A day in the life of an IT Salesman
Squeezed into my week of golf, hanging out in bars and all night parties on Superyachts, Tuesday saw me attend the 2016 ESRM Summit. Fortunately (for me) ESRM in this case stands for “Enterprise Security & Risk Management” and not the, equally worthy, I’m sure, “European Science & Religion in Media” conference. So the leisure pursuit sacrifices would at least be worthwhile.
There seems to be escalation in the titles for such events, we’ve moved from the lowlands of trade shows through the rolling hills of conferences and have now arrived at the rocky peaks that are summits, where next I wonder? Gentle ribbing at inflated titles aside, the event was tackling some interesting themes. Security is now quite rightly seen as sitting alongside Risk Management. The two should go hand in glove to make any sense.
There were some thought provoking sessions yesterday, that are indicative of a shift in understanding of the Cybersecurity challenge. Here are my key takeaways.
It is patently clear that organisations will not be able to reliably keep intruders out and / or insiders from taking valuable data from organisations. Flexera identified 16000 vulnerabilities in IT systems which is increasing all the time. Is anyone surprised? Will the IT world accept once and for all that locking the doors and windows and blocking, tracking and monitoring is only going to delay the inevitable?
Andy Boura from Thomson Reuters was clear that data would be leaked with Phishing the biggest threat. He advocated a cultural shift which needs to be ingrained in employees behaviour. Human beings (aka wetware) have long been the hardest to patch vulnerability. People will actively avoid IT security in the same way as they will actively avoid contract lawyers. Both offer a form of security policy against unintended future consequences, but both have an impact on short term productivity. It’s time we made our security systems give some obvious benefits to users. Our CEO, Adrian Barrett, is adamant that any new feature in our platform, that restricts a user’s behaviour in some way (like warning against copying a customer list to a Skype chat) has a positive corollary for the user as well (help them find and use the customer data when they need it).
Aside from this, a key focus now is recognising what you have that is valuable, finding where it resides and figuring out how to make it safe(r) from theft whilst continuing to allow the business to operate. A key challenge is in unstructured file shares, how do you do that when there is already a mountain of data?
Randi Roisli at Shell raised the subject of sharing information between companies in a Joint Venture. The structured element is more straightforward than the unstructured data element. Risk can be mitigated through legal and commercial process and governance, however it was the unstructured data element that created the most challenge especially when the business didn’t recognise that they should not be divulging company confidential information to the Joint Venture. Initially unrestricted access was set up without a thought of NDAs. Shell recognised that they needed to layer process with business impact assessments, taking into account Anti-Bribery legislation and requirement for eDiscovery.
This unstructured data risk could be immediately reduced by having a scalable content search technology, which just so happens to be our product, so take a look at www.exonar.com , ping me a note, before someone else finds the turd in your punchbowl.
By Jason Phelps, Head of UK Sales Exonar