Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to 60 facilities in 20 countries on six continents and some 35,000 employees spread across the world.
Like most enterprises, Sanmina, a big name in contract manufacturing, is also adapting to a new IT environment. The 42-year-old Fortune 500 company, with fiscal year 2021 revenue of more than $6.76 billion, was an early and enthusiastic adopter of the cloud, taking its first step into Google Cloud in 2009.
With manufacturing sites around the globe, it also is seeing its technology demands stretch out to the edge.
7,500 employees work remotely and, in the wake of the COVID-19 pandemic, that number keeps growing.
With this in mind, when Ramberg thinks about security, what first comes to mind is the company's data. In particular, he wants to make sure the company knows exactly where that data is.
"Where we focus the most is IP," he told The Register during an interview here at cybersecurity vendor Zscaler's Zenith Live 2022 conference in Las Vegas. "You get that intellectual property, especially in manufacturing – and we touch a number of industries, automobile and communications and defense and aerospace – and the biggest concern we have … is that of data loss prevention. DLP is a very difficult area. It's data [that is the focus] expressively because of the influx of cloud-based solutions."
Sanmina employees have long used Google Workspace – formerly Google G Suite – a collection of cloud-based business applications and collaboration tools.
"But now you've got this roaming workforce, this mobile workforce," Ramberg said. "There's Box, there's Dropbox, there are 8,000 file-sharing sites and you can do training until you're blue in the face, but there's concern that somebody – and I don't even mean from a malicious standpoint – they'll put [data] in Dropbox because they have an account there and they want to keep it safe. You just released our IP."
Even Sanmina customers use varying file sharing tools, creating another data sprawl issue company has to adapt to. He doesn't necessarily call it a worry – he believes Sanmina has it under control – but in such a highly distributed corporate environment, making sure they know here the data is is his largest focus.
With so much data, the shift to the cloud, and a highly mobile work environment, there are many avenues of threats to consider – everything from ransomware to phishing – issues of data sovereignty and a growing list of regulations around data and privacy, from the European Union's GDPR and the California Consumer Privacy Act (CCPA). In addition, the various Sanmina plants around the world have to talk to each other regardless of what country they're located in and how that country manages data and cyberthreats.
Given all that, Sanmina became an early adopter – and now a vocal advocate – of the growing movement toward zero-trust frameworks. Given the venue, it's not surprising that the company relies heavily on Zscaler technology for its zero-trust technologies, but for Ramberg, zero trust is the right fit for his increasingly decentralized company.
"We really embraced it," he says. "Early on, it was a buzzword. 'Here's the latest and greatest thing.' We really looked at it and it made sense. If there are five servers and I literally only have access to one – have credentials only to one – why should I even see the other four? It just made complete sense. The fact that is it eliminated lateral movement. When I'm set up to only talk to that one server and can't laterally move anywhere, this sounds pretty nice, this whole zero-trust thing."
With so much data and so many applications being created and accessed outside the central corporate datacenter, the traditional security architectures of firewalls and castles-and-moats, designed to keep threats out, are increasingly outdated. They work well if the user, applications and data are inside the firewall, but that's often no longer the case.
Zero-trust frameworks assume that no user, device, or application on the network can be trusted. Instead, they rely on identity, behavior, authentication, and security policies to verify and validate everything on the network and to determine such issues as access and privileges. Most cybersecurity vendors are building out their zero-trust capabilities and Zscaler has based its entire strategy on the idea since its first product rolled out in 2008.
About eight years ago, Sanmina adopted the Zscaler Internet Access (ZIA), a collection of cloud services that use artificial intelligence (AI) techniques to inspect all internet traffic – including SSL decryption – to protect against ransomware and other threats. In 2017, the company brought in Zscaler Private Access (ZPA) to replace the VPNs it was using for its mobile workers. ZPA gives users access only to the data and applications they have credentials for rather than access to the network, reducing the chance for cybercriminals to gain access to the network and move laterally through the company.
"We looked at them and said, 'VPNs stink. They just stink,'" Ramberg says.
Along with the list of VPN security concerns, there were also limitations on the number of connections they could manage, which slowed network performance and users had to constantly reauthenticate to use them. Sanmina had 13 VPN appliances around the world that had had to be managed, updated and patched and, when they hit end-of-life, had to be replaced with more hardware.
ZPA "is providing the same tunnel, but not putting anyone on the network. That was one of our biggest concerns with VPNs. When you give someone VPN access, what can they get to?" he said, adding that attackers can often get credentials for a server. With ZPA, "if you don't have credentials for that server, you shouldn't even be able to see it. If I'm not going to issue a key to that door, why am I even going to allow you to see that door?"
Sanmina also uses ZPA to manage what vendors and partners have access to, he said.
Since then, the company has added other Zscaler services, including SLL Inspection and Cloud Browser Isolation, and is looking at new capabilities the vendor is adding, including a service for Internet of Things (IoT) and operational technology (OT) announced at the event this week, which Sanmina will use for communications within its manufacturing plants.
Ramberg says he understands that zero trust in some ways is similar to what virtualization and cloud were when they were new – vaguely defined terms that vendors were putting on a lot of their products. However, as Sanmina was adopting the cloud, it became apparent that the company's attack surface was expanding and it needed to adapt its security capabilities to address that.
The first step was to put full disk encryption into laptops, but that was a stop-gap measure. The move to a zero-trust architecture is addressing the security needs as Sanmina's workforce and data become more distributed.
"We had to adjust, but liked the whole idea of it," Ramberg said. "We jumped in with both feet and haven't looked back. We really embraced it." ®
At The Linux Foundation's Open Source Summit in Austin, Texas on Tuesday, Linus Torvalds said he expects support for Rust code in the Linux kernel to be merged soon, possibly with the next release, 5.20.
At least since last December, when a patch added support for Rust as a second language for kernel code, the Linux community has been anticipating this transition, in the hope it leads to greater stability and security.
In a conversation with Dirk Hohndel, chief open source officer at Cardano, Torvalds said the patches to integrate Rust have not yet been merged because there's far more caution among Linux kernel maintainers than there was 30 years ago.
Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than what its rivals have been cooking up in the software stack department.
That's why on Wednesday the fabless chip designer introduced what it's calling the Qualcomm AI Stack, which aims to, among other things, let developers take AI models they've developed for one device type, let's say smartphones, and easily adapt them for another, like PCs. This stack is only for devices powered by Qualcomm's system-on-chips, be they in laptops, cellphones, car entertainment, or something else.
While Qualcomm is best known for its mobile Arm-based Snapdragon chips that power many Android phones, the chip house is hoping to grow into other markets, such as personal computers, the Internet of Things, and automotive. This expansion means Qualcomm is competing with the likes of Apple, Intel, Nvidia, AMD, and others, on a much larger battlefield.
The UBPorts community is in the final stages of preparing its next release and it's calling for testers.
OTA-23 is getting close – the project's Github kanban looks quite good to us – and if you're lucky enough to have one of the project's supported devices lying around, then you can help.
Many of them are a few years old now, so there's a good chance that you've already replaced them and they sit unloved and neglected in a drawer. The starred entries in the list of devices are the best supported and should have no show-stopping problems. In order of seniority, that means: the LG-made Google Nexus 5 (2013); the original Oneplus One (2014); two models of Sony Xperia X, the F5121 and F5122 (2016); and Google's Pixel 3a and 3a XL (2019).
Lenovo has unveiled a small desktop workstation in a new physical format that's smaller than previous compact designs, but which it claims still has the type of performance professional users require.
Available from the end of this month, the ThinkStation P360 Ultra comes in a chassis that is less than 4 liters in total volume, but packs in 12th Gen Intel Core processors – that's the latest Alder Lake generation with up to 16 cores, but not the Xeon chips that we would expect to see in a workstation – and an Nvidia RTX A5000 GPU.
Other specifications include up to 128GB of DDR5 memory, two PCIe 4.0 slots, up to 8TB of storage using plug-in M.2 cards, plus dual Ethernet and Thunderbolt 4 ports, and support for up to eight displays, the latter of which will please many professional users. Pricing is expected to start at $1,299 in the US.
A totaled Tesla Model S burst into flames in a Sacramento junkyard earlier this month, causing a fire that took "a significant amount of time, water, and thinking outside the box to extinguish," firefighters said.
The vehicle was involved in a comparably unexplosive accident that sent it to the junkyard three weeks ago – it's unclear what caused the Tesla to explode nearly a month after being taken off the road. Like other electric vehicle fires, it was very difficult to extinguish.
"Crews knocked the fire down, but the car kept re-igniting and off-gassing in the battery compartment," the department said on Instagram.
Oracle has slimmed down its on-prem fully managed cloud offer to a smaller datacenter footprint for a sixth of the budget.
Snappily dubbed OCI Dedicated Region Cloud@Customer, the service was launched in 2020 and promised to run a private cloud inside a customer's datacenter, or one run by a third party. Paid for "as-a-service," the concept promised customers the flexibility of moving workloads seamlessly between the on-prem system and Oracle's public cloud for a $6 million annual fee and a minimum commitment of three years.
Big Red has now slashed the fee for a scaled-down version of its on-prem cloud to $1 million a year for a minimum period of four years.
It's been a good week for free speech advocates as a judge ruled that copyright law cannot be used to circumvent First Amendment anonymity protections.
The decision from the US District Court for the Northern District of California overturns a previous ruling that compelled Twitter to unmask an anonymous user accused of violating the Digital Millennium Copyright Act (DMCA).
The Electronic Frontier Foundation (EFF), which filed a joint amicus brief with the ACLU in support of Twitter's position, said the ruling confirms "that copyright holders issuing subpoenas under the DMCA must still meet the Constitution's test before identifying anonymous speakers."
One of the longest-lived GUI operating systems in the world has its origins as an emergency project – specifically the means by which Acorn planned to rescue the original Archimedes operating system.
This is according to the original Acorn Arthur project lead, Paul Fellows, who spoke about the creation of RISC OS at the RISC OS User Group Of London, ROUGOL [after some helpful arrangements made by Liam Proven – Ed].
On Monday, your correspondent hosted and moderated a reunion of four of the original developers of Acorn's RISC OS.
In the latest episode of Black Mirror, a vast megacorp sells AI software that learns to mimic the voice of a deceased woman whose husband sits weeping over a smart speaker, listening to her dulcet tones.
Only joking – it's Amazon, and this is real life. The experimental feature of the company's virtual assistant, Alexa, was announced at an Amazon conference in Las Vegas on Wednesday.
Rohit Prasad, head scientist for Alexa AI, described the tech as a means to build trust between human and machine, enabling Alexa to "make the memories last" when "so many of us have lost someone we love" during the pandemic.
Toshiba has received 10 potential offers for the company, eight of which would take the company private, while two would allow it to remain publicly listed, according to reports.
Toshiba shares are said to have risen as much as 6.5 percent following the news, with some estimates valuing the deals at up to $22 billion.
The Japanese conglomerate announced in April that it was considering proposals to take the company private following numerous scandals and pressure from investor groups.
A Chinese state-backed startup has hired legendary Japanese chip exec Yukio Sakamoto as part of a strategy to launch a local DRAM industry.
Chinese press last week reported that Sakamoto has joined an outfit named SwaySure, also known as Shenzhen Sheng Weixu Technology Company or Sheng Weixu for brevity.
Sakamoto's last gig was as senior vice president of Chinese company Tsinghua Unigroup, where he was hired to build up a 100-employee team in Japan with the aim of making DRAM products in Chongqing, China. That effort reportedly faced challenges along the way – some related to US sanctions, others from recruitment.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022