Annual Spring Conference Speaker Preview: Data Security in a Zero-Trust World

April 29, 2019

By Katie Walter for MHTA

I remember buying a car seat for my son and learning the term “side vehicle intrusion protection”: Whoa, wait, we have to think about how to protect our kid from a car busting through the structure of the rear passenger door and knocking him around?  And only one car seat does that? Yep, I’ll take a Britax Marathon, thank you very much. In fact, I’ll take two.

Vijay Ramanathan isn’t going to talk about car seats at MHTA’s Annual Spring Conference May 9. But he, along with co-presenter Karen Reinhardt of Entrust Datacard, will broaden your perspective on keeping your organization’s precious data safe from intrusion, and to do it in a way that is kind and supportive to your organization’s employees. (Also like the Britax, whose straps never twist and whose clips could always be operated with one hand.)

Vijay, what are companies missing when it comes to cybersecurity these days?

The traditional approach has been to guard specific network entry points, or data locations, and react to intrusions there. Given the sophistication of the people coming after data, this isn’t working. This goes way beyond passwords being weak. Spear phishing is the number one cause of data compromises. Plus, we know that employees want to work differently, whether it’s from home, in the cloud or collaboratively, and companies want to support their knowledge workers. Information Security has to evolve to enable this or we’ll be in real trouble.

This isn’t just a theory: 90% of data breaches in 2018 were discovered externally, by the press or by external parties. What companies have been doing for the past 15 years or so isn’t working, and it isn’t future-proof.

How do you counsel clients to think differently?

We encourage companies to think that all data is important and create an approach that monitors everything and flags anomalies. Looking at a different approach to secure info using “Zero Trust.” Assume everything is important – everything about everyone in the company is important, and collect it, then analyze that data to figure out what’s relevant. Plus, don’t focus on blocking users – be enablers of their productivity.

My car seat metaphor was a little dark. Can you give me a better one for what we are talking about?

Today’s approach to protecting critical information in a company is very much like putting more deadbolts and locks on your door to protect your home. But that isn’t the best way to secure our homes because intruders will find ways in that we aren’t even thinking of. A more reliable approach is to use closed circuit cameras, Nest devices. And we have home insurance in case all those precautions still aren’t enough. That’s the kind of mindset I want companies to take with data security. Protect all data holistically, and have a strategy to get back on your feet if something does go wrong.

 

Do employees get nervous when you start talking like this?

It’s important to distinguish here between policing and enabling. By monitoring patterns and behavior across my user base and understanding anomalies, I’m able to more confidently open up technologies like Microsoft 365, GSuite, bring-your-own-device programs and cloud storage and collaboration to employees so they can conduct their work as efficiently and seamlessly as they do their personal business and projects. This enables us to get them off legacy tools and avoid leaky workarounds and shadow IT.

So it’s a win-win?

Yes. Absolutely. It is really bad for security when an employee stores company work in their personal Google Drive account. They’d be blind to it, and the employee may or may not know how to truly secure that data. We want to embrace what the employee needs while protecting customers and the business.

 

One of our other speakers is coming in from Toronto – where should he eat when he’s in the Twin Cities?

He should check out Midtown Global Market – there are so many different approaches to food there. It’s a great showcase of the different flavors and cultures represented in the Twin Cities.

 

Want more on trust and cybersecurity? Come to the Annual Spring Conference for Vijay and Karen’s session. You can also attend a panel discussion on “GDPR, CCPA, and the coming wave of privacy regulations: risk or opportunity?” featuring Miranda Childers, Associated Benefits & Risk Consulting; Dan Rosenberg, Briggs & Morgan; Sten-Erik Hoidal, Fredrikson & Byron and moderated by Alain Marcuse, RSM