Interview: Chris Day, Chief Cybersecurity Officer, Cyxtera

It is just over one year since Private equity firms BC Partners and Medina Capital announced the closing of the acquisitions of CenturyLink’s portfolio of data centers and Medina Capital’s security and data analytics portfolio – comprising the security portfolio from Cryptzone, Catbird, Easy Solutions and Brainspace.

This announcement created a new company in May 2017 named Cyxtera Technologies, with a combination of global data centers and hybrid and cloud-ready security products in its arsenal. 

One of the executives brought in as part of the new operation was Chris Day, who is the company’s chief cybersecurity officer and general manager of threat management and analytics. Formerly at Terremark and Invincea before their respective acquisitions by Verizon and Sophos, Day explained that the four companies were merged into Cyxtera completely, and he spoke to Infosecurity a few days after the acquisition of Immunity.

Asked what the reception has been to the introduction of this new brand, Day said that “the market reception has been fantastic” and in particular, the data center side of the company were very excited “as the CenturyLink data centers were underperforming,” but Day explained that the addition of technology such as the Appgate technology, originally part of Cryptzone, was being integrated into a number of the data center offerings while the team who were brought in on the data center side “were some really strong operators of people we know going back to the Terremark era.

“A lot of my CISO peers are tired of yet another point product that doesn’t really solve any problems, so this platform message is starting to resonate,” he said. “We say if you come to use the Cyxtera facility you start with a secure data center and a physical network, and work your way up. A lot of people resonated with wanting solutions with integration versus integrating themselves.”

The Appgate technology formed part of the company’s offering for a software defined network (SDN), while Day said that there are a number of customers “who use it to control access to their data center assets” while IaaS services such as AWS and Azure can also utilize the SDN, as the user has an integrated access control “that is very granular and context-based and much more powerful, secure and configurable than your traditional VPN and NAC products.”

He also claimed that the WannaCry attack, which happened a few weeks after the official formation of Cyxtera, was relatively minor because of its SDN offering. “So each node, be it a workstation, tablet or laptop could only access what they need to access for work” and as the machine to machine lateral movement was minimized.

He said that if there were a few machines infected, it was relatively well contained because of the way that the technology can interact with the endpoints that were connecting in, it was easy to push a policy down to remove any infected machines which were disconnected from any corporate resources, and those machines were isolated and mitigated. 

"We know what works and what doesn't, and we share that with our customers"

Day said: “Part of our mantra here at Cyxtera is that the security business is broken: there are too many point products or products that are poorly advertised, but it also comes down to some fundamental things like architectures. One reason I came to Cyxtera is I was compelled by some of these new technologies, like Appgate, to build out new architectures that can have a huge impact on reducing the attack surface and that is what the game is all about: offense related and focusing on what an attacker can really do.

“Attack surface is the metric, and instrumenting the telemetry around that can have a real impact on cybersecurity and not just ticking boxes and putting products in.” 

Day joined the company in February 2017, ahead of the official launch in May, and he said that was “a strong resonance to the integrated offering” and the recent acquisition of Immunity was to give the company the ability to red team its own products “so we know what works and what doesn’t, and we share that with our customers.”

Day said that looking back at the first year of the company, it had been “a year of reflection and a year of refinement” in pulling together the different brands which make up Cyxtera and there had been “a lot of integration work and a lot of getting everything working correctly together” and the addition of Immunity is the sixth unit of the company, and he anticipated more innovation and new services and products were expected to come in 2018.

What’s Hot on Infosecurity Magazine?