Cyberwatch Finland, CEO, Aapo Cederberg interviewed Harri Sundvik, Executive Chairman for Helsinki and London based cyber security company XXLSEC Oy, in early June. Harri had just returned from London to spend a few summer weeks in Helsinki. Highlights of their discussion are summarised below.
AC: Tell me a few words about your background.
HS: My roots are in Northern Finland, City of Raahe, which was once voted as the “most boring city” in Finland. Post my school years I studied in Helsinki and in London. An interview in the City of London in 1988 by JPMorgan led me to a 30 year banking career – where I have spent most of my years in investment banking work, advising Nordic companies in mergers and acquisitions and equity capital raising, most of this in technology related deals. Post front line banking I have assumed a few Board roles and started advising technology start ups in their strategy initiatives and capital raising.
AC: How did cyber security come to the picture?
HS: The first deeper engagement came though my advisory work for Nokia, which back in 2000 decided to build their new enterprise strategy around key acquisitions and partnerships with security companies. A few years later I gained a new perspective to the same topic as I became member of the European Leadership Team for Bank of America Merrill Lynch. Among the memorable highlights were management meetings where the the Bank’s almighty CTO submitted proposals for cybersecurity investments worth millions of Dollars …and every single time the vote was a resounding “Yes”…in all honesty, we simply did not know better, and would not dare to stop any plans that the technology gurus were promoting.
The latest and definitely the most interesting step came my way just a couple of years ago when my long term friend Simo Salminen introduced me to the newly established XXLSEC team, and I was given the opportunity to join the team in the early stages of the Company’s development and global sales effort.
AC: Let’s talk about XXLSEC – what makes you different in the sector?
HS: As one of the forerunners to break new ground, XXLSEC has adopted the so called “Zero Trust” model as the key building block for all development work from the very beginning. At high level, the fundamental assumption – increasingly appropriate for this day and age – is that when you are faced with technologies, your complete your own Due Diligent before you assume that the presented technology or application can be trusted. This is a huge shift in the technology world where so much has been taken “at face value” especially when presented by any of the “Big Tech” names. This Zero Trust positioning is now gaining increasing momentum on global basis, strongly endorsed by Governments and leading enterprises.
As an extension of the Zero Trust philosophy, XXLSEC has introduced a product platform which is built on the principles of Clean Hardware and Clean Software. Again, XXLSEC has been one of the leaders in implementing this important concept for modern communication platforms. The Data Rain solution, and the just released Prive TX device, are shining examples of the work by the XXLSEC team. And there is more to come for sure.
AC: What are your perspectives on cybersecurity in today’s world given your London perspective and your global contacts. What is new when you look at the big picture?
HS: Fascinating time indeed, a couple of things that I would highlight in particular. One of the big picture themes at global and country level is that of Digital Independence and Digital Sovereignty. This stems partly from the current geopolitical climate. We have seen the news about China and Russia building their own internet. Equally, the leading EU countries have raised the need for Digital platforms which are not controlled by the powers in the West or in the East. Germany and France are making very strong public statements on this matter – and are prepared to back them up with significant financial commitments. This is worth watching very closely as it has implications at multiple levels.
This drive for Independence has attracted new focus on integrity. This is where Zero Trust gets another expression. It is clear that in the new world trust cannot be assumed – it has to be earned every day. And a certain degree of independence is absolutely necessary to be able to “walk the talk” with integrity. This independence is not going to be free for all – a strategic and financial commitment is needed to reach this ambition.
AC: Lets move this discussion to a lower level – what is happening in the corporate world from cyber perspective?
HS: As you have seen in the corporate headlines, the traditional “Big Tech” names are “playing defence”. Their earlier dominant market position has been restricted by the competition regulations and new practices. But, most interestingly for us, the introduction of Zero Trust is challenging the market positions even further. Small and nimble technologies with true transparency will evolve at record speed. This is, in fact; a significant positive opportunity to build competitive edge.
AC: You mentioned that cybersecurity is gaining ground in the modern Sustainability Agenda – what do you mean by that?
HS: Interestingly, cybersecurity has moved to the very top of the Sustainability Agenda with two fundamental drivers.
Firstly, appropriate cybersecurity practices and investments are de facto seen as important elements in any Company’s “license to operate”. The writing on the wall is very simple: If you have not proactively invested in your cyber security platform, and ensured, among other things, that your processes and client data is covered, you simply do not have the credentials to run your business.
The second dimension stems from the now ongoing shift of working practices where we are facing a new cyber security challenge at the every day working level. People have moved their work stations to their homes – but the cyber security front line fire-wall is still in the office! This is the ultimate “Left Behind” horror story for pretty much all corporate CTOs and CIOs. There will be a few movies and books around in a year or so simply telling the sad story of rather dramatic cyber interventions which were masterfully executed at this extraordinary time.
The increased focus on cybersecurity, and some recent high profile “accidents”, have led to another shift in mindsets and relevant strategies. In the old world the highest level of security used to be the privilege of just a handful of people or some top secret Government or military entities. In the present and new word the scope of “critical infrastructure” has increased dramatically – and the amount of people and organizational entities requiring the highest level of security, has increased dramatically.
AC: We discussed the overriding technology shift to the Cloud – any view on this you want to share from cyber perspective?
HS: There is a real “headache” in the corporate world in the ongoing movement to use the Cloud to store and process important data. Sadly the trust and security considerations in this move have been kept in the “back-seat” all too long. The good news is that there are advanced technology solutions emerging to tackle this challenge. In particular the latest MPP/MPC based technologies are a significant step forward to create an advanced security level. Some industries will lead the way – we will soon see multiple healthcare related applications – people have been all too trusting in this respect…
AC: I take it that living in London, you have been following the UK Government / Huawei discussion very closely. Any perspectives you may want to share – what is going to happen?
HS: This is happening as we speak, so a very tough call to make. As you remember Boris Johnson’s Government actually approved last year a limited non-core role for Huawei in the build out of the new 5G networks. Post this decision, the critical views on the decision have become stronger. The Special Committee which was asked to review the matter, is expected to come up with a new ruling sometime in June – July. It would not be a surprise to see the Johnson government tightening their ruling even further – if not blocking the Huawei access to the 5G UK market altogether.
AC: You shared a great summer picture from your north London home surroundings in Hampstead with a familiar looking red phone boot. Is there more to this romantic London picture than what meets the eye?
HS: I knew you would love the setting! But in all seriousness, this actually sumps up our conversation. As you know the British are the best in the world of sticking to things which have been “tried and tested” over the years – the red phone boot is the ultimate proxy for a comfort toy in cybersecurity: you might be tempted to thing that the old was good. But there must be a reason why these phone boots have pretty much disappeared from the face of the earth. The front line has shifted – it is time to move on – and fast!
Mr. Harri Sundvik, Executive Chairman for cybersecurity company XXLSEC Oy https://xxlsec.com/
Read the latest Cyberwatch Finland magazine
We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI