In this episode of the IoT For All Podcast, SecuriThings’ CEO and Co-Founder Roy Dagan joins us to talk about device management and its importance to IoT device security. Roy shares the most common challenges he sees companies face when dealing with device management and how SecuriThings has taken on the task of educating the market on IoT and device security, as well as the opportunities he sees on the horizon both in the security field in general and as we move past the COVID-19 pandemic.

Roy Dagan is CEO and & Co-founder of SecuriThings. He started the company after many years of building cyber security, risk management and intelligence systems. Prior to SecuriThings, Roy held multiple roles leading product management teams in a range of companies including RSA, The Security Division of EMC and NICE Systems.

Interested in connecting with Roy? Reach out to him on Linkedin!

About SecuriThings: SecuriThings is the provider of a solution for automating the management and security of IoT devices within an enterprise. Their flagship solution, Horizon, automates several operational tasks — e.g., password rotation, firmware upgrades, device restarts, and more —which are currently performed manually, resulting in timely and costly maintenance expenses for companies. It helps operators reduce those costs by allowing them to remotely manage their IoT deployments at scale.

Key Questions and Topics from this Episode:

(00:55) Intro to Roy Dagan

(02:07) Intro to SecuriThings

(03:32) What are IoT Ops?

(05:26) What Applications is SecuriThings involved in?

(09:19) What are the most common challenges you see companies encountering?

(10:30) What advice do you have for companies with no current way to manage large numbers of devices? How common is this problem?

(12:13) What opportunities do you see in the IoT security space in the near future?

(13:33) How will 5G impact the work you do?

(15:34) How do you handle educating the market on IoT and security?

(20:47) As we start to move past COVID, what opportunities and challenges do you see on the horizon for IoT?

(22:38) Any upcoming news at SecuriThings?


Transcript:

– [Announcer] You are listening to the IoT For All, Media Network.

– [Ryan] Hello everyone. And welcome to another episode of the IoT For All podcast on the IoT For All Media Network. I’m your host, Ryan Chacon, one of the co-creators of IoT For All. Now, before we jump into this episode, please don’t forget to subscribe on your favorite podcast platform or join our newsletter at iotfraud.com/newsletter to catch all the newest episodes as soon as they come out. Before we get started. If any of you out there are looking to enter the fast growing and profitable IoT market, but don’t know where to start check out our sponsor leverages IoT solutions development platform, which provides everything you need to create turnkey IoT products that you can white label and resell under your own brand. To learn more, go to iotchangeseverything.com that’s iotchangeseverything.com. So without further ado please enjoy this episode of the IoT For All podcast. Welcome Roy to the it for all podcast. Thanks for being here this week.

– [Roy] Sure thing. Thanks for inviting me, Ryan.

– [Ryan] Yeah, it’s great to have you. I’d love to start out with you giving a quick introduction about yourself, background. Anything you think would be interesting for our audience to hear, and then we’ll go from there.

– [Roy] Sounds good. So I’ve been in tech for a few years, for almost 20 years now. Started in one of the intelligence units in the Israeli army. I’m based in Tel Aviv these days, by the way. After the army, I served for a few years I studied computer science, but always worked as a product manager or managed a teams of product managers. I worked at various startups as well as corporates but mostly all the companies I worked at were focused on either the cybersecurity space, risk detection, analytics or kind of the combination of all of the above. Worked at companies, just to name a few RSA security, NICE Systems and others. And by the way, at RSA, that’s also where I met Raanan which is our CTO and my co-founder. So we know each other for quite a few years now. And we spent some time at RSA and then started a few years later we kind of regrouped and started working on SecuriThings.

– [Ryan] Tell me a little bit more about SecuriThings. Obviously talk about what you all do just know at a high level, but at the same time I’m always curious to hear about the story behind why the company was founded, the opportunity you saw in the market, all those good things.

– [Roy] Sure thing. So initially when we started the company, and as probably you can sense from the name of the company we’re very focused on cybersecurity for IoT devices and also initially more targeting kind of manufacturers in this space. And then what we realized over time is and after obviously speaking with a lot of customers that there is kind of a bigger pain or some customers are really facing a bigger challenge. So cybersecurity is definitely part of it but it’s also a combination of operational and compliance challenges which are really part of that pain. And we saw a need to kind of extend the solution and provide something broader to the market. And that was kind of the evolution. So initially very cybersecurity focused and it was pretty good because that gave us a really strong foundation and it was pretty straightforward to expand that offering and to add the rest of the capabilities more of the operational and health monitoring capabilities and so on. And that’s when we really came up with a term IoT Ops which kind of encompasses all those capabilities together from our perspective.

– [Ryan] So tell me a little bit more about when you say IoT Ops, what does that mean? It’s a term it’s relatively new. I’ve heard it a couple places here and there but what are IoT Ops teams? Why are they important? that kind of thing.

– [Roy] Sure thing. So the way we see it it’s kind of a rising practice which kind of encompasses all the operational teams which are accountable for deployment, availability, but also security of these devices. These teams, the organizations have these teams, which are responsible for monitoring the status of devices, in some cases directing technicians or system integrators defining and implementing the policies, resolving all kinds of issues with the devices overseeing upgrades and more and more tasks. And we saw that these organizations and especially, those what we call kind of infrastructure based enterprises. So think about airports or large universities or tech companies, retailers, financial institutions. They’re really based on, a lot of a kind of infrastructure. There’s a lot of operations especially when it comes to these devices. And we kind of saw that these teams were I’d say kind of underserved. In while there, it’s pretty interesting if you look at the IT space there is all these huge categories which have been around for years. So orchestration and automation of the availability and cyber and the list just goes on and on. And we just saw that in the IoT space, in enterprises and large organization, there’s something missing and there’s no kind of a, there’s missing kind of an equivalent of that kind of the IT system, which will serve these teams. And that’s especially when we kind of extended the solution in the offering we also decided to coin that term IoT Ops to give a kind of a name for those teams and those that practice.

– [Ryan] Fantastic, okay. That makes a lot of sense. Now, going back a little bit more to the company and kind of what you all have going on. Can you talk through maybe not putting any names attached to it, which is totally fine but maybe just a little bit more about some Applications or active deployments that are out in the real world just to kind of bring it all full circle for our audience.

– [Roy] Sure, sounds good. So if we think about the deployments and type of customers were deployed, it’s industries like you have hospitals and larger retailers and financial institutions and airports, universities and these are the type of customers and organizations. When you look at these organizations they have a lot of devices scattered all over the networks oversights, over branches, really all over the place. Think about the cameras, access control systems, building management systems, and so on. You will see from the high hundreds, to thousands, tens of thousands in some cases well over a hundred thousands of these devices. And when you get to that scale, everything from probably a couple of hundreds of devices obviously also depends on the size of team you have. It becomes kind of a liability to manage these devices. You have different types of devices, different models different former versions, and you need to kind of find a way to manage them all together. So when we talk about the Applications, it kind of depends on the industry. And in some cases it’s more towards the cyber and other cases more towards the automation capabilities sometimes more towards the health or operational. But you will see things where for example risk detection is a big thing, a big Applications. And I think that it’s pretty specific to the way these IoT deployments take place. ‘Cause they’re very different from, the standard IT device. So if you think about it with standard IT device all goes through IT and then handed to an employee or development team and so on. With the IoT devices. So let’s take a look at a camera or a panel, access control system. You have a vendor, so manufacturer. You have in many cases a distributor, a system integrator and then they roll a truck out and they just place on the network. So that means that it doesn’t really go through IT. And that’s a challenge because there’s cases of misconfigurations of the devices. You don’t really know everyone follows the same procedures. In some cases you don’t really have that procedure in place. So you have a device which is running on the network in many cases with many other devices and you really don’t know what’s happening with the device after it’s deployed. Another example in deployment where a customer where status verification of devices is a big thing for them. So even knowing for every device whether if it’s up and running and when it’s failing or about to fail. Because that can then help them also with incident handling. And incident handling is a big problem today because it’s costly, because in many cases in the industry, it’s very common to, again just roll a truck out.

– [Ryan] Yeah, of course.

– [Roy] But what if you had the opportunity to use the system and automate that process and just click a button and fix that issue. And it goes on to Applications where, customers are using it for kind of the ongoing maintenance. So making sure that they’re in compliance with things like firmware updates. And making sure that there are no vulnerabilities on these devices because there are a lot of known vulnerabilities but not always are the devices upgraded either to elated the latest and greatest or just upgraded to a past version. So that’s also a significant challenge for customers across.

– [Ryan] I guess, as you work with more companies kind of across different areas, have you seen a common thread of the challenges that companies face just kind of across the board or does it really vary depending on company size, type, focus, industry, et cetera when they come to you?

– [Roy] So I think typically they all have the same challenges but it really varies kind of the mixture or what the focus is. So it’s always, there is some concern around, the cyber threat, but then it depends on the industry and the type of team. And in many cases is how many scrutiny is there from IT? How much do they understand the cyber and the risk involved with these devices? There is always awareness, but the question is how much and how much they wanna do about or can they do about it? But then again, it’s again around the same Applications and across you’ll find that there’s a different mixture based on the industry and what that industry needs. And the practices within that industry. In some cases, it’s also obviously specific to the organization and things which are mandated, translated on the organizational Level.

– [Ryan] Makes sense. So let me ask this then, what advice do you have for companies who let’s say have lots of devices right now that are running on maybe a single network with no real way to manage them in a unified way and how do you approach that kind of problem? How common is that problem? And then what is the advice that you have for companies to help solve that and why it’s important?

– [Roy] Sure, so very common. So to start by answering it’s very common. There’s a lot of devices and it’s hard to say what’s out there in many cases even the project of, these are the managed devices, but even with these managed devices that you know they’re out there and then you have a team which is responsible in some cases even pulling the required information to know what needs to be done is a project by itself. And that can take days. And working with Excel files and all kinds of tools, just to pull that data from each server, from each site, connecting to that manually and then pulling that information. So that by itself is a project. So I’d say first it’s kind of, the finding out what devices you have there, what management systems you have out there. How many sites, but also kind of the policy. So, who is responsible for all those devices? Is there one group within the organization? or if it’s each kind of line of business by itself. But really kind of getting, the best will be to get to that kind of consolidated level. So you have kind of a bird’s eye view onto to everything and then continue from there and perform the rest of the operations after you have kind of that level of visibility, which you need to know what comes next and how you improve things within the organization.

– [Ryan] That makes sense. Great. So let me ask a question kind of just a little bit higher level here. When you just engage with companies kind of in the capacity that’s most normal to you all. Where do you see, I guess the biggest potential I guess going forward for not only what you do but just kind of the, the securing of smart devices and things in that space kind of over the next six to 12 months.

– [Roy] So a lot of our focus today is around the physical security devices. So again, your cameras access control systems, another such devices. And we work closely with the companies with different vendors and system integrators in that space. And there’s a lot of potential and there’s a lot of customers and a lot of focus, we have is that today but we’re gradually also starting to expand to other areas, building management and other kinds of adjacent areas. And other kind of managed, I’d say managed unmanaged devices within the enterprise to have the same challenges. In some cases, the teams are kind of similar or adjacent to the teams we’re working with today. So again, the focus today will be continuing working with the physical security team and gradually also expanding.

– [Ryan] Okay Gotcha. And as we kind of move into 5G kind of entering the market, I’m curious to get your take on how you see 5G kind of impacting the work you all do and how you kind of just suspect that organizations will embrace new connectivity technologies like 5G and new ones that come out. Are you seeing kind of a positive take on new connectivity technologies as they come out? And what are your thoughts just kind of as we move forward into the development and the launch of new technologies like 5G.

– [Roy] That’s an interesting question I must say. And I think at least from what we’re seeing in the enterprise space today in the areas where we’re deployed in the types of customers. It’s still I think it’s kind of early and hard to say. It’s hard to say when they’ll be deployed, how far out in the future it is until it becomes, very, very common. It’s hard to say who will manage the devices. It will be an external vendor someone within the organization. So I’d say there’s still a kind of a just a bit of unknowns of what will happen. It will definitely be interesting, but I still can’t say when that will happen, if it’s near future or a few years from now.

– [Ryan] Yeah I’m very curious as well. 5G has been a very interesting topic for a number of our podcast episodes, just kind of getting people’s perception on it. So I was just kind of curious from your angle of the market and kind of how you see new technologies kind of influencing the work you all do. And if it’s a big influence, if at all?

– [Roy] So again, at this point, we’re not seeing much of it in the areas where we are deployed in on the enterprise and also in the system integration, no wall. But, I’m sure we’re starting more and more.

– [Ryan] How do you all handle the kind of education of IoT and the importance of the work you do when you talk to customers or go to try to bring on new customers and kind of handle more face the marketing side and his way to kind of collectively describe this, but do you run into a lot of problems where the organizations that you talked to are kind of unfamiliar with the importance of some of the offerings you have to the market. And obviously they are super important, but I just wonder and we try to learn this on our side is, connected those companies who have thousands devices are to the real kind of understanding of the security side of the devices, how to manage the devices, how to handle the devices, basically doing the best practices for an IoT deployment and the security of their devices. A lot of them are not as up to speed on them. I’m curious if you guys run into that problem too when you engage with organizations kind of at any level.

– [Roy] Yeah. So I’d say there’s probably two different kind of Applications here. So those which are looking for a solution and, just know that there’s a better way to do things and those which at this point of time are kind of realizing that there’s probably, both on the cyber side, as well as the operational side to kind of understand that the way they doing things manually in some cases. In some cases, some of the stuff that our solution system does, it’s pretty much impossible to do without the right technology. So they’re kind of realizing that there’s probably a better way to do. And in that case, they’re approaching their system integrators and really starting to look for a solution. So it’s a really interesting point in time to be in this market because the customers are realizing that they have this significant pain and, it’s the right time, whether a solution is kind of available to solve this pain. Around education, I think it’s a lot of matter of kind of speaking the right lingo. And kind of knowing which team you’re speaking with. So in many cases we speak with, the IoT Ops teams or the physical security or building management and so on which is kind of a different language. It’s different devices. A lot of things are very different from the IT teams. It’s just different than what we realized is that we kind of need to understand kind of both worlds. And at the end of the day, what we’re doing is kind of really bridging between those worlds. The system can cater to some of the needs of the, more of the operational teams but at the same time cater to the needs of the IT or SecOps teams or those type of teams which have kind of been around and used to using their own system. So we also provide them that the capabilities to integrate with those systems, but when it comes to the marketing really kind of knowing, with which team we’re speaking and what they know about the systems that they have in place and the challenges.

– [Ryan] Yeah that’s interesting how it kind of varies from team to team. Do you, I guess I’m trying to think of how to ask this question, but obviously we see the potential and the value of what IoT technologies can do. The value it brings to the business and the organization, as it relates things like cost savings, et cetera. Do you ever run into talking with individuals or teams that just don’t really get IoT don’t really understand the value or think it’s more kind of, one of the answers similar to the pre-interview questions was that IoT is science fiction. Is that something that is more common than maybe I realized? Because we’re so close to the industry, we don’t really run into too many people that don’t really believe in it, but I’m curious from your side, is that a common thing? And how is that approached?

– [Roy] Yeah, that’s a interesting. And I think that’s also we saw kind of in the evolution of, the company where we decided pretty early on to focus on what’s really out there. what a known kind of a science fiction and what’s gonna be a erased in a few years out, but really see which devices already out there are connected are large scale, are IoT devices, are obviously IP enabled and you’re using all these technologies and are creating these challenges for enterprises. So I’d say, in some cases, some of the customers, I may call them in different names at the end of the day, these are, the IoT devices and they’ve been around for years. So if you look at again, the spaces where we are in like physical security as one, then these devices have been IP-based digital for many years now. You do run in and every now and then to organizations, which still have some analog devices but the vast majority has already been kind of transitioned. So I’d say Nara, in our case we don’t really run into that kind of being science fiction because that’s kind of their day-to-day.

– [Ryan] Fair enough. Yeah. That makes a lot of sense. Just curious. But as we wrap up here I have just a couple of general questions. I wanna run by you and just get your take on. So the first one is, as we kind of move into post pandemic world hopefully, what are you seeing as the biggest opportunities and the biggest things in IoT that you’re most excited for?

– [Roy] It’s interesting and I think that’s so again, I agree hopefully we’re moving out of that phase in the world. But we saw kind of a shift and which is creating an opportunity in the last a year since the pandemic started. And I’d say a few things, which we kind of saw out there. One is the need in remote work Organizations, wanna roll, less trucks out there, less people to be on site, or at least wanna know that they have the ability to do stuff remotely and to have the tools to do stuff remotely. The second thing we saw is, and you touched upon that also and kind of the cost savings based how can organizations do more with less, in some cases with some customers, the teams haven’t been growing in some cases they’re actually been shrinking and they still need to do the same amount of work or the same type of work with a smaller team. So that’s another trend which we have being seeing. And I think the another thing is kind of realizing that automation is key for these devices. And realizing that before the pandemic either you didn’t do some of this stuff, or you put a few folks to do it manually or kind of semi manually, but then realize with everything that happened with the pandemic. So you need to find a better way to do it. And it’s kind of been pushing organizations I believe to improve their practices when possible.

– [Ryan] Gotcha. Okay, fantastic. As it relates to SecuriThings a little bit more, are there any interesting or exciting news happenings, things that are kind of coming out in the pipeline in the next number of months that our audience should pay attention to. Where we gonna look out for?

– [Roy] So, yeah, we actually just recently raised recently announced an, a round $14 million around a couple of months ago.

– [Ryan] Congrats.

– [Roy] Thank you. Thank you. And yeah things are looking very well, very good. And the team is growing and the team, more customers, and we’re just looking to see how we can provide more value to our customers. So we’re growing both obviously on the engineering side and we’re constantly improving the system and always want to make sure that the customers and our partners are extremely happy. And we’ll continue to do that and release more and more capabilities, but also obviously when we go to market and marketing and in a more kind of some of the stuff we talked about and how can we help the industry and help educate where needed.

– [Ryan] Absolutely.

– [Roy] So definitely see more than that.

– [Ryan] Fantastic, I think this podcast will do a lot to help educate our audience on a number of key areas. And we’d love to obviously have you all become even a more active contributor with our audience now that we have this new found podcast relationship. So maybe we can find some ways to promote a lot more about what y’all doing, kind of the education piece. I know our audience would probably benefit a ton from it. If so, in the meantime, our audience wants to learn more and kind of get a better sense of what you all are doing. Have questions, engage with you directly. What’s the best way to do that?

– [Roy] So either through our websites www.securithings.com or through the email, info@securithings.com.

– [Ryan] Awesome. All right, Roy, this has been a fantastic conversation. I really appreciate your time today. We look forward to getting this out to our audience in the next number of weeks, and if there’s anything else that we can do on the IoT For All side to help promote what you all are doing share your knowledge and expertise in the space to hopefully, build that presence up and drive engagement. Please let us know.

– [Roy] Thanks a lot Ryan, I appreciate it.

– [Ryan] Thanks again for joining us this week on the IoT For All podcast. I hope you enjoyed this episode and if you did please leave us a rating or review and be sure to subscribe to our podcast on whichever platform you’re listening to us on. Also, if you have a guest you’d like to see on the show please drop us a note@ryaniotforall.com and we’ll do everything we can to get them as a featured guest. Other than that, thanks again for listening. And we’ll see you next time.

Hosted By
IoT For All
IoT For All
IoT For All is creating resources to enable companies of all sizes to leverage IoT. From technical deep-dives, to IoT ecosystem overviews, to evergreen resources, IoT For All is the best place to keep up with what's going on in IoT.
IoT For All is creating resources to enable companies of all sizes to leverage IoT. From technical deep-dives, to IoT ecosystem overviews, to evergreen resources, IoT For All is the best place to keep up with what's going on in IoT.