Tony Lau: Empowering the Future with Advanced Security Solutions

Tony Lau is the Cloud Services and Information Security Executive at Sequent Software who has extensive system architecture and operations experience in meeting payments and security requirements.

Based in Silicon Valley, Sequent Software was founded in 2010. Since its founding, Sequent has been at the forefront of digital transformation and mobile security. It aims to secure the world of shared personal information with confidence, privacy, and simplicity. The company delivers its patented technology to enable and secure mobile experiences in payments, financial services, loyalty, and digital access to hard and soft assets.

Sequent Platform fully secures account data, personal data, PII, electronic health records, and other credentials on mobile, wearable, and IoT devices. Its technology is engineered to reside in the cloud or on-premise. It enables shielding or redacting critical consumer data. Sequent technology is protected by the numerous US and international patents.

An Experienced Leader with Strong Hands in Technical Competency

Tony Lau has served the bank customers with service-oriented professional service at HP and VeriFone. Also, he managed, integrated, and deployed secure electronic payment transaction systems to major banks in the world. Being the head of IT and cloud operations at Vivotech he contributed to providing 7×24 mobile payment and loyalty card provisioning service. As the CISO at Sequent, he works to ensure that companies and customers are protected from continuously mutated security threats and minimized operational risks. He is also a Certified Information Systems Security Professional (CISSP) with track records of establishing security policies, procedures, and auditable administrative, technical, and operational controls that passed payment security compliance requirements. Tony has very strong hands-on technical competency as well as the ability to articulate ideas and directives to a variety of technical and non-technical audiences.

Security Awareness that Plays a Pivotal Role

According to Tony, security awareness among management and employees was relatively low a few years ago. He said, "We spent a few good cycles of training and education to pervade security consideration in all software development lifecycle and company operations. Now, we have many internal advocates from management to engineers knowing that successful business can only exist if we know how to protect ourselves and our customers".

Data Prevention: An Innovation Beyond Excellence

The greatest innovation in the market of data protection is to prevent data from being stolen. Tony said, "To bring in such innovation Sequent's approach is to make stolen data useless to the perpetrator. The original data at rest is tokenized and replaced by a blob of undecipherable string thus making the data worthless. The data can be detokenized on the fly for use after a genuine authorized user is authenticated. "We provide bank graded security to the payment and healthcare industry to protect PII (Personal Identifiable Information) and PHI (Protected Health Information)," he added.

Injecting Efficiency and Transparency with Disruptive Technologies

"It is a norm that organizations do not have inadequate staff to handle all security tasks needed. Resources should be focused on running core business, thus outsource tasks to external trustable cloud vendors who have the skills, AI capability and scalability are the trends," Tony said.

"With defense in layers and zero-trust in mind, ever-growing controls and monitors are deployed everywhere at perimeter firewalls, internal application servers, and end-user computing equipment. These endless critical but tedious anomaly detection and responses should be outsourced if local governance is allowed. I expect in a few short years that all corporate internet-facing attack surfaces can be handled by external network aggregators; only filtered and clean traffic should reach corporate networks," Tony further added.

Experience that Trained and Shaped the Leader

Talking about his experience, Tony mentioned "Previous bank systems integration and deployment with architecting and managing payment card industry governed hosting services that naturally trained me to weigh and consider all factors about information security".

Adding to this Tony also asserted that general data protection was in his DNA. He mentioned that the first PCI DSS service provider level 1 audit took a few months of patience and persistence to remediate all the gaps found but the second year onwards it became much smoother and easier. This way each experience that was a nightmare taught him an experience. Sequent now has PCI DSS certification on both AWS environment and its own data centers six years in a row.

Going Forth and Expanding the Systems

High-profile ransomware attacks and data heists got everybody's attention frequently. Such cyber-attacks occur daily to organizations of all sizes worldwide. Appropriate security policies and awareness training control implementation and tokenizing invaluable data are all critical arsenals for data protection. By implementing tokenization technology together with identity authentication in providing trust and privacy to protected data, Sequent will continue to replicate success from payment to healthcare to other industry verticals, which is what the CISO of the company believes.

Enlightening Upcoming Executives

In his advice for the upcoming CISOs and executives, Tony enlightens the starters by telling them that they must understand their own business before starting to implement cybersecurity solutions. It is better to pick an appropriate cybersecurity framework and use it to drive strategies, identify gaps, and most importantly to gain internal support and acceptance. He believes, "For small to midsize organizations, NIST cybersecurity framework is a good start. For the more established organizations, there are probably contractual and legal compliance requirements like PCI DSS, HITRUST, NIST 800-53 or FedRAMP".