- 3 days ago
A conversation with Simon Green, President of Palo Alto Networks JAPAC on how AI and cloud are reshaping cyber threats in ASEAN and what Malaysia can learn from the region’s most prepared markets.
Category
🗞
NewsTranscript
00:00All right, across the world, the rapid rise of AI and cloud technologies is not transforming
00:13how organizations operate but also how cyber threat is evolving and ASAN is now at the front
00:20line of the shift and Malaysia is among the fastest moving digital economies in the region
00:27but with progress comes new risk and cyber attacks today are more faster and more automated and mostly
00:33are powered by AI and ASAN markets show very different level of readiness with some approaching
00:38global standards while others are still building their basic so the question is how can Malaysia
00:43learn and adapt from one of the most region that is prepared for this AI transformation and for that
00:51I welcome you our guests ready in the studio with me to help us understanding the evolving
00:56AI transformation technologies is Simon Green, president of Palo Alto Networks Japan I want to say thank you very much
01:04Simon how are you great thank you for having me all right well we know that AI is getting faster and more
01:11complex and more dynamic and sometimes we can't even catch up with it but in this context of ASAN maybe you
01:18can share with us how can we understand the the whole landscape of rapid adoption of AI and cloud technologies
01:24across ASEAN and how cyber trade is also evolving now sure well it's a great question and thanks for
01:31having me you know I had the privilege yesterday to speak at an AI conference here that was supported by
01:37the Malaysian government the enthusiasm here is just like every other country now I have the privilege to
01:43travel from Japan to Australia India to China and everywhere I go there are organizations and governments trying to
01:51embrace the new capabilities of artificial intelligence and I think most of the focus is around productivity
01:58and how they can help the citizens and the customers their respective organizations but of course with
02:02that comes the you know the the threats that are looming as a result of that because not only are we using
02:08artificial intelligence the adversary is using artificial intelligence as well so the speed of which these
02:14attacks are increasing is at a tremendous pace and so you know the the foundations of the government
02:20getting around the topic of AI they're building their own artificial intelligence narrative that the central
02:27government around cyber security is trying to learn from other organizations so I think you know Malaysia
02:33is certainly stepping forward in the right direction but the pace is at unprecedented levels
02:39I understand and this is very important and critical phase we're talking about and what some of the
02:46challenges or probably we can we always say that AI is getting more complex more dynamic it's also the
02:52cyber threat is also but what are some of the challenges that public and private sector should anticipate
02:57from this evolving goal well first thing first thing is they have to have visibility of what's going on
03:02you know if you work on the foundation of people come to work to do good things they're generally motivated to do
03:09great things and so what happens is that if you don't put the parameters around or the guard rails around
03:14artificial intelligence use in an organization people with their curious minds their innovation
03:20will try and do the right thing and they start potentially uploading corporate data or you know
03:25private government data into these open capabilities to do good but ultimately the data is then being exposed to
03:33the rest of the world so I think the first thing is we have to start by getting visibility to it
03:38we have to start by getting clear understanding of what applications are being used what applications
03:42are available to the organization and therefore if you you think about you know the the speed of
03:49which people are adopting these technologies artificial intelligence has been adopted open ai
03:54particularly was adopted faster than you know facebook snapchat you know twitter pick these other
04:00technologies that we're all familiar with and we're literally through 100 million users in a month
04:05and so it's a rapid pace but the first thing we have to get visibility to it because if you haven't got
04:10visibility you can't do anything about controls that that's the starting point and now which of the
04:16arson markets that have a high level of visibility transparency and what's some of the best practices
04:22that we can draw from this well i think you you know your government uh was over at singapore
04:27international cyber week as were about 200 governments from around the world descended on
04:32uh what is becoming a preeminent event to understand what is going on in the cyber threat uh landscape
04:38and what new technologies are coming to bear and singapore is certainly at the forefront they have
04:43an advantage i shared this with one of your ministers yesterday they have an advantage they're a tiny
04:47island you know they're a tiny island of five and a half million people 140 kilometer circumference
04:52that's easy much much easier to secure and get your arms around it now you know as you start spreading
04:57across the asean countries where you know malaysia other countries you have much more populous
05:03environments you have you know islands and you know much more broad and what we would refer to as a
05:09tax surface that's a much much wider thing but i think we can learn from what singapore's doing
05:14because they have very tight controls and they're getting their heads around it and i think that's why
05:18governments descend on events like that as they did three weeks ago to really get their heads around it
05:22and we know that we understand that public-private partnerships are pivotal in cyber security in
05:28cyber security ecosystems but based on your regional experience uh having experienced more
05:34than three thousand staff for more than 20 phone business what are some of the key factors contribute
05:39to the sustainability and long-term impact of such collaborations sure so let's take a step back for
05:45a little bit the cyber security industry was not an industry that was built unfounded on collaboration
05:50in fact historically it was about having a piece of technology and charging customers for that technology
05:56and their capabilities the adversary by contrast collaborates very very aggressively they offer up their
06:04tools and techniques and if someone can use it for advantage they do it and then they learn from that
06:09the industry has shifted dramatically in the last four or five years we've seen a much greater collaboration
06:14between organizations where the barriers come down they say cyber security is no longer a competitive
06:19advantage this is an absolute necessity and we need to lean in so what we've seen is this shift
06:24between public and private partnership now where governments are saying we don't have the capability
06:30to build everything on our own which is where they used to be we need to start looking to private
06:34organizations and bringing them to the table so we're seeing some tremendous examples you know
06:40australia has actually led some of this effort recently where they've brought in a lot of private
06:45practice vendors like us uh in the room sitting with the government they ask us to help with policy
06:51they ask us to help with building the capabilities they set the exam question for us and we come
06:56together and we start to learn from it we're starting to do more of that here in malaysia which is
07:00is terrific to be able to see that but there are learnings everywhere india's doing some stuff japan's
07:06doing stuff you pick another southeast asian nation we've got great examples our responsibility
07:12is to come to your government and to other governments and say here are the five or six
07:17really important things that are being worked on in other organizations and here's what we can learn
07:21from those things and and now the governments are starting to communicate on this subject so
07:24i think we're in a you know we're in a good time i think the positive optimistic position you would say
07:29now is that we have uh you know ai for good and the adversaries are using it the mathematics is actually
07:36in our favor from a defense point of view and if we can build the collaborative effort
07:40i think we're going to be in a very strong position to be able to defend against the
07:44you know the attacks that are coming now from ai and the public-private partnerships within
07:49we can see within beyond regulatory compliance or beyond regulatory compliance for every collaboration
07:55it's not easy public and private because we know each company have their own objective and agenda how
08:00the direction will be moving forward so how from your experience maybe can share maybe examples of a
08:06very successful collaboration between public and private partnerships in terms of having the results
08:11of how they play a role proactive role in shaping a more strategized and national cyber security
08:19first let's start with the bigger problem here we have right now governments their responsibility to
08:24the citizens of the country right to ensure the protection of the borders of that country
08:30they don't operate typically at speed and we are operating in an environment now where speed is actually
08:36completely opposite to the way these governments are set up in fact even private practice the way
08:41board governance is set up today it takes months to get things done in an organization whereas now
08:47we're dealing in an environment where adversaries are getting in and out in organizations with ai
08:51in 25 minutes right that's at a staggering amount of speed nobody is set up for that in fact by the time
08:57you and i finish talking an adversary could have been in and out so we have to find the right balance
09:02between speed uh and getting ensuring the policies are being enacted very well i gave the example of the
09:08australian government we have now four deployed assets inside the australian government where they've
09:12said we cannot possibly do what we can do at the pace at which palo alto networks can operate
09:20we've been innovating for 20 years we spend billions of dollars a year but so they're now looking
09:24to leverage that with palo alto networks we've done the same with the singapore government most recently
09:30they've now said we understand what the capabilities are that you hold with this global network of
09:36customers 90 000 customers on a global level that's an incredible amount of customers who are sharing
09:41a feeding with us information that we can then bring that to the government so we've got examples where
09:45we put assets inside the government now they're cleared they sit they are now the responsibility to of
09:51the singapore government but we feed that information to them to help them get better and then the to
09:57your question about the i guess the the policy side of it we have we have policy people inside our
10:02organization who now work side by side with the government to help that speed to get to that speed
10:08of that policy setting as opposed to letting it sit inside the government where they don't necessarily
10:13have the expertise to be able to get it done fast so we we're additive to that process so we have good
10:20examples everywhere this is one some of the measurable outcomes that we can adapt and follow and also
10:26i've talked to a few economist experts said that we focus on some specific industry like semiconductors
10:32ai so they mentioned to me that um one of the ways that we can increase um our strength um moving forward
10:40is we have we have to focus on the talent as well because for example in the cortex we have a provider we have
10:46the infrastructure we have the pot the best policy um but we don't have the talent to execute all of
10:53this so but how can we see this in the context of cyber security talents so we have all the issue but
11:00we have no one managing this so how can we bring more talent pool within the cyber cyber threat or
11:06cyber security ecosystem it's probably the next time the next hottest topic that i discuss with governments is
11:11is talent and then the talent not only is there a talent drain and the concern is that we start
11:16building cyber security talent here in malaysia is that then that talent then goes overseas because
11:21the last reports we had a rough number of about minus 3.3 million people on a global basis in the
11:28cyber industry from an employment point of view so people are chasing talent everywhere that we go we're
11:35working with the universities here in malaysia we have built we've built cyber curriculum within the
11:40universities to build the next generation of cyber professionals coming out the question i get asked
11:45is okay that's amazing but how do we ensure that they don't leave malaysia so what are we doing to
11:51potentially look at innovation here in malaysia and research and development so that's something
11:56that we're looking at and how we build cloud capabilities here we build cyber security capabilities
12:01within malaysia and ensure that there's enough you know work for those people to do because otherwise
12:06they're gone right and this happens everywhere so you know talents are an incredibly different problem
12:11to solve um when you've got you know so many people chasing talent skill and talent we need at the
12:19standard of the global standard actually right now right um well the challenge with that you're right
12:23the challenge with that though is you you come back to the correct the key point if we elevate everybody
12:28to the global standard which is the baseline standard that means we create mobility for people so
12:33the important thing after that is we need to create interesting work for them to do
12:37at a local level because if there is no interesting work and they are of a global standard from a
12:43talent point of view they could be in america or india pick a country they can go very very quickly
12:48yeah so it's got we've got to create this we would create this foundation of interesting work for
12:53them to be able to do and so the conversations we're having here with not only the government but also
12:57private practice here is how do we build that that innovation within these organizations so the
13:03talent doesn't want to go they're proud of working at patronus or one of these other organizations and
13:08say i want to stay in malaysia and they also demand for productivity for all the experience for all the
13:15works um and we know that in all of this we also need to take a look at resilience and beyond resilience
13:23what are some of the innovative frameworks uh or initiatives should uh the whole asian regional
13:29malaysia take a look at to pursue or establish itself as the a global leader in cyber security
13:36and even ai governance yeah we come back to your question your point about talent you know the this
13:41is a very very popular set of economies and and you know i've worked in u.s technology companies for 25
13:47years and i can tell you most of them don't quite have the sensitivity to understand that there is
13:51an amazing amount of people out here in this region that we can potentially leverage so one of my
13:57responsibilities is not just to ensure that i help protect the organizations here in the asian
14:02and the asian pacific japan region it's to educate the people that are doing the innovation as we look
14:08at to you know we're a united states company we have huge amount of research and development
14:13that's being done in the united states how do i ensure that we can create that connection between
14:18the populations here and these talented people and the innovation that's going on there in america
14:22and i don't mean taking the talent to america i mean bringing the work so you know as an example
14:28we were fortunate enough to during the pandemic we found this incredibly innovative company actually
14:34in australia and we acquired that company and so what we ended up with these is these 30 very very
14:40talented individuals who are engineers in the cyber field and so we took those capabilities and we
14:45started continuing to do that innovation there that's the sort of work that we're trying to do
14:50we're continuing on the lookout for that innovation and then we want to leave it where it sits
14:54and where it builds because the uniqueness is there understand your environment extraordinarily well so
14:59so that's the that's the innovation side of it on the policy side of it you know this is just about
15:04getting the the governments together ensuring that with our government relations people
15:08we create the connectivity because again we've got to come back to this point of
15:12we can't we can't the governments can't operate at a place that they need to operate you know how
15:17long it takes to get policy done it takes months and months and months and if if we're in an
15:22adversarial world that's 25 minutes in and out policy doesn't matter because the adversary doesn't
15:27care right they don't care about the border they don't care about policy i made these comments
15:31yesterday the government i said the adversary is not sitting in a board meeting saying oh malaysia is
15:35working on a new policy let's leave them alone until their policy is completed
15:40they just they keep coming their it's acts are relentless so we've got to right size this and
15:45this is just you know building this collaborative muscle this learning and ensuring that people
15:50don't see security as a competitive weapon right or a competitive advantage but in fact it's a foundation
15:56to ensure that you know we bring everybody together because the adversary is outside they're the problem
16:02right and we've got to help them you know defend against those attacks and almost every type of
16:07organizations right now is intact with technology and digital no matter what you do we will always
16:13have this digital in our lives right maybe probably my last question and my last focus for our discussion
16:21here uh maybe share with us and what are some of the trends that organization take a look at public
16:28private especially not from the organization that has been long here standing then they just want to
16:34trends transition from old technology to new technology ai but for those who's like new new
16:40in ai what we advice would you give them what type of economy readiness they should have or prep
16:47what kind of advice would you give well i think there's a few things here so uh you talked about
16:52digital is here to stay of course digital and mobility is here to stay i mean you you i don't know
16:56how many devices you carry around work and personal devices but a lot right you know i typically see on
17:03average three per person so if you you multiply that by the number of employees in an organization
17:08if you've got 10 000 employees you've got 30 000 devices it's a very wide attack surface so you've
17:13got to figure out from a security point of view how do you protect all of those essentially end points
17:19because that's the point where an adversary can jump on and get inside the network so i think you know
17:24endpoint protection is very very important um you know the thing that people aren't necessarily
17:28think about today is that 87 of our work is done inside a browser we open up a browser and we do
17:35this work um as i'm doing now as you're doing now it's one of the weakest points that we have in an
17:40organization so building a secure web browser capability is really really important um so that
17:46that allows people to come in they can browse and work you know effortlessly within the organization
17:52applications are sanctioned uh the organization feels a sense of safety because all of the control is
17:57being managed through that browser that brings in the ai context through the browser secure browser
18:04we can see all of the ai applications that are being used and therefore it gives the organization
18:08so you know there's thousands of applications out there these 10 are sanctioned these 20 are
18:15unsanctioned and and the rest of them are completely blocked like we're not going to allow you to do it so
18:20therefore we can give those controls and then probably the the most important area that exists
18:27in organizations today from you talk about technical debt there's a lot of data coming at organizations
18:34right if you think about all those endpoints three devices throwing off huge amounts of data then all
18:38the servers then the clouds all of that's throwing off security alert information and it's not humanly
18:45possible to be able to take all that data today and work your way through it so we have to get to an
18:50automated security operations outcome and that's probably the the big area of focus for a lot of
18:55organizations now how do i take all these alerts how do i understand how quickly i can detect something
19:01and how quickly i can respond um and then you know your your ultimate question around ai
19:07you know ai is here to stay ai is for good we have to make sure that we understand
19:12how we help people use ai for the benefits that ai will bring but we've got to have controls and
19:21that is probably the biggest challenge today for organizations they're thinking about ai and the
19:25enthusiastic outcomes they've got but they're not adding security to the conversation and you have
19:31to be secure by design and throughout our discussion i've learned and understand that cyber security
19:37it's not only a defense but it's also the foundation of asia and malaysia or any country
19:43digital's economy yes and again i want to say thank you very much we know that region is moving fast but
19:48cyber track are moving even faster and malaysia has the talent the infrastructure and the momentum
19:53but all we need to look forward is the strategic clarity to lead moving forward again i want to say thank you
19:58very much for this insightful sharing simon green president of palo alto networks and again i hope to see you
20:04again and have this fruitful discussion in the future yes i look forward to coming back thank you
20:08for your time appreciate it definitely all of our discussion here will be featured in astralwani.com
20:13and across all social media platform
Be the first to comment