Security has become a primary concern for governments, industries, and individuals as 5G, devices using 5G, IoT, and cloud and edge use to store data rapidly increases in growth. The global 5G security market is expected to grow from $1.2 billion in 2022 to $12.5 billion in ten years, a CAGR of 26.4 percent.
Recently, I spoke with Nancy Wang, Director / General Manager for Amazon Web Services (AWS) Data Protection and Data Security, where she oversees P&L, product, engineering, and design. Her previous roles include the Head of Cloud SaaS Products at Rubrik, Lead Network Product Manager at Google, and Lead Program Manager of Federal Clients at Deloitte, among others. Wang is also the Founder and Board Chair at Advancing Women in Tech (AWIT), a global non-profit organization that trains and coaches women to be leaders in tech. AWIT has over 16,000 members in only five years since its inception in 2017.
Here are a few key observations from our conversation.
Advancing Women in Tech
Wang began our discussion by sharing her passion project to help women in tech advance their careers. Wang wants to have an impact in accelerating and advancing more women and women of color into leadership roles where they can be in prominent positions, influence hiring and promotions, and so on. She noticed that many skills that are a fundamental sort of playbook or guide to becoming a leader are generally not taught in undergraduate or business school. At AWIT, Wang ensures their workshops focus on leadership skills, such as influencing global teams, hiring international teams, and handling acquisitions. The topics in these workshop experiences nurture skills typically learned on the job or passed down as knowledge.
The Growth of 5G and Its Impact on Security
Wang noted that her team’s mission is to protect data wherever AWS customers might have that data, whether in the cloud, on their premises, in hybrid clouds, or at the edge. As open source grows, there is a new impetus to make their code more secure, which led the conversation to increased supply chain and software vulnerabilities that can exist with 5G. Currently, and also for the foreseeable future, 5G supply chains are inherently limited. These vulnerabilities exist, and as different devices are rushed to market, it increases the possibility of faulty and insecure components. Since 5G is more reliant on software, it also increases the risk of exploitation of the overall network infrastructure.
Data Security and the Law
Our discussion transitioned to data security and the legal requirements imposed by governments. Wang brought up Europe’s General Data Protection Regulation (GDPR) and the fact that it’s being used as a model across different countries. States like California, Arizona, and New York, are also using GDPR as a template for their data security regulations.
Wang spoke from her personal experience in working with a UK-based regulatory data security body called the Cross Market Operational Resilience Group (CMORG), whose charter is to help financial institutions secure and protect their data. Wang and her team went in and designed a reference architecture using AWS services that could help these financial services institutions’ architects and ensure that their data was immutable and retained for the number of years required by that industry.
What Are We Protecting?
There are different views on what data security entails. Some focus on protecting the network, compute, storage, and the data itself. According to Wang, most of the Fortune 500 customers she speaks with primarily focus on protecting two things in the data center: the network and the compute security. Historically, this was sufficient because computing and data were coupled. Now, they are often decoupled with the cloud, which is what customers like about it. What Wang is seeing evolved both from security startups that she works with. There is also DSPM or Data Security Posture Management. DSPM protects data as a first-party construct of knowing where the data is. It classifies that data as mission-critical or not to ensure that you are setting the right IM policies and the appropriate access policies to keep that data always protected.
Words of Wisdom for CIOs/CISOs
I asked Wang to share tips for CIOs and CISOs regarding security moving forward. Her advice was for them to meet more early-stage security startups, because she believes that is where a lot of innovation is happening. As a CIO or CISO, it is essential in their role is to guide these companies in producing the best in class for data in rest, data in motion, protection, and solutions.
To learn more about 5G and security, listen to the podcast hosted by Ashish Jain, CEO and Co-founder, PrivateLTEand5G.com and KAIROS Pulse.