

ABOUT THIS EPISODE

In this episode we talk to Thomas Truitt, President of Open Systems Technologies.

Click here to connect with this guest on LinkedIn.

A relationship with the right referral partner could be a game changer for any be to be company. So what if you could reverse engineer these relationships at a moment's notice, start a podcast, invite potential referral partners to be guests on your show and grow your referral network faster than ever? Learn more at sweet fish Mediacom. You're listening to the be tob growth show, a podcast dedicated to helping be to be executives achieve explosive growth. Whether you're looking for techniques and strategies or tools and resources, you've come to the right place. I'm James Carberry and I'm Jonathan Green. Let's get into the show. Welcome back to the BE TOB growth show. This episode is sponsored by Directive Consulting, the BE TOB search marketing agency. Today we're joined by Thomas Truett. Thomas is the president of open systems technologies. Thomas, welcome to the show. Hey, thanks for having me. It's a pleasure to have you on the show. Today we are going to be talking about cyber security, cyber security specifically in the cloud. This is kind of this is this is your world, this is your of expertise. So before we get into today's topic, maybe you can tell us a little about what you and the OST team are up to these days. Yes, we're busy solving the problems of the federal government when it comes to security, security of our people's and information. You know, we all have to get information from the government, including the IRS. Some terms medicarecy and that's organization. Eventually, at some point, everyone gets touched by the US government. So our primary focus is to make sure that our government information, as far as private identifiable information and confidential reformation for the American public, is kept in a manner that is consistent with best practices for Cybersecurity, including how the data stored, how it's access who access is...

...this and basically, all the round the policies and procedures around doing these things. Yeah, so obviously sort of protecting your information is is, I think, something that a lot of our listeners can they may not have a tremendus amount of expertise, and maybe they do, but it's definitely important to everyone across the board. And again we're going to be talking about cyber security specifically in the cloud and you know you you had some initial thoughts kind of just even about the cloud in general and kind of how that has evolved and sort of entered the public consciousness. Yeah, I mean the cloud has been around in some form for quite a while, even even as shortly after the invention of the computer. We've always had some sort of a data center, or used to be like a telecom closet, some area where you restore all the computers, and initially there was limited access to these systems and then it kind of grew local networks, widery networks, networks across the world. Basically, when these networks integrated to each other, eventually there was a computer or something at the end that basically housed all the stuff that you're trying to do. Hasn't been as open as the Internet initially, but there was always some kind of what we call a private cloud sitting somewhere on some site of that people could basically house all their systems and be able to communicate. Now the day we have not only do we have private clouds that we have public clouds, we have hybrid clouds, which means here that's some part private, part public. The reason why all this is coming about is because we're trying to use the money wisely as far as how the infrastructures managed and who is managing it,...

...and basically try to keep the cost to a reasonable level. Right now, with the like in the federal government, they some of them, some of the customers we work with, and the DOD, I mean they have thousands of data centers and they're they're cutting them down to like hundreds because, you know, you can imagine the manpower, especially just from a cyber perspective, to keep these applications and data centers less vulnerable. I mean, it takes a lot of manpower. So the idea is they we get the best bang for the buck by, you know, moving into the cloud where, you know, we have commercial entity helping us deal with some of these issues on a large scale, so that we could focus on things like application development and, you know, delivery information, delivery to the to the in consumer, which a lot of towns means to the American people. Got It, and so one of the things, I know that we were also going to be talking about today, I mean, other than the fact that the sort of the evolution of the cloud, is that at this point now that there are some myths kind of surrounding this idea of cybersecurity and the cloud. What are some of the some of the prevailing myths that you see out there? Yeah, I mean one of the myths is like, you know, it's all technical configurations, like only technical people to contribute to security. A lot of it, you know, a lot of the issues we find is that, you know, people at their desk, they are not protecting their identities in their paths words. Sometimes they write them down somewhere and they're easily accessible. One of the words they're in the jewel or something. But one of the myths is like, you know, only technical people contribute to the solution, but that the reality is everyday people actually contribute by controlling their information better.

You know, we don't really recommend you write it down unless it's in a safe or if it's locked up somewhere. The problem the day as we have some people have hundreds of passwords. We're still in a very password or passphrase intensive environment. Moving to smart cards, the DOD has they call a common access card, but it's it really is quite a chore just to Manage Passwords and they change often and the password construction is different for every system. So, as you could tell, over time it becomes very onerous to manage all this stuff. So ideally you'd have like a limited like a limited number of idem pass where, as you know, ultimate is one user ID and Password. But of course, you know, you could idea passwords, an old way of doing business. The better for you, something like a smart card or multi factor authentications, what it's called, so that we know not just if you if you know something, but you also you have something, since the next the next move is that we're seeing is going toward biometrics, using your eyes or your thumb prints to verify who you are. But it's it's being accepted in and some some government. But he has you could tell it's a lot of the big investment and just got to get the right people behind it so that they could see the advantage of having that. Once you're, I guess, if you are a CEO or an executive, and you know I mean obviously there are some there are some expensive options out there when it comes to this level of cybersecurity. I mean you're talking about mentioning biometrics, you're mentioning sort of authentication cards. If you if you are in a company, running company, owning a company or there some things that you should also maybe be just sort of aware of, tips and best practices, things...

...that things that you could take back to your company possibly and even start thinking about implementing immediately, or at least things to be aware of. I mean one one thing is I would recommend people trying to Peki enable their systems whenever possible, meaning that you have to have a card, card access with a pin to get into system. It does provide you an additional layer of protection we call a defense and depth in the industry, so that if someone has your pin, for example, they have to have your card also. I have to have two things versus just one thing. You know, I would also recommend that a you know, security training is big. Make sure your workforce understands, you know, from a security perspective, what you expect. Far As you know, Password Management and how do you store things? How do you store even employee information which has pii? Not Everybody should have access to that. So it's got to be on a need to know basis. Whatever whatever you're managing, just verify the access levels and verify that the right people, the only people that should be seeing that information. All right, today's growth stories about search engine marketing. Clear Company is an HR tech company that was doing a lot of things right. Their messaging was clear, their product produced incredible results. They were struggling to drive qualified traffic to their website. Then they found directive consulting, a BB search marketing agency. Then, the first twelve months of working with directive, clear company was able to increase their qualified LE volume by a hundred and fifty seven percent. I have a hunch that directive can get these kind of results for you to so head over to directive consultingcom and request a totally free custom proposal. That's directive consultingcom. All right, let's get back to this interview. Mean, is there a...

...particular kind of information that you have seen? Is, I don't know, either either more vulnerable or she the should be kept even like a closer eye on anything that you would think like. Well, specifically this kind of information. You know, this should be managed, this should be watched, this should be taken care of. Yeah, I mean, like I said, the employee employee information, contract information from your people you do business with. Definitely you don't want that to fall into your hands or eyes. It shouldn't be seeing it because they get information. They could have information that could, you know, put Your Business at risk as far as you know, going forward with a client or everybody's trying to get information to especially, you know, cost information, to see how competitive they are with your company. And you know, you also need to be concerned with insider threat, insiders meaning people that they say they're on your team but they're not really, and they have the ability to go in and look at information and use that information against you when they leave the company. I mean, it is true that most people have contract agreements with their employees or confidentiality agreements, but at some point, you know, if you don't know anything, you know if they if you don't find out anything about what they tell somebody else, how are you really going to know? So the best thing to do is, I tell people, if they really don't need to have access to it, don't give them ax us to it, because it yo like, like I said, the insider threat opens up Pandora's box and if they leave and we're in a very warning industry of what actually we're in a culture now that you know people working for more than a couple years in a company, it's like you know, is like a that's old school, right. I mean today people move...

...around a lot. Yeah, they move around a lot, which means they put they put you at risk when they have short term access to all your confidential information. Yeah, that's a I mean that's a good point. You don't. I mean it's one of those things where you don't necessarily think about. You know, the mobility is nice to have, but again, like you said, you're going from company to company. It's just it's just another thing that you have to be kind of aware of and be thinking about. So obviously, then, Thomas, that you know, you've seen some great success at at Ost. You know you've you're I know that you and your team are passionate about, you know, sort of making technology work for people. You're passionate about opening lines of communication amongst businesses, and this is a question we've been asking a lot of our guests and we've, I think we've gotten some really good responses on it. But, as president of ost is, as someone who has been focused on building a business that, you know, is so communication driven, kind of do you what is your thought on the kind of legacy that you are hoping to lead behind and whether that is sort of professionally, personally, or even a combination of the two. Yeah, I mean I started out working with the government, the federal government, the US Air Force, in one thousand nine hundred and ninety. So I've spent a lot of my time and career working into the government systems, the US federal government systems, and I have a passion for just you know, I really feel like we don't get the best banks of the book as the country. With what we spend. We should have a lot better security. You should have a lot better systems or application should be more secure. Our communications are network system should be more secure. Working in these environments over twenty years plus, you know I have there's a lot of quarnkiness going on, not integrated, people aren't communicating a lot of time. It blows down the contractors not working together, people aren't working together and I just I just want...

...to leave a legacy of, you know, helping, helping the government to be more functional than it is and what I've seen it and over the past twenty years we've made some rate, some dents in a lot of areas as far as the customers we support, but you know, there's still a lot of work to be done, and what I mean by that is, you know, try to try to bring people together as a team. It's not just us against them or US against another company. It's one team, the United States of a America, team moving forward to make sure of this country has the best security that it can have. And also it's there's people can people can sleep well at my because, just to give you an example, the OPM situation where, you know, they took all the they took a lot of PII information from a security system office personnel marriagement. That could have been avoided very easily. But what it takes is engineering, ricker. It takes rigger as far as commitment to make sure that these things are minimized or basically obliterated. They never happen right. So but it takes it takes an engineering process, it takes engineering ricker and it takes a passion to make sure that we do things right the first time and we're not continuing to deal with issues that should be non issues. Yeah, I mean I meant that all makes perfect sense. And so, you know, you had talked about this passion. I know that that that for you, this is this is an area that you have been passionate for many years and you know, it's definitely something that I think our listeners need to be you know, like I said, this is not a world that I am very familiar with. So I mean just getting to hear you sort of break it down and explain some of these things, and when it comes to Cybersecurity, is is great for me. I know that our listeners are going to get a lot out of today's episode, Thomas. If anyone is interested in finding out even more, because I know that the show is not that long, we only have fifteen minutes...

...to get through a massive amount of information. But anyone listening is is interested in learning more, they're interested in connecting with you. They want to find out more about open systems technologies. What's the best way for them to go about doing that? Yes, they can visit our website at www dot ost poh our he dotnet. Perfect. Well, Thomas, thank you again so much for your time. It was a pleasure having you on the episode today. Sir. Thank you. There are lots of ways to build a community and we've chosen to build the BEDB growth community through this podcast. But because of the way podcasts work, it's really hard to engage with our listeners, and without engagement it's tough to build a great community. So here's what we've decided to do. We're organizing small dinners across the country with our listeners and guests. No sales pitches, no agenda, just great conversations with likeminded people. Will Talk Business, will talk family, will talk goals and dreams, will build friendships. So if you'd like to be a part of a BEDB growth dinner in a city near you, go to be to be growth dinnerscom. That's be toob growth dinnerscom. Thank you so much for listening. Until next time.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (1778)