Paul Stringfellow is a technical expert who has close to 30 years of experience in the IT field. He is an IT director at Garden Systems, UK. Apart from the day-to-day task, he also runs a platform Techstringy, where he exposes his tech enthusiasm through podcasts, articles, daily newsletters etc. Paul is very much interested in the Security part of an organization, and that is one of the main reasons to have him on our show.
Most of the organizations deal with the traditional security models that are based around a location. It will revolve around their information, applications, and users, being within a data centre or head office, using enterprise IT equipment.
By adopting the cloud, all those things have changed; data no longer lives inside the data centre on its own. It will live inside of Azure, some of it will live inside of 365, some of it may live inside of Google workspaces, or over the SAS platforms, maybe SAP or Salesforce. Therefore, the data becomes very distributed but serve the workforce, and the workforces become equally distributed with people irrespective of location.
Paul helps organizations to understand the security evolution. To be more précised, the first thing he gets tasked with is assisting organizations in understanding why they need to re-evaluate how they look at Security. Because in many cases, organizations still feel perimeter firewalls and antivirus software and some strict network internal controls inside of their data centre are going to be enough. They do not think about adopting 365, adopt storage as a blob store, thinking about OneDrive, or a whole range of other things. The most important thing that Paul helps organizations do is make them understand, train, and educate how the world has changed. He also helps them build a model where they start to see not only that Security has changed but that Security must be central and core to their thinking.
Security is not an afterthought; Security is a core design goal. Whether the organization is designing infrastructure or designing applications, it is mandatory to make sure that it’s secure by default. It is essential to have security education so that those organizations who hold the data also make sure that they’re taking appropriate care. Paul states that this is the reason why the wealth has changed so much in terms of data regulation, whether it’s GDPR, whether it’s the California Data Protection Act or a host of other acts around the world.
Paul advises, “I think if there’s one thing that maybe people take from, our chat today is to make sure that they also educate themselves and understand why security impacts every element of what we do as IT professionals.”
Zero trust is a strategic shift that addresses a fundamentally new challenge. It does not rely on anything, be that trusted networks, secure perimeters, or identity. Instead, a zero-trust approach starts from a basis of assuming breach. Rather than trusting anyone, it trusts no one, and it believes we are all bad actors until convinced otherwise. Zero Trust needs to verify explicitly and only offers least privileged access, constantly monitoring and analyzing behaviour, warning or even automating responses to the potentially risky or threatening activity. To be effective, a Zero Trust approach relies on applying context to how our resources are used. This context is crucial to addressing the new and complex security threats the modern business faces.
You can also find more articles of Paul on Zero Trust security at the TechStringy website.
Paul speaks about a powerful tool that Microsoft have available inside of Azure, particularly for managing, is the idea of Privileged Identity Management. It is another core tenant of zero trusts. Privileged Identity Management is around making sure that they only link to the resources they need access to when users connect.
Paul makes a point that Microsoft did a great job in building Security into Azure 365. To adopt things like information rights management is hard to do on-premises but easy to turn on in the Microsoft Cloud. He also says that organizations should embrace the new security technologies they have access to, allowing them to build complex, robust, strong security strategies and policies. Microsoft will enable organizations to do that easily to get access, and these new working models present strong and promising solutions to many problems.
Paul is well known on the Internet through Techstringy. Techstringy is a platform where Paul conducts podcast and write a lot of articles. One of the things that he loves to do is to try and share some of his enthusiasm for writing through the daily newsletter. The core idea is to curate information together in areas of interest, in the day-to-day technology interest. Paul also mentions that “I love sharing knowledge with the community. That’s why I was thrilled to join you today and be part of your show, to try and share some of the ideas and some of the technology that’s available to help people better secure their kind of business assets as we change the way that we to look into work”.
Also watch thisvideo podcast here