KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
I'm hetero security for AI and automation at Erickson. So I have a global team of specialists and architects working with securing the AI automation that we're pushing out now with our products and, you know, helping the operators in the, the telecom area before this I've been working in, in the global, sorry, in the government sector. So I was hetero cyber security for the Swedish security service. And I was working with the fighter jets program in Sweden as well, the grip program.
And one interesting thing I've seen now, you know, going into telecom is the, the similarities where we have fighter jets, which are very technically advanced platforms, but they've been seen as a very different thing than, you know, normal it operations and that type of thing. But we're using more and more of the same technology.
You know, we see IDI pipelines, shorter, shorter release cycles for new versions and new features and that type of thing. And I'm seeing the exact same thing in the telecom industry as well, where it's been seen as a very separate type of technology, but we're using more and more of the same tools, the same type of development to, to be able to give the new features that all of the different operators and all different people using this technology needs.
So on the agenda today, I'm going to talk a little bit of cyber security and AI and automation, how, how this relates, detect telecom convergence, a little bit of what I was mentioning before, you know, how, how this, how this is affecting the entire industry and then security for analytics and some considerations for bot automation security as well. So cybersecurity is a term. It gets thrown around a lot and it can mean different things in different contexts. So when I'm using it in this context, this is what I mean, you might have seen this before.
It's a mind map by, by that's used in, in the industry a lot to kind of showcase what, what it means, the different domains of cybersecurity. I'm not going to go into the details of this, but it kind kind of shows all the different domains that there are.
And, you know, if you, if you got pairing, you look at like security architecture, go to the right. If you go to the right of that, you have encryption standards, this is something someone can spend their entire life doing just that. And that kind of shows how vast this area is. And it's expanding.
So for AI, AI risks, AI security, it's not really on the map yet. So this is something that I see, like this is expanding and this is something that's going to be, you know, incorporated as well. And this is, you know, some of the risks that we're working with right now, and we're seeing this is growing both in terms of what we're doing, but also I know the questions we're getting and everything. So why security is important for us Dexon is that we see that the importance of data is just going up and up.
It's, you know, everybody wants both us as a company, but also all the operators that we're supporting to be able to make data driven decisions. And for this, you need to have good data and good data management.
And, and, and the value of this for the business is something that, you know, it's called the new, the new oil for a reason, you know, and we also have, you know, reputational and comp and, and reputational and compliance risks where we're seeing, you know, attacks taking down companies, you know, every month, every week, every day now, and also, you know, compliance risks where we have, you know, these huge fines that all of, all of us, all of our companies are risking if we're not managing this in the correct way.
So, so this together, you know, makes it that, you know, security and privacy are two aspects that, you know, we have to put a lot of resources into. So when I talk about automation and AI automation, the, the, the use cases are mainly connected to savings because, you know, we have a lot of manual manual steps in a lot of the processes that we have across the globe when we're talking about the telecom sector and different different operators have come, you know, the maturity is at different levels, but for everybody, there's a lot of savings to be made.
And this is, you know, why a lot of effort is put into this. And then when I'm talking about AI, I'm talking usually still about automation, but automation of cognitive tasks. And this is not, you know, the, the AI that's, you know, taking over the world with, you know, general intelligence that can do anything. It's very, very good, but at very specific things.
So it can, you know, take, take a lot of the, the low hanging fruits, so to speak and to, to free up time for people to do more cognitive tasks. So talking about AI, we have to talk about data because without data, without good data, without good data management, you can't have good AI and machine learning algorithm. It just doesn't work.
So what you see here is our architecture and looking from the bottom here, you know, we have the different data sources, both enterprise data, external data and customer network data, and going up, we have the ingestion storage with data lakes and data marks and data warehouses. And then you have the processing and actual consumption with dashboards and, you know, presenting this data in a relatable way. And through all of these layers, you have both security and privacy.
So data analyzation, for instance, is one, one important aspect that we're bringing into this just to be able to, you know, making sure we have the privacy in mind when working, you know, across the globe with different operators also, you know, with security and identity and access mentioned also super important and running through all this, we also have the da data management with data stewards and different data roles that, you know, are responsible for making sure we have good quality in terms of, you know, the data that we're restoring and presenting.
And, you know, when we're talking data-driven decisions taking action on this is how we're working with agile. So this is, this is how we have set up our, our safe based ways of working with our portfolio teams, teams on top, where all the demands are coming in, and we're looking at strategies, we're looking at the budget, we're looking at the business value that the difference different automations or analytics can bring.
Then we have in the middle, the solution layer where we're combining third party and global solutions together with local bespoke solutions based on the different customer needs and the different operators.
Then on the bottom here, you'll see, we'll have all the different, you know, agile release trains driven by the product owners and the developers and working together with operations teams to make sure this is available for the different customers security for analytics specifically, which is, you know, one of the main use cases for AI and machine learning is, or yeah, some of the, the considerations that we need to think about and, you know, that are extra, extra important.
Of course we have all the basics with the frameworks and the general security work, but we have to focus specifically on security for the data integrity that I was talking about before with the data management and also security for the dashboards.
So I have some, some specific aspects that we're looking into and that we think you should take into consideration with and working with this type of data and this types of analytics and that, you know, to have this base or read only, you know, when you have the data, when you're making it available, it's having customer user groups, depending on who needs access to this data encrypt on the column level and also consistent audit and cleanup.
And I would say that's the most important part, just because, you know, when we have people moving around in organizations, it's very easy to, you know, add off the different, different accesses that they get.
And to be able to do this, have some questions here, like who has access to which data sources, you know, to consider and, and, and do interviews and, and making sure this taken care of who has access to sensitive role level data, who are the admins who can access all of this and who has access and doing, you know, the dashboards with the sensitive information, because this adds up over time. If you're not on top of this also, you know, the AI journey that you know, we're on and the operators are on as well.
We have very complex demands because a lot of people want to put a lot of effort and resources into this, but they might not know where they want to end up. So this can be a bit problematic. Then we're using, you know, the trust and partnerships that we're building up with the different operators around the world to be able to, to help them make this transformation. So now 2021, we're looking at being able to help them with data driven decisions.
Then, you know, in the next few years now, we're leveraging that data in with, with AI and automation and AI and machine learning, to be able to give a good insights. And then, you know, 22 to 25, we're looking to intent based networks and, you know, pushing towards the next level of where we need to build from the baseline that we have already created.
So for the tech telecom converges that I was talking about, you know, these are different sectors, but we're seeing that we're using the same type of technology, the same type of tools to be able to provide the same type of, of positive impact that we see that, you know, it organizations are having on the businesses. So this is how we're looking at DevSecOps and automated security testing, where we have these different controls in the pipeline.
So when we're talking about research and development, we have a pipeline where we're looking at, you know, supply chain risks and scanning the different containers and scanning the different dependencies that we have and making sure we have compliance checks, vulnerability, scanning, static code analysis, and that type of thing.
So in terms of, you know, when the latest, latest version is ready and it's signed and it's available either to go out to the customer, then they have their pipeline that they're using and they have their responsibilities, or we're, excuse me, we're doing it as managed services. And it goes to our pipeline where we keep doing, you know, vulnerability scanning, and we keep doing pen test and red team exercise and everything, making sure we haven't missed anything in the pipeline, but this is how we're pushing left in terms of, you know, making sure we have the right security in place.
Lastly, for bot automation, we, we have some, some considerations to, to think about here as well. So it's ensuring accountability for about actions because it's very easy when we're talking about people, because then we usually have an organization, we have a manager who's responsible for a certain area. And if people are, you know, doing things and unintentional bad things happens, it quite easy to see, okay, this is, this is who we need to talk to. This is how we'll fix this.
But if we're putting in bots to do repetitive tasks and while, you know, one or two or three might work fine, but you know, when these add up and all of these together, cause a problem, who's who's who are we going to talk to? Is it, is it the line manager? Is it the developer? Is it the product owner? It can be quite confusing. It's just like keeping track of that is quite important.
Also understanding who has access, what bots has access to what data, making sure we're using the principle of list privilege to make sure, you know, it's not, especially when, when we have people working on this together, we can have quite big exposure towards, towards the bots and the data that they, they can access, understand documenting the logic, reviewing transactions weekly, just making sure, you know, following up on the type of work that we have bots doing instead of people, and then view avoiding abuse and fraud pro protecting log integrity and lastly, secure development. Of course.
So that was it for me. Thank you very much for your attention and the opportunity to be here. If there are any questions.
