Alexa Carlin (00:27): Hello and welcome to Accelerating Your AI Journey. I'm your host, Alexa Carlin, and today we're talking about security in the AI era, and how Lenovo and Intel are working together to help organizations strengthen their defenses.
Alexa Carlin (00:43): Joining me today is Surya Kuppuswamy, Director of Strategy and Product Management, Commercial Cybersecurity Solutions, at Lenovo. Welcome.
Surya Kuppuswamy (00:53): Thanks for having me.
Alexa Carlin (00:54): Yeah, thanks for being here. So just tell us a little bit about you and what inspires you to work with emerging technologies.
Surya Kuppuswamy (01:01): I've been in the IT space for about 25 years now, and I've always worked with emerging technologies as they've come in different waves. I mean, 25 years is a long time, and I've seen quite a bit of changes.
Alexa Carlin (01:16): It's definitely changed a lot.
Surya Kuppuswamy (01:17): Exactly. We saw a lot of emphasis on data and then we saw a lot of emphasis now with AI, and tomorrow it'll be quantum computing. So things just keep changing, but at the same time, the way I see them, they are just different ways of solving customer problems. So what motivates me to work on these emerging technologies, obviously, is to stay relevant. But at the same time, they give us tools to solve customer problems more efficiently every cycle.
Alexa Carlin (01:50): So talking about changes, how has the cybersecurity landscape evolved?
Surya Kuppuswamy (01:57): I would put that as a before-COVID and after-COVID statement. So before COVID, we used to work all in the office, and if you were in the office, you were considered relatively safe. You were within the firewall of the office within the building. And then a few people used to work remotely, but for the most part, you worked with the office-issued devices, office network, office infrastructure. So security was, I don't want to say easy, but it was relatively simpler before COVID.
Surya Kuppuswamy (02:31): And then when COVID happened, everybody had to just work from anywhere. From their house, from their apartments, just a whole lot of change. So to me, that just made it much more difficult to secure your data, your endpoints, your users. And to me, the need to now start protecting people in this world where we call work from anywhere world has dramatically made it important that we protect customers in different layers. So we protect customers' endpoints. Also, another way of saying customers' devices, the data that's on it, that network that they're communicating with. So you could be in a coffee shop, you could be sitting in a WeWork kind of environment. It just becomes important that we are able to protect users and their data and the corporates in different ways.
Alexa Carlin (03:28): Yeah, so it sounds like organizations need some type of comprehensive strategy to keep their users and proprietary data safe. So how does Lenovo help with that?
Surya Kuppuswamy (03:42): If I could take a moment here to talk about Lenovo ThinkShield, ThinkShield is Lenovo's brand of cybersecurity offerings, and we think of security in multiple layers. One thing that you see in the industry, what we call defense in depth, and that's basically saying that there are different layers of security built in to protect you. So just because an attacker could basically go through one layer doesn't mean that they've won. You build these layers in, so oftentimes there is fatigue built and you spend so much energy as an attacker trying to break one wall, and then now you see different layers, so you have to go through that.
Alexa Carlin (04:17): Try to slide them out.
Surya Kuppuswamy (04:18): Exactly. I mean, oftentimes, attackers are looking for easy payouts. So if they find that this is a difficult target, oftentimes they will move on to the next targets, unless they're wanting to be very persistent. So we consider that as something in the way we approach security, the different layers that we have, and we leverage Intel's vPro platform. In this case, we partner with Intel to make sure that our security is built according to the customers' needs.
Surya Kuppuswamy (04:45): So the three layers that we refer to security is the supply chain layer, and one of the offers that we are right now bringing to market is ThinkShield's Build Assure. And it's powered by Intel's Tiber Trust supply chain platform.
Surya Kuppuswamy (04:59): And the next layer of security that we consider is what we call below-the-OS security. And as soon as you jump from the supply chain layer, now you're talking about the firmware layer. And firmware is, and there could be multiple firmwares that are running under your device, is what controls the device. So oftentimes you don't see it, but if somebody is able to compromise that firmware, then basically, they're able to own the device. So it is very important as a hardware OEM that we are able to protect that device and its firmware.
Surya Kuppuswamy (05:33): And then the next layer above that is what we call the OS-to-cloud layer. And in this layer is what you see on the news almost every day. You see things about ransomware and phishing and the different ways that attackers are able to compromise their devices. And ThinkShield is a very capable portfolio in this layer because we work with companies like SentinelOne, we work with companies like BufferZone who offer technologies like SafeBridge and SafeData. That way, we make sure that if there are ransomware threats, we are able to mitigate that. And at the same time, if somebody's mistakenly clicking on links, which they're not supposed to do, but I think one thing we have to realize that these emails that you get, these phishing emails, are very genuine-looking now.
Alexa Carlin (06:19): They're very real.
Surya Kuppuswamy (06:21): Exactly.
Alexa Carlin (06:21): It's hard to differentiate.
Surya Kuppuswamy (06:22): Yeah. So one of the things that we recommend for customers is to make sure that their end users take these trainings to spot these mistakes or these emails. But oftentimes, you can get away with most of it, but now things are starting to sound very real and look very real. So with the technologies that we have in our portfolio with BufferZone, with SentinelOne, and along with what we are able to do with Intel and their processors, I feel like we are in a good position to offer something that the customers can trust and deploy to make their end users safe.
Alexa Carlin (06:53): Lenovo is known for having best in-class supply chains, so tell us a little bit more about how you ensure security from manufacturing and transport to provisioning and into users' hands.
Surya Kuppuswamy (07:07): This is a very relevant topic now because we are seeing in real time the supply chains realigning across different countries, different continents, and customers are concerned about the security of their devices through these different movements of supply chain. They want to make sure that the device that was built is the one that they're eventually going to receive. So what we have as a solution is very unique in this space because we are partnering with Intel. And with our secure supply chain and with Intel's expertise in silicon and their security, and ThinkShield, which is our cybersecurity brand, we have brought to market what we're calling the Lenovo ThinkShield Build Assure. This is the partnership that ensures that when we build a device in factory, we are able to take a digital snapshot of it. We send that snapshot over to Intel. Intel is able to digitally sign that as well and store it in their secure platform.
Surya Kuppuswamy (08:10): And what that allows the customer to do is when the device eventually gets provisioned to their end user, and you can see sometimes it could be days and sometimes it just could be weeks or even months in that case, and you need to make sure that the device eventually is validated before you're allowing that into your environment. This is also called Zero Trust Provisioning, which is making sure that you're verifying before you're allowing the device in your environment. So we are able to provide customers with the level of assurance, hence the name Build Assure, to let them know that what we build is what's being provisioned to your end user.
Alexa Carlin (08:50): So verify it and then-
Surya Kuppuswamy (08:52): Then you-
Alexa Carlin (08:53): ... verify again with interest.
Surya Kuppuswamy (08:53): Exactly.
Alexa Carlin (08:55): And this is unique to Lenovo?
Surya Kuppuswamy (08:57): This is unique to Lenovo, because the partnership that we have with Intel is what makes it unique. Because we can also self-develop this, because the solution is based on industry specifications from Trusted Computing Group, and there is NIST standards around it that we can deploy. But the expertise that Intel brings to the table and the cybersecurity expertise that we bring in makes this a very unique opportunity and a solution for customers.
Alexa Carlin (09:27): With the latest generation of Lenovo AI PCs being able to run AI workloads locally, how does ThinkShield take advantage of that capability?
Surya Kuppuswamy (09:39): One of the promises of AI PCs is that you can run AI models locally, so it's much more faster, much more responsive. And what we could do with Intel's core ultra processors, and also with SafeBridge technologies, we can make sure that these models are executing locally on the device. And for security, it becomes very important, because previously all the AI workloads used to run on the cloud, and then they used to send a response back to the device to say, this is what you should be doing. But that doesn't necessarily work for security. You need instant responses.
Surya Kuppuswamy (10:22): So having models execute on the device and take instant responses in any kind of security threat, for example, has always been something that is required. But now that we have AI PCs that allow us to do that, it's a net benefit in my view of how security is starting to operate and how customers are starting to appreciate how AI PCs are able to make them much more safer and secure.
Alexa Carlin (10:53): I have one final question for you. What makes the partnership between Lenovo and Intel unique?
Surya Kuppuswamy (11:00): Lenovo's supply chain is well-known to be a very safe and secure supply chain because we have extensive processes in place that our CSO manages with our global supply chain team. Because we know exactly where the components came from, we know are they genuine or not, what's in them, so there's a lot of questions that we're able to answer on our supply chain. It's a very extensive, large supply chain that spans global. It sets a very global footprint.
Surya Kuppuswamy (11:28): Intel is also very well-known for their silicon and their security aspects of what's built into the silicon. And then ThinkShield as a technology provider within Lenovo is also very well-known in terms of the security expertise that we bring to the table. We have research centers in Israel. We have very experienced security researchers around the world. And when we put all of these three things together, we feel like this is a recipe for a very safe and secure portfolio of supply chain security offerings that we bring to the customers. And we feel customers would appreciate that partnership and put their trust in us.
Alexa Carlin (12:10): Yeah. That definitely sounds like a great partnership, so thank you so much for joining me and sharing all of your knowledge.
Surya Kuppuswamy (12:17): Thank you.
Alexa Carlin (12:19): I'd like to thank my guest, Surya Kuppuswamy, Director of Strategy and Product Management, Commercial Cybersecurity Solutions, at Lenovo, for stopping by and talking with us today. And thank you for watching. Visit us online to learn more about how Lenovo can help you accelerate your AI journey, on the road to smarter AI for all.
MUSIC (12:49): Lenovo. Lenovo.
