Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:03
Hello, I'm Karen Quatromoni, the Director of Public Relations for Object Management Group, OMG.
0:10
Welcome to our OMG Podcast series. At OMG,
0:15
we're known for driving industry standards and building tech communities.
0:20
Today we're focusing on the augmented reality for Enterprise
0:25
Alliance area, which is an OMG program.
0:29
The area accelerates AR adoption by creating a comprehensive
0:33
ecosystem for enterprises, providers, and research institutions.
0:39
This q and a session will be led by Christine Perey from Perey Research and
0:44
Consulting. Hello and welcome back.
0:48
This is Christine Perey and I'm hosting this fireside
0:52
chat today with a colleague, James Cooper,
0:57
and we're going to be talking about security and the issues of
1:02
security around AR devices and AR content in the enterprise.
1:07
James, would you introduce yourself please? Yeah, thank you Christine. So as mentioned, I am James Cooper.
1:13
I am a chief technologist for Advanced Visualization Technologies at Raytheon,
1:17
which is part of RTX. So I've been doing this for a couple of years now,
1:21
really looking at different use cases, needs and opportunities where advanced visualization solutions,
1:26
including augmented reality, might help us meet our needs and stay ahead of the curve. I've also,
1:32
for the last, I think two, maybe three months now,
1:35
been the security committee chair for area.
1:38
So helping to serve on looking at the needs and opportunities really
1:43
focused on security and augmented reality applications across enterprise.
1:47
Perfect. Well, I wrote up a trend in that blog post in January
1:56
suggesting that maybe security would be something
2:00
that could be put into the network. What do I mean by that?
2:06
That the network servers or equipment would have
2:14
information about users
2:18
that would allow them to authenticate without
2:23
having to do a lot of inputs,
2:26
like a password and other things.
2:30
There are other approaches, but I think maybe this year there's going to be
2:38
some developments in that area, but it's just a rumor, it's just an idea,
2:43
and I wonder if you have any concerns about that or if you have any
2:48
opinions and professional opinions about that strategy.
2:54
Yeah, absolutely. So I mean, in my experience here at Raytheon and Aerospace and defense in general,
3:01
network-based security, it's something that we've done for a while.
3:03
It's not as advanced and streamlined as what you were proposing
3:08
there. So it isn't quite a simple matter of plug and play,
3:14
but if you're looking at something like say a standalone AR device and
3:19
versus a company mobile device,
3:21
something that we're really going to deploy as a device that can access
3:26
our company information, there's a lot that goes into how we're assessing both the hardware and the
3:33
software, even the chip sets themselves that are on these devices to make sure that we
3:38
understand the country and places of origin, factories of origin.
3:43
So for us, I don't know if we'll eventually get to the point where maybe we are able to
3:49
just plug it in and through some kind of simpler,
3:52
more straightforward authentication, it'll understand,
3:55
accept who we are. There have been advances made in that way,
3:58
like our company mobile devices where we can use things like facial recognition
4:03
or thumbprint recognition as part of that authentication.
4:06
But there's still a lot of other factors, VPN or single sign-on or other kinds of methodologies that really need to be
4:14
used to authenticate who we are.
4:17
So that's going to continue to be a lot of concern for us is what is that
4:22
sufficient adequate degree of authentication and user validation,
4:26
even role validation. So if I say that, okay, this is Christine,
4:30
I know this Christine, but what access does Christine?
4:34
What's appropriate for her to have? What systems should she be able to access?
4:37
What data, what capabilities?
4:40
So there's a lot that currently has to go into it and how we might approach
4:45
that in a secure sensible manner towards this future
4:49
state is definitely something that's going to require some thought.
4:54
And is that in scope?
4:56
Is that the discussion that you're having in the security committee?
5:01
What are the approaches that are under
5:05
consideration or that are recommended?
5:09
So under the security committee right now, a lot of our activities have been focused.
5:15
Ron Zaha has been leading this effort towards this augmented reality security
5:19
maturity model or SMM. And really we've been having a lot of discussions around what are the different
5:26
levels of maturity for augmented reality systems within an enterprise.
5:32
And there is a lot in there about security and the appropriate levels if you
5:37
have, how users authenticated, how the roles are defined,
5:41
what types of mobile device management or MDM are deployed, all these systems,
5:47
all sorts of factors like that. We're actually having a pretty thorough discussion around these and continue to
5:54
really iterate that on that because it is a really comprehensive and deep
5:59
discussion that warrants a lot of into consideration.
6:03
Are the standard MDM platforms,
6:08
I don't need to name any by name,
6:12
but are the ones that we used for managing laptops
6:17
and cell phones and other devices appropriate and
6:21
ready for managing AR devices as well?
6:27
Yeah, no, that's been part of the consideration here at Raytheon.
6:30
We're looking at more of these augmented or other XR devices
6:35
and saying for the ones that are tethered to your PC are less of a
6:40
concern because you're matched more on the computer.
6:43
But as we're increasingly looking at these standalone mobile devices,
6:47
we really do need to look at that MDM component.
6:51
And there are a number of companies that are the non-traditional.
6:54
They're emerging out in the last several years saying that they are around
6:58
really to manage these XR devices, but they're new players.
7:02
We would still have to go through and do a lot of vetting of their capabilities
7:06
and do deep dives. And there is, in our industry,
7:10
there's a lot of consideration about cloud architecture. Of course,
7:12
a lot of these tie back into the cloud and especially the commercial cloud,
7:16
and that can be a real showstopper for us.
7:19
I was thinking that exact, those were the words I was thinking. Yeah.
7:24
But I think that there's also a
7:28
edge that can be deployed on an enterprise
7:33
network and also, let's see,
7:39
5G, maybe there's some capabilities that are inherent to 5G
7:44
that could serve when you deploy a private 5G
7:49
network. Is that the case? Are there special services there or not?
7:56
So there is definitely some consideration about separate non-production
8:00
networks versus actual deployed come corporate networks.
8:04
We do have several of those kinds of paradigms here at the company,
8:08
and I know others out there have as well. Again,
8:11
a lot of discussions around these types of things in the security committee.
8:15
So sometimes it is through an MBM,
8:18
and there are some of the more traditional ones out there that you mentioned
8:22
that that exists now on some of these devices or deploy all the devices.
8:27
But even without that, notwithstanding,
8:30
there are times when you might look at it and say, okay,
8:33
it doesn't really make that much sense. It doesn't bring that much value to deploy it on our company factory network,
8:38
for example. So there is a secondary network that might be more secure.
8:42
Maybe it is an edge network like you're talking about,
8:45
or maybe it's just some logically separated other division of your company
8:49
network. But that's definitely another way that we are looking at enabling security for
8:55
these devices. It's more to manage.
9:00
It increases the complexity of the integration and the
9:04
management. I'm sure. It certainly does.
9:07
Yeah. Are there some other security trends that
9:15
you as a professional in this field really need to keep on top
9:20
of? And you feel that AR professionals would be,
9:25
well-served to know and understand what those trends are?
9:29
What else is happening? Is it, let me just preface this before you answer to say,
9:36
many of the devices that you might be
9:41
evaluating are really developer devices and not
9:45
production devices. They're created to help developers experiment,
9:53
explore all the capabilities. So there are things that are open that in a production device you wouldn't have.
9:59
There are of course the reverse some things that are closed where developers
10:04
would like them to be open access to different kinds of cameras,
10:07
different kinds of sensors from below the operating system itself.
10:12
But I'm wondering if there are security trends
10:17
that aren't AR specific, but that we can
10:22
apply or learn from.
10:26
Yeah, I think so. I had a couple of thoughts about this,
10:29
thinking about the questions ahead of time, and one of the things I think is interesting right now of course is that a lot
10:36
of the really prevalent AR or MR devices that are out there have
10:41
been developed with a little bit more of industry and focus enterprise and
10:44
focus. So people like yourself and myself who've been looking at this with an
10:49
enterprise eye for years,
10:52
we've seen these technologies and tried to understand what capabilities they
10:55
bring, and we've had our enthusiasm about 'em.
10:59
But of course nowadays with things like the MedQuest three or the Apple Vision
11:02
Pro, there is this significant renewed interest.
11:06
I dunno if it's going to be yet another hype bubble or if this is going to be
11:08
something more sustained. But I think part of what we need to look at too are these newer technologies
11:13
such as, say when smartphones came into the corporate environment,
11:17
there's going to be this influx of these devices of interest. A lot of people,
11:22
all different levels of the company are going to want to see how do we bring
11:25
these devices in? Where are they going to be usable?
11:29
How do we actually bring value to ourselves and our customers with them?
11:32
And so studying those trends about how to onboard these devices and do it in a
11:37
way that makes sense and is secured,
11:39
I think that's going to be a big thing really starting this year.
11:44
The other thing that I really thought about,
11:46
I've been given a lot of thought about is of course there is a tremendous amount
11:49
of talk these last couple of years about ai.
11:53
It's been there for years and years, for decades and decades, of course,
11:55
but these last couple of years with generative ai,
11:59
with chat GPT and midjourney and whatnot,
12:03
there's been a ton of discourse around that,
12:06
and I have been seeing a number of talks,
12:08
and I've even given talks at Raytheon about the intersection of AI
12:13
and xr, and there are a lot of security concerns around ai,
12:22
about the kind of information you're putting into it and training it with about
12:26
the accuracy of the information that's providing you. Of course,
12:29
we've seen cases where it provides inaccurate or fabricated information.
12:33
Exactly. Hallucinations. Yeah, yeah, absolutely. So now,
12:38
if this information is right in front of you,
12:40
right in front of your eyes and it is affecting how you perceive the world
12:45
itself, that's going to be a whole different consideration about our interaction with
12:50
this artificial intelligence. So on the one hand,
12:54
having gen AI might reduce the costs and the time necessary to
12:59
make AR experiences, but on the other hand,
13:03
the risks associated with introducing
13:08
information that has not been canned and previously
13:14
vetted and examined everything, that risk is so high.
13:19
Maybe that's prohibitive. So it's a
13:25
compromised and maybe we can't live with that compromise.
13:29
The costs are too great compared to the benefits or proposed benefits.
13:34
Right? Yeah, agreed. Yes. Yeah. Yeah, that's a really interesting point.
13:41
And it's not been years, it's just been months.
13:48
We're still at the beginning of this cycle.
13:54
So do you think that there are people in your company who
13:59
just are focused on AI and they're going to come to you,
14:03
or maybe they already have and said, you're in visualization, James,
14:10
how are we going to work together? Is there that kind of crossover or collaboration potential with
14:17
you? Oh, absolutely. Yeah.
14:21
We company's made pretty significant investments in AI research and development,
14:26
so we actually announced a product, I think it was just last year,
14:29
maybe a couple of years ago, talking about our first actual commercially released product that has AI
14:34
integrated into it. And so we're always looking at what is the next way that's going to bring
14:39
capability, efficiency, safety,
14:43
all these other considerations to our business and to our customers as well.
14:46
Yeah, yeah, yeah, exactly. Yeah. This not, it sounds so new,
14:51
but you're right that machine learning and
14:57
related fields have been around. Well,
15:02
this is very exciting. I hope to see the results of the
15:08
security committees, the maturity model very soon.
15:12
I think that'll be exciting and hopefully
15:17
open a lot of people's eyes about how to approach these delicate
15:21
subjects, and I hope that having
15:27
some solutions maybe will be appropriate in the network,
15:31
and we'll just have to take it on a case by case basis.
15:36
Yeah, yeah, absolutely. It is going to be a good time.
15:41
We're definitely going to be looking at where security is currently a big
15:45
concern and where we might take it in the future.
15:47
So there's going to be a lot of good discussions coming up.
15:50
Yeah, I think security in the past has been sort of a
15:55
headache, but now I think it's
16:01
addressing the security issues.
16:05
Like you had privacy by design and now
16:10
perhaps more and more people proposing solutions are going to have security by design built in from
16:18
the ground up. And that's an important shift for the enterprise, especially the,
16:24
I mean, I don't want to say, especially for highly sensitive,
16:27
all companies are sensitive about their intellectual properties.
16:32
I've never run into a company that said, oh, it doesn't matter.
16:35
Just let 'em have whatever's on our network
16:40
doesn't exist. It's just not realistic.
16:45
I mean, looking at network security,
16:48
but even we've talked before about the last summer's research project,
16:53
which had to do with really building in using the development tools
16:58
to build in security the right settings and the right library
17:02
calls to be able to build insecurity from the application, from the start.
17:05
Looking at that full spectrum across the board of how we can better secure our
17:10
information and our systems and our end users. Exactly as you said,
17:14
it applies across the board. It is not just from my industry or any other secure industry, so to speak.
17:20
It really applies across the board. Right.
17:23
That's a great place to summarize and
17:28
to conclude today's fireside chat. Thank you so much for your time and making this possible.
17:33
I appreciate your insights, James.
17:37
Alright, thank you Christine. Thank you.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More