Telecom Review spoke to Aloysius Cheang, chief security officer, Huawei UAE about the latest on-goings in the cyberspace and the urgent need for human collaboration to address the pressing issues faced by the cybersecurity sector.
What are Huawei’s offerings in network and data center security at GITEX this year?
Huawei’s theme at GITEX 2021 is ‘Dive into Digital.’ So we're offering practical implementations of any solution, product and service that will help organizations accelerate their digital transformation, and do so securely. So that would include not only the servers and storage capabilities that we have, but also many other new solutions in digital power, smart government, and various other industry sectors such as smart transportation and logistics.
According to recent findings, 85% of cyber breaches involved the human factor, how can organizations address this problem in a dynamic field as cybersecurity?
When we talk about security, it is always trying to balance the risk coming from the established processes in place, the technology that is used, and most importantly, people. In fact, people are often considered the weakest link. So to address this issue, it’s important to increase individuals’ literacy in cybersecurity, which means not only doing more regular user education programs, but building a culture of security into your organization.
Please elaborate on the concept of cloud single sign-on (cloud SSO). What are its pros and cons?
Single sign-on is one way to authenticate oneself on the Internet. So, by using one particular authentication service, you could actually authenticate yourself to many different services that you might want to use on the net. For example, from emails to even games, you can just use the same authentication service with the same set of credentials for access to all the services.
So from a productivity perspective, we actually make it easier for you to consume new services. It makes sense to promote SSO because it actually helps accelerate the adoption rate. However, at the same time it also comes with potential security problems because you're putting all your eggs in one basket. With the option of using one password and one credential to sign-in on all services, it means that once those elements are compromised, there is a good chance that everything might be compromised. So, it’s sort of a trade-off between practicality and security.
Ultimately, it’s important for the credential service provider to make sure that they get things right from the beginning and they are conscientious in ensuring that they are not compromised with DDOS attacks and assure no data leakages of the users’ credentials. At the end of the day, SSO is all about the convenience and security is all about enabling business, so we have to consider these aspects together.
In what ways can cybersecurity operators collaborate to safeguard digital assets of organizations?
A lot of discussion has been ongoing globally among countries and organization, about the need to view cyber norms; to understand how things work, what the rules are, and the regulations needed in cyberspace.
The way to build and develop these cyber norms is by establishing dialogue, and for everyone to sign on to these norms. As of now, there is no single platform where this can be done, even at the UN level, although they have been looking to do that for the past few years. As digital reality intersects with our physical world, we're actually moving into a new era where 5G, cloud, and blockchain will become basic tools, enabling tools ranging from IoT to AR/VR.
In this sense, it's very hard to draw a boundary of what you want to control digitally. But we definitely need cyber norms right now. Realizing the execution of such norms either by regional groups, such as the Arab League or the OIC in the Middle East, is something we all should be focusing on so that we all can work on the same set of rules. These rules may take some time to adopt, but for the cyberspace, we can’t wait any longer.