Why cybersecurity has an open-source solution

While cybersecurity might seem like the sort of problem that requires layers upon layers of tightly-locked proprietary software, the truth is that constant iteration and collaboration is significantly more effective at combating new threats quickly. To learn more about the benefits of open-source work in cybersecurity, and the way that cyber has changed in the past handful of decades, we spoke with Michael Shinn, CEO of Atomicorp.

ABERMAN: What is Atomicorp doing, and how do the current trends in technology really make something like Atomicorp more important than we can even imagine?

SHINN: So, our entire business exists because of the paradigm shifts that companies like Amazon, Google and Microsoft, and even now IBM, have done to computing. And that is that they’ve created the virtual environments in which people can deploy their applications without having to own servers anymore, without having to build networks anymore, without really even having to understand any of that. And that’s radically changed the way that we do cybersecurity. The way we’ve always done cybersecurity is that we build secure networks, and then we put things in them.

And what that really means is, we build a castle, we own the castle, we put a wall around things, and we put stuff inside it. These new environments aren’t castles. We don’t own them. We don’t have the walls around our assets. And so what we have to do now is, we have to build networks with secure things on them. And that means those things have to be completely secured in a world where there’s no walls.

ABERMAN: So in effect, the security moves with the data, rather than the security creating a moat around the data.

SHINN: That’s exactly right. And that is something that you have to do to take advantage of the really amazing technologies that companies like Amazon and Google and Microsoft have brought to their customers. And what they’ve given them the ability to do, aside from doing all of these things in a much easier way, is they’ve made it possible for people to scale up and scale down their infrastructure in real time. And so what you just said is really the core of the security problem. Your data is moving all around these environments, all around the world, in real time, and you have to take the security with it. You can’t rely on the old model of, we’re just going to stick a firewall in front of it. We’re going to have an IDS, and everything’s gonna be fine.

You know, I have an interesting story on that. The whole reason that the whole firewall IDS world exists is because–I’m old in cybersecurity terms, I go way back to the early 90s–is that we were trying to find an easier way to secure things when we actually first started doing this, back in the 80s and early 90s. Most of the systems that were out there weren’t behind firewalls, and we didn’t have IDS’s. So, we recognized that it was challenging to secure all of these systems that we had. So we went with the easy option, which was well, we’re just going to try and keep everybody out, and that doesn’t scale. You know, that’s really the magic of these technologies that Amazon and everyone else has brought out is that, we’re putting systems back on the Internet where they’re faster, and they can scale up quicker, and you can have as much as you want whenever you need it. But that means we have to solve a problem that we’ve been putting off for decades. We actually have to make those systems secure.

ABERMAN: That’s cutting edge stuff, and in a lot of ways, the kind of stuff that I really like seeing in our entrepreneurial community here. There is a trend that you’re in front of that I think people should benefit from learning a bit more about: you use open source technology. Can you describe what open source is, and how it’s useful as a business model for technologists like you?

SHINN: Yeah. So you know, my colleagues in the open source community may have their own sort of different definitions about what they think open source is. But for me, open source has always been about the fact that if there’s something that I wanted to change in the software, I could do it. And that’s really the core. There are lots of other benefits of open source. It might be free, there might be a lot of people working on it, maybe there’s a community. But for me, it always started with the fact that I had a piece of software that I’m using, and I can make enhancements, changes and fixes

ABERMAN: True hacker culture.

SHINN: That’s right. And in cybersecurity, that’s really important. There’s lots of really smart people out there. It’s not possible for any cybersecurity vendor to understand every possible situation in which their product might be used. The people who are going to understand that are the people who are closest to the problem. And it’s great if you can make it possible for them to enhance your software, and hopefully contribute that back to you. All boats rise together. So in the security world, we see some of the more interesting or powerful cybersecurity technologies, like snort, it blew away all of the other network based IDS’s that were out there, all the proprietary ones.

NetRanger at Cisco, and RealSecure at ISS, and so on, were out there many years in advance, but they couldn’t keep up with what the bad guys were doing. You’ve got to keep coming up with ways to enumerate and test vulnerabilities. Well, you need lots of people to do that. And it’s really hard to figure out what those are. Maybe they’re unique to a particular customer, or maybe that customer has a really smart person. So we believe very strongly in that because we don’t think cybersecurity can scale, if you don’t make it possible for the people who understand the problem to tell you about it. And there’s a great way to do it: it’s by giving them the source code and letting them modify.

ABERMAN: It’s really interesting to me as we come to the end of our time together, is how the world’s moved full circle. You think about Silicon Valley, and the hacker culture that created Apple and so forth, and how it’s become much more about closed networks and proprietary models. And yet cybersecurity, it sounds to me, is a place where we’re actually rediscovering or reinvigorating this idea of serving the public, and serving ourselves by collaborating.

SHINN: Yeah. They’re not mutually exclusive in this case. There certainly are reasonable business and economic arguments to be made for proprietary things. You know, as the old saying goes, hoarders will make piles of money. But cybersecurity is a hard problem, and you need people to contribute to that, and you can’t really do that if you don’t make it possible for them to contribute. And open source is one great way to do that.

ABERMAN: One last question. A lot of entrepreneurs think about raising money. You’ve just raised some additional outside funding. What is the hardest part about taking outside money when you’re an entrepreneur?

SHINN: It’s funny. I was at an event last night where the CEO for GoCampus was talking, and it was deja vu. You know, we all talk about how we’d rather spend time working on our companies than raising money, but if you’re going to be an entrepreneur, you almost have to become a professional fundraiser. That’s a big part of being an entrepreneur. You need capital to be able to grow. So I think the biggest challenge about it is recognizing that that’s your job, and you’d rather do other things like build your product, and talk to your customers, and maybe do sales or whatever the case may be. But you can’t grow without capital. And you know, that’s something you have to learn as you go I guess.

ABERMAN: Because there’s your old line: you can’t fight gravity.

SHINN: No, you cannot. And you need a lot of capital to overcome gravity.

ABERMAN: There you go, and don’t become a black hole, or maybe you want to. But Michael Shinn, thanks for coming and spending time with us today.

SHINN: Thank you, Jonathan.

ABERMAN: Michael Shinn from Atomicorp.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.