Best of LinkedIn: ICT & Tech Insights CW 39/ 40

00:00:00: This episode is provided by Thomas Allgaier and Frennis, based on the most relevant LinkedIn posts about ICT and tech insights in CW three nine forty.

00:00:09: Frennis supports ICT enterprises with market and competitive intelligence, decoding emerging technologies, customer insights, regulatory shifts and competitor strategies.

00:00:18: So product teams and strategy leaders don't just react, but shape the future.

00:00:23: Welcome to the deep dive.

00:00:25: We're here to.

00:00:26: cut through that endless feed of information.

00:00:29: Our goal is to pull out the really strategic intelligence from the ICT and tech world over the past couple of weeks.

00:00:34: Yeah, basically give you a shortcut to the key conversations happening right now.

00:00:37: What's driving the spend?

00:00:39: Where are the new risks popping up?

00:00:40: And, you know, what should you really be prioritizing?

00:00:43: And we've definitely tracked a fascinating shift, haven't we?

00:00:45: It feels like the talk is moving away from just,

00:00:48: well, Geary.

00:00:49: Exactly.

00:00:50: It's much more focused now on concrete pragmatic action plans.

00:00:54: The big themes we're digging into today are things like security hardening zero trust, especially the very rapid and kind of complicated rise of autonomous AI agents and this real strategic urgency around digital sovereignty and getting ready for quantum.

00:01:10: Okay, let's unpack that.

00:01:12: Starting with security, hardening the identity, I guess, is that the modern way to put it, zero trust or ZT.

00:01:21: it feels like it's finally made the jump from buzzword to, well, the standard operating model.

00:01:25: Oh, absolutely.

00:01:26: We saw people like Sebastian Ankhize, Abhinav Singh, really hammering this home.

00:01:31: ZT isn't optional anymore.

00:01:33: It kind of has to be the default now, doesn't it?

00:01:34: Because that old idea of a perimeter is just...

00:01:37: gone completely dissolved.

00:01:38: yeah you've got cloud services remote workers everywhere hybrid setups john spiegel flag that relying on those you know vulnerable old vpns for remote access is just asking for trouble now

00:01:50: especially with all the credential leaks and stuff we keep seeing

00:01:52: right.

00:01:53: so zt with its core ideas like continuous verification least privilege access.

00:01:58: It's really the only architecture that holds up in today's world.

00:02:00: And what's neat is how comprehensive it is, Carl Sotter pointed out.

00:02:04: It's not just about human users.

00:02:05: It secures identity, machines, the network, cloud, and AI.

00:02:09: Which makes it feel a bit more future-proof, at least for now.

00:02:13: And this isn't happening in a vacuum.

00:02:15: There's intense pressure driving this.

00:02:17: Stephen Martin-Rudgen highlighted healthcare.

00:02:19: Oh yeah, the ransomware numbers there are staggering.

00:02:22: Unbelievable.

00:02:23: A hundred and eighty one attacks this year alone, exposing records for over twenty five million patients.

00:02:29: I mean, when failures have that kind of impact, you just can't afford to wait until after something happens.

00:02:35: That kind of urgency, though, leads to another problem.

00:02:38: Managing the flood of threats, ZT and other tools uncover.

00:02:42: Laura Vaughn had that sharp take, didn't she?

00:02:44: The NVD backlog.

00:02:46: broke vulnerability management?

00:02:47: Yeah, that really resonated.

00:02:49: We all remember that phase, right?

00:02:50: Chasing every single high CVSS score.

00:02:53: Treating every nine point eight like the sky was falling.

00:02:55: Exactly.

00:02:56: And engineering teams just got numb to it.

00:02:57: They started ignoring the alerts.

00:02:59: So what's changing?

00:03:01: It seems like there's a more strategic approach emerging out of that.

00:03:03: Well, that crisis.

00:03:04: There is.

00:03:05: And it's fascinating.

00:03:06: Security teams are finally moving away from just blindly following those static scores.

00:03:11: They're adopting a much more effective way to prioritize.

00:03:13: Okay.

00:03:14: And that's based on what?

00:03:15: Three main things.

00:03:16: Pretty much.

00:03:17: First, Sys's KV list, what's actually being exploited out there right now.

00:03:22: Okay, it makes sense.

00:03:23: Second, EPSS, the exploit prediction scoring system, that gives you a probability, like a dynamic score of if something's likely to be exploited soon.

00:03:33: Right,

00:03:33: adds a predictive layer.

00:03:34: And then arguably the most crucial bit.

00:03:37: Asset context.

00:03:39: You layer on what systems actually matter to your business, what affects revenue, what keeps the lights on.

00:03:45: That's the smart part.

00:03:46: Instead of every theoretical risk, you focus on the imminent relevant ones.

00:03:51: Laura Vaughn mentioned that client who used this.

00:03:53: Yeah, that was amazing.

00:03:54: They cut down something like two thousand vulnerabilities they'd flagged as critical down to just two hundred.

00:03:59: that needed immediate action.

00:04:01: Wow, that's a huge efficiency win for the teams doing the fixing.

00:04:04: It really is and that efficiency ties into a bigger picture organizationally.

00:04:08: William McBorrow was challenging that whole security first idea.

00:04:11: I'm saying security isn't the mission itself.

00:04:14: Right.

00:04:14: It's the enabler of the mission.

00:04:16: Hmm.

00:04:16: Okay.

00:04:17: But for companies in really regulated fields, does that distinction actually change anything on the ground?

00:04:23: Like budget wise or mandate wise?

00:04:25: I think it changes the conversation.

00:04:26: It forces security to talk business outcomes, you know, speed, keeping things running, revenue, not just FUD and compliance checkboxes.

00:04:34: And it forces collaboration.

00:04:36: Oh, OK.

00:04:36: Mark Simon stressed this point.

00:04:38: To really defend against sophisticated attacks like live off the land, where attackers use legit credentials, you have to understand what normal looks like for your systems and data.

00:04:47: Which you can do in a silo.

00:04:49: No way.

00:04:50: IT, security, the business teams, they all need to be aligned on what normal actually is.

00:04:54: And quickly, before we move on, we shouldn't forget the absolute basics.

00:04:58: Elliot Franklin, Patrick Federer.

00:05:01: They reminded everyone that things like MFA Decent password managers being aware of phishing.

00:05:06: That stuff still stops most simple attacks.

00:05:08: Set a vital point.

00:05:10: But what happens when the identity isn't human?

00:05:12: That takes us neatly into the next big theme.

00:05:14: Agentic AI.

00:05:15: Okay, this feels like the real bleeding edge.

00:05:18: And a massive new identity challenge, right?

00:05:20: Mark Rushwin laid out the risk.

00:05:23: These AI agents are autonomous.

00:05:25: They make decisions they have privileged access.

00:05:27: And crucially, they can create other identities potentially outside of your normal IAM controls.

00:05:32: Unmanaged identities.

00:05:33: That

00:05:34: sounds messy.

00:05:34: It

00:05:35: is.

00:05:35: And they're coming fast.

00:05:36: Deloitte reckons half of all companies will be using agentic solutions by twenty twenty seven.

00:05:41: Security readiness is way behind the deployment curve.

00:05:44: So if these agents are identities.

00:05:46: we need to secure them like identities.

00:05:49: But how do you secure something autonomous that makes its own choices?

00:05:52: Well, Pratt-Mohanty proposed a concept he called a digital passport.

00:05:56: It uses tech like decentralized identifiers DDs for a unique crypto ID for the agent.

00:06:02: Okay.

00:06:02: And verifiable credentials, VCs, which act like visas, basically, defining what permissions the agent has.

00:06:08: It's essentially know your agents, KYA, using things like DLT to build trust.

00:06:13: Makes sense.

00:06:14: If they're identities, then visibility is key.

00:06:17: Identity observability, as Mark Crush would call it, you need that to spot things like shadow AI.

00:06:22: Exactly.

00:06:23: That's employees using personal accounts or, you know, unapproved tools to access powerful AI, completely bypassing corporate security.

00:06:31: Observability helps you map all accounts, even the shadow ones, into one view.

00:06:35: And that visibility.

00:06:36: is critical when these AIs start talking to each other, right?

00:06:39: Through this model context protocol, MCP.

00:06:41: Yes, and Matthew Rosenquist reported something pretty alarming there.

00:06:45: It's not theoretical anymore.

00:06:46: They found the first malicious MCP server.

00:06:49: Malicious.

00:06:50: What was it doing?

00:06:51: Covertly copying sensitive data, like emails, while models were communicating.

00:06:56: Wow.

00:06:56: So the communication protocol itself is an attack surface.

00:06:59: And that MCP registry Matt Conwiser mentioned.

00:07:02: Sounds like the next DNS level of vulnerability waiting to happen.

00:07:06: It could be.

00:07:07: He warned it exposes model capabilities and knowledge, multiplying the risks if it's not designed securely from the ground up.

00:07:13: So what's the defense?

00:07:14: Tulshapsa argued for moving away from lots of distributed connection points towards a centralized MCP proxy architecture.

00:07:22: Think like a single smart gateway, maybe using something like Google Cloud to enforce policies, inspect traffic for threats, and protect the perimeter.

00:07:30: Right,

00:07:31: centralized the control point.

00:07:32: Okay, shifting gears a bit.

00:07:34: From today's AI threats to future proofing, quantum readiness came up a lot.

00:07:40: Two sides to this, right?

00:07:42: Threat and promise.

00:07:43: Definitely.

00:07:44: Starting with the threat, Dr.

00:07:45: Jan Wanger was emphatic.

00:07:47: We need to adopt post-quantum cryptography PQC now.

00:07:50: Because of the store now?

00:07:52: decrypt later risk.

00:07:53: Precisely.

00:07:53: If you're an automotive with long product cycles or handling sensitive government data, you have to assume any encrypted data grabbed today could be cracked wide open once quantum computers get

00:08:04: powerful enough.

00:08:04: So the main action now is building crypto agility, being able to swap algorithms easily.

00:08:09: That's the key readiness step, making systems flexible so you're not locked into something that becomes obsolete.

00:08:14: Okay, but then there's the flip side, the promise.

00:08:17: Quantum AI.

00:08:18: Yeah, Jan Michalon described it as this whole ecosystem emerging quantum machine learning hybrid quantum classical systems.

00:08:26: It's not just slightly better AI, it could potentially supercharge training models, solve logistics problems that are just impossible for today's supercomputers.

00:08:35: And there was some news on the stability front, wasn't there?

00:08:37: Making it seem less like science fiction.

00:08:39: Huge news.

00:08:40: Steve Suarez reported on Harvard physicists achieving over two hours of continuous quantum operation.

00:08:46: Two hours?

00:08:47: Up from milliseconds.

00:08:48: How?

00:08:48: Using something called an optical lattice conveyor belt to feed atoms in continuously, like three hundred thousand atoms per second.

00:08:56: That's incredible.

00:08:57: What is that?

00:08:57: due to the timeline?

00:08:58: Well, it really challenges that standard five plus years away prediction for practical quantum.

00:09:03: If this kind of progress holds, we might be looking at real applications in maybe two to three years, which

00:09:08: just ramps up the urgency on everything, especially PQC.

00:09:11: Absolutely.

00:09:12: And that need for urgent strategic action brings us to the final theme, digital sovereignty and infrastructure realism.

00:09:21: Digital sovereignty feels like it's really moved up the agenda, especially in Europe.

00:09:26: Lena Jakubowicz noted that seventy-eight percent of execs there are more worried about digital dependency than they were a year ago.

00:09:33: It's shifting from a political talking point to a core business continuity issue.

00:09:38: Dependency equals risk and governments are acting.

00:09:41: Montgomery Singman mentioned the EU putting one billion into homegrown AI innovation.

00:09:46: Trying to reduce reliance on, well, the usual suspects.

00:09:49: Exactly.

00:09:51: Axel Voss is pushing to cut foreign tech dependencies down to forty percent by twenty thirty, looking at things like an EU cloud and AI pilot program.

00:09:59: But the example that really hit home, the most maybe provocative one, was Dionne Wiggins' analysis of Microsoft cutting off cloud services to Israel's unit eighty two hundred.

00:10:09: Yeah, that incident just lays it bare to us.

00:10:11: a corporate decision instantly trumped a state-level relationship, state

00:10:15: power even.

00:10:16: It shows that relying on external infrastructure owned by another entity, even an allied one, means your existence is effectively conditional.

00:10:23: Absolutely.

00:10:24: If a nation's critical unit can be impacted like that, think about the vulnerability of a regular company.

00:10:29: And the final piece of this infrastructure puzzle is, well, power?

00:10:35: energy.

00:10:35: Pascal

00:10:36: Bournette shared a frankly alarming projection.

00:10:38: AI data center power demand could quadruple in a decade.

00:10:43: Yeah, potentially hitting four point four percent of global electricity used by twenty thirty five.

00:10:48: If data centers were a country, they'd be the fourth biggest energy consumer worldwide.

00:10:52: That's unsustainable.

00:10:53: We need, as he put it, cleaner, most energy efficient intelligence.

00:10:57: But

00:10:57: we don't even have good data to manage it yet.

00:11:00: Salman Q pointed out a review where energy estimates for data centers in twenty twenty varied by nearly six times.

00:11:05: From

00:11:06: two hundred TWO to twelve hundred TWO.

00:11:08: That's a massive difference.

00:11:09: Huge.

00:11:10: We urgently need better transparency from the industry on actual consumption.

00:11:14: And just keeping the current stuff running is getting harder.

00:11:17: Well, King Rodriguez and a bond noted how critical precision cooling is becoming, especially with the heat from AI and edge computing.

00:11:23: Energy isn't just a cost.

00:11:25: It's a limiting factor now.

00:11:26: So pulling it all together, the underlying theme is really preparedness, isn't it?

00:11:30: Across all these fronts, quantum, AI identity, corporate control over infrastructure.

00:11:35: Yeah,

00:11:35: multifaceted preparedness and digital sovereignty is clearly shifting from just debate to actual infrastructure, build out plans and leaping back.

00:11:46: to Mark Simon's point about defense, you have to know what normal looks like.

00:11:51: Anomaly detection is useless without a baseline.

00:11:53: Right.

00:11:54: Which leads to our final provocative thought for you, the listener, thinking about your own organization.

00:12:00: What are the top three normal activities?

00:12:02: Maybe specific data flows, maybe certain admin script executions, maybe key network traffic that are currently honestly invisible to your security team.

00:12:11: Because that's probably where your biggest, most unpredictable risk is hiding.

00:12:14: Definitely

00:12:14: something to think about.

00:12:16: If you enjoyed this deep dive, new episodes drop every two weeks.

00:12:19: And please do check out our other editions covering cloud, defense tech, digital products and services, AI, sustainability and green ICT and health tech.

00:12:27: Thank you for joining us for this deep dive.

00:12:29: Don't forget to subscribe.