Best of LinkedIn: ICT & Tech Insights CW 47/ 48

00:00:00: This episode is provided by Thomas Allgeier and Frennis, based on the most relevant LinkedIn posts about ICT and tech insights in CW-IVII and IVIII.

00:00:08: Frennis supports ICT enterprises with market and competitive intelligence, decoding emerging technologies, customer insights, regulatory shifts, and competitor strategies, so product teams and strategy leaders don't just react but shape the future.

00:00:22: Welcome back to the deep dive.

00:00:24: Our mission today is to dig into the top posts and insights from the ICT and tech world over calendar weeks, forty seven and forty eight, and really distill them into what you need to know.

00:00:34: And

00:00:34: we saw the conversation really gather around three massive intersecting forces.

00:00:38: First, the evolution of cybersecurity, specifically zero trust.

00:00:42: Right.

00:00:43: Then there's the quantum threat, which is accelerating much faster than people think.

00:00:46: And

00:00:46: finally, a huge shift in European digital sovereignty.

00:00:49: It's moving from just talking policy to, well, Mandatory action.

00:00:53: Exactly.

00:00:54: This isn't about theory anymore.

00:00:55: It's about pragmatic investment.

00:00:57: So let's jump right in with the first theme, cybersecurity.

00:01:00: It feels like we're seeing a complete reimagining of identity and zero trust.

00:01:04: We are.

00:01:05: The biggest takeaway here is this move to pragmatic action.

00:01:09: The whole security conversation has shifted away from, you know, just chasing the next zero-day exploit.

00:01:14: And I'm at least always post.

00:01:15: really drove this home.

00:01:17: the age of the zero day is fading because Frankly attackers found an easier way in.

00:01:22: it's

00:01:22: so much easier.

00:01:23: They're living off the land.

00:01:25: What does that mean in practice?

00:01:26: It means they aren't dropping malware that trips alarms.

00:01:29: They're using legitimate tools already on the system PowerShell RDP things like that to carry out their attacks.

00:01:37: the numbers are Pretty stark.

00:01:39: CrowdStrike found nearly eighty percent of successful attacks are now malware-free.

00:01:43: Eighty percent?

00:01:44: Wow, so that's really a brutal validation, isn't

00:01:47: it?

00:01:47: It is.

00:01:47: It

00:01:48: proves why the focus has sprinted away from the old network perimeter.

00:01:51: The new front line, the new battleground, is the authentication prompt.

00:01:54: And

00:01:54: that's the absolute core of zero-trust architecture, or ZTA.

00:01:59: And ZTA is finally getting some, you know, real operational clarity.

00:02:03: It's not just a concept anymore.

00:02:04: Okay, so what are the non-negotiables?

00:02:06: Three things.

00:02:08: rigorous identity enforcement at the network layer, strict access segmentation for everyone and everything, and applying least-privileged policies across the board every single time.

00:02:19: And we're actually seeing proof this works in the real world.

00:02:22: Marielle Parotti shared that Cisco IT made this exact transition.

00:02:25: And the results were incredible.

00:02:26: They achieved ninety-nine percent fishing-resistant logins.

00:02:30: Just think about that.

00:02:32: You nearly eliminate the number one attack vector and you also reduce login noise for your employees.

00:02:37: That's a huge double win.

00:02:38: A huge win.

00:02:39: And it drives home what people like Rami Al-Khafajir are saying.

00:02:42: We need immediate specific actions.

00:02:45: So moving beyond just simple passwords.

00:02:47: Way beyond.

00:02:49: It means implementing true independent multi-factor authentication.

00:02:52: Yeah.

00:02:53: Using conditional access that looks at device health and location and making continuous monitoring just the baseline.

00:03:00: Okay, so let's push this even further.

00:03:02: I saw John Spiegel detailing something on the absolute cutting edge.

00:03:05: Zero trust packet routing, ZTPR.

00:03:07: Yes.

00:03:08: This is a massive conceptual leap.

00:03:10: It's not just about the session anymore, right?

00:03:12: It's about the data itself.

00:03:13: Exactly.

00:03:14: Traditional ZT authenticates you when you start a session.

00:03:17: ZTPR wants to embed identity-like metadata or a token into every single packet.

00:03:23: Every packet.

00:03:23: So the identity check isn't just at the gate, it's constant.

00:03:26: Everywhere.

00:03:27: That sounds computationally intense.

00:03:29: It

00:03:29: is.

00:03:29: That's the challenge.

00:03:30: But the need for it is being driven by something even faster than us.

00:03:34: AI agents.

00:03:35: AI agents.

00:03:36: We're moving from a human-paced world to a machine-paced one.

00:03:40: When AI agents communicate in milliseconds, session-based security just can't keep up.

00:03:45: You need the network itself to enforce policy at machine speed.

00:03:48: Oracle is reportedly already building this into their cloud infrastructure.

00:03:51: And the urgency is terrifying.

00:03:53: I saw a post from Costa Fetac about a simulation of an AI-powered attack.

00:03:57: I saw that one.

00:03:58: The numbers were just staggering.

00:03:59: It took only forty-seven minutes, less than an hour to probe ten thousand endpoints and steal data.

00:04:05: When your attack lifecycle is measured in minutes, you have to automate defense at the packet level.

00:04:09: You do.

00:04:10: It makes the ROI on something like ZTPR immediate.

00:04:14: Not a problem for tomorrow.

00:04:15: That urgency is a perfect bridge to our second theme.

00:04:18: digital sovereignty and resilience, particularly in Europe.

00:04:21: The whole conversation has moved from philosophy to deadlines.

00:04:25: That's

00:04:25: right.

00:04:26: Europe's agenda is speeding up.

00:04:28: And it's about strategic autonomy, not isolation.

00:04:31: Martin van Liebergen pointed out that non-EU companies still hold almost eighty-five percent of the EU cloud market.

00:04:38: So this is about protecting European data, infrastructure and values.

00:04:42: Exactly.

00:04:42: And the regulations are coming fast.

00:04:44: Baldemar, Aaron Reimsche, and Lawrence Boll were talking about NIS-II, Dora, and especially the Cyber Resilience Act, the CRA.

00:04:52: So resilience is no longer a best practice, it's the law.

00:04:56: It is.

00:04:56: The CRA is a game changer.

00:04:58: It mandates security by design before product ever hits the market.

00:05:02: And at the same time, we're seeing identity becoming anchor.

00:05:05: Ralph Wintergerst noted that Germany and France are pushing ahead with the EUDI wallet to unify digital services.

00:05:11: But the word sovereignty itself can be tricky.

00:05:13: I thought Guido Grieberp went really well summarizing the consensus in Switzerland.

00:05:16: What was his take?

00:05:17: He said, sovereignty is the ability to act.

00:05:20: It's about self-determination.

00:05:22: It's not about trying to reinvent every single piece of tech from scratch.

00:05:26: That's a critical distinction, and it plays right into the debate around open source.

00:05:30: Because open source seems like the obvious path to sovereignty, but it's not that simple.

00:05:35: Not at all.

00:05:36: Hans van Balmo made a great point that many public-funded open source projects in Europe just rich.

00:05:42: They don't reach industrial maturity, so you end up with fragmentation lock-in.

00:05:47: instead of vendor lock-in.

00:05:49: So you're swapping one dependency for another potentially more fragile one?

00:05:52: Right, but then Alex Torsky offered a counterpoint to that entire idea.

00:05:56: He argued maybe open source is a false path altogether.

00:05:59: A false

00:05:59: path?

00:06:00: How so?

00:06:01: Because the real fight isn't about the code, it's about controlling the data.

00:06:05: He pointed to the Meta-State Foundation and their work on a sovereign digital self.

00:06:10: Your e-name, your e-passport, giving you control of your data no matter what platform it's on.

00:06:15: So it's about controlling the metadata, not just the source code.

00:06:19: That brings us right to theme three, quantum computing.

00:06:23: Because if you can't secure your data for tomorrow, sovereignty today doesn't mean much.

00:06:27: And the quantum threat is no longer a problem for futurists.

00:06:30: It's an operational risk right now.

00:06:33: What's a timeline we're looking at?

00:06:34: Well, people like Sigrid Stans and Juan Pitor Barros de Silva are saying encryption breaking capabilities could arrive as early as the twenty thirties.

00:06:43: And the real danger is, harvest now, decrypt later.

00:06:46: Precisely.

00:06:47: Data stolen today can just be stored until a quantum computer is ready to crack it.

00:06:51: That's why Fabian Idiawani was stressing that security leaders need to be running post-quantum cryptography, or PQC pilots now.

00:06:59: And it seems like the industry is really aligning around PQC as the first line of defense.

00:07:03: Very much so.

00:07:05: Whelan Holfelder from Google confirmed their strategy is heavily focused on PQC because it works over existing protocols.

00:07:11: You can deploy it today at scale.

00:07:13: Unlike something like Quantum Key Distribution or QKD.

00:07:16: Right, which needs its own specialized fiber optic network.

00:07:18: It's just not as scalable for the whole internet.

00:07:20: And outside of security, the hardware innovation is just exploding.

00:07:25: Keith King highlighted a breakthrough in China.

00:07:27: The

00:07:27: Photonic Quantum Chip.

00:07:29: A thousand-fold speed boost for AI by integrating over a thousand optical components on one chip.

00:07:36: A huge leap.

00:07:37: Meanwhile, IBM is just moving the goalposts entirely.

00:07:40: Faisal Khan and Dr.

00:07:41: Jan Rainer-Laman laid out their roadmap nighthawk and loom processors aiming for quantum advantage soon and full fault-tolerant systems by twenty twenty nine.

00:07:50: It's an aggressive timeline.

00:07:52: And for developers trying to keep up, Steve Suarez gave a great breakdown of the open source frameworks.

00:07:57: Right.

00:07:57: The different toolkits.

00:07:58: Yeah, you've got Quias for general development, Cirque for hardwareware stuff, Penny Lane for quantum machine learning and Ocean SDK.

00:08:05: for optimization problems.

00:08:07: The ecosystem is already specializing.

00:08:08: It's

00:08:08: clear this isn't a standalone field.

00:08:10: It's converging with everything else.

00:08:12: Thor Ingham had a great term for this, the convergence stack.

00:08:16: I loved that.

00:08:17: He described it as three forces merging.

00:08:19: AI is the brain.

00:08:20: Quantum is the muscle for the impossible problems.

00:08:23: And tokenization is the ledger for value and ownership.

00:08:27: And Cecilia Imparo made a really interesting point about merging quantum and machine learning.

00:08:32: Yes, that near-term progress is more likely when you're learning from quantum data like quantum states, not classical data.

00:08:42: Because trying to cram classical data into a quantum computer is too complex and can actually cancel out the speed up.

00:08:47: Exactly.

00:08:48: So the early wins will be in fields where the data is already quantum, like material science.

00:08:53: Which brings us to our last theme, a critical one.

00:08:56: AI governance and operating models.

00:08:59: Getting this right is the real gatekeeper to scaling AI.

00:09:02: Absolutely.

00:09:03: The conversation has moved past just model performance.

00:09:06: It's now about data readiness, governance, and cost control.

00:09:10: That's the real challenge.

00:09:11: And Tommy Flynn made the point that this has to be integrated into security and GRC immediately.

00:09:15: And not later.

00:09:16: Teams need to be threat modeling for things like adversarial inputs and prompt injection, treating AI like any other critical system.

00:09:23: And

00:09:23: it gets even more complex when you look at the egentic AI future that Francis Odom laid out.

00:09:28: He saw three big shifts coming.

00:09:30: The first one ties right back to our start.

00:09:32: AI identity becomes the new battleground.

00:09:35: We're not just talking about stolen user credentials, but stolen machine identity.

00:09:39: If

00:09:39: one AI agent can impersonate another, the potential for damage is just enormous.

00:09:44: It's huge.

00:09:45: And his second point was that the browser is becoming the most exposed workspace, which means we need in-browser zero trust controls.

00:09:53: And the third?

00:09:54: Data trust.

00:09:55: He says you need a unified platform that combines traditional data security posture management with AI specific posture management to fight things like data poisoning.

00:10:05: It all comes back to managing identity and trust.

00:10:07: Vasu Jackal mentioned how agentic AI is already being deployed in security operations, which promises huge games.

00:10:15: Provided,

00:10:15: of course, that those agents are managed under a really strong, secure framework.

00:10:19: So we've covered a lot.

00:10:20: From identity in a packet, to mandatory resilience, to this new world of quantum and AI compute.

00:10:26: The thread connecting all of it is this move to a verifiable, identity-first, machine speed world.

00:10:31: That's it, exactly.

00:10:32: So the takeaways for you are clear.

00:10:34: First, pragmatic security is driving ZT and PQC adoption fast.

00:10:38: Second, digital sovereignty is now about actionable strategy like the EUDI Wallet.

00:10:43: And third, the convergence of AI in quantum is redefining computation itself.

00:10:48: If you enjoyed this episode, new episodes drop every two weeks.

00:10:52: Also, check out our other editions on cloud, defense tech, digital products and services, artificial intelligence, sustainability and green ICT, defense tech and health

00:11:01: tech.

00:11:02: And here's a final thought for you to take away, building on that idea of ZPPR and agentic AI.

00:11:07: Given this rise of machine speed decisions where every single action needs to be verified instantly, how will your organization make the transition from securing human-paced sessions to governing machine pace packets and the non-human identities they carry.

00:11:20: It's the difference between auditing a conversation and auditing every single word all at once.

00:11:25: Thanks for diving deep with us.

00:11:26: Be sure to subscribe so you don't miss the next one.