Mohamed Odah of Soprano Design: Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information

An Interview With Jason Remillard

Ere on the side of more protection, even if it means more work — The lengths we go to protect customer data can be exhausting. But doing so has resulted in us winning details from competitors and given us a top-tier customer satisfaction rating because we took things seriously.

It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?

As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Mohamed Odah, Chief Technology Officer at Soprano Design.

With over 25 years of software engineering and technology leadership expertise in the messaging industry, Mohamed is a technology and business leader that oversees technology strategies for Soprnao’s CPaaS platform. He has a strong reputation for delivering enterprise messaging applications that delivers high availability, performance and security as well as delivering scaling products to meet enterprise customer requirements worldwide.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Sure. I started my career in Sydney, Australia and have worked at Soprano Design for more than 20 years. Prior to Soprano, I worked at IBM and Telstra. Throughout my time at Soprano, I’ve flown across the world to handle customer deployments, integration, onboarding and interactions. I needed to be in Seattle for a big project I had with a customer in that area. My wife and I eventually decided to move here, we’ve started a family and now we’ve been here ever since.

Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.

I always had an interest in understanding how things work and in particular, how complex systems were put together and evolved. I am always fascinated at how we, humans, have evolved so rapidly specially over the past 100 years. This ultimately led me to where I am today.

Can you share the most interesting story that happened to you since you began your career?

During my career I had to endure a number of challenges but there was one in particular that continues to resonate with me. During one of my projects, I was heading overseas to begin an onboarding project with a group of people that didn’t speak any of the same languages as me. For two weeks, I got no verbal or non-verbal cues that they were fully understanding me. At the time, it was one of the most frustrating experiences. However, it also taught me to never give up and to always try harder. At the end of the project, I received a personal handwritten thank you letter from their senior director that I kept until now. They enjoyed my presence so much that they requested me back. It ended up being one of my most memorable and favorite work trips.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

I was lucky to work very closely with a successful entrepreneur and a leader who transformed his business from a startup to a successful international corporation. Witnessing and experiencing this transformation inspired me to strive to become the technology leader I am today.

Are you working on any exciting new projects now? How do you think that will help people?

We’re following along with all of the Brexit data policies and we’re always figuring out how new or existing regions be better suited for data privacy.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Be goal oriented. Focus on the end goal and the steps needed to get there. Always keep that end goal insight so not to lose focus and divert into a longer path. Seek help sooner if you hit roadblocks and ensure everyone is clear on what is expected of them and how their contribution is important achieving that end goal.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?

Customers are demanding more honesty and transparency. It’s becoming a critical part for organizations during their selection process. We pride ourselves our regional deployments in the regions we’re in. The data center needs to comply with certain regions/certifications that are in place and we have to perfect and assure the customers that it’s what we do. We deal with a lot of large enterprises and governments and having the comply with regional requirements is essential.

Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?

One best practice to ensure that if companies are working with a European country to make sure you have a way to host the data within that specific region. And even when you do this, the data needs to be anonymized so the company is only allowing the essential data to be tracked. It’s a lot of extra work, but the companies that choose us appreciate the extra effort on behalf of them and their customers, patients and citizens.

In the face of this changing landscape, how has your data retention policy evolved over the years?

Like most global companies, we had to shift our data retention policy to reflect the updated GDPR and CCPA requirements. We also deal with mobile network operators who all have evolving policies of their own. We do our due diligence to make sure all data policies are up to speed and that we execute on them well.

Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?

We get rid of basically all personal data including name, address, credit card, etc. In most cases, we don’t even list phone numbers — which is a big deal being a CPaaS provider that focuses on all things mobile. Some governments need phone numbers from an audit standpoint. We also tell customers that they can always seen how transparent the data is because they could look at it online.

Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?

The big ones five years ago with GDPR and CCPA were major shifts and everything else since then has been minor. For example, we’re keeping track of all data requirements that will come from Brexit.

In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?

Not fully yet and I believe there is more to be done to get to mature levels.

There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?

The great thing about how we handle data is that the info is really of no use to any attacker since it’s anonymized. We take pride in sharing our intent of how we use and store the data and it puts companies at ease.

Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)

1. Regionalize data centers — We work with multiple data centers across the world and while it’s a big project to undertake at first, our customers love that we have data hosted regionally or even in specific countries. It helps with trust and building relationships with our new and prospective customers.
2. Anonymize information — Make sure you anonymize data as much as possible. Much of this is required by regional legislation, but do it across the organization.
3. Know what info you’ll get audited on — Every country is different on how they audit and what type of info they will need to complete their audit. Figure out what data that is and have it set up in a place to easily comply and give to auditors when asked.
4. Ere on the side of more protection, even if it means more work — The lengths we go to protect customer data can be exhausting. But doing so has resulted in us winning details from competitors and given us a top-tier customer satisfaction rating because we took things seriously.
5. Discuss intent — Often times, we walk into rooms of C-Levels that don’t exactly trust their developers because they don’t quite understand the importance of trusting data. Having the intentions sent up front will go a long way in building the customer relationship.

How can our readers further follow your work online?

For more of my work, you can click here: https://www.forbes.com/sites/forbestechcouncil/people/mohamedodah/?sh=39de5ed4b475

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide.

Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world.

Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.