Join Sean Martin and Visha Gupta in their insightful conversation at RSA Conference 2024 as they delve into the world of data-centric security and the evolving landscape of cybersecurity.
Amidst the buzzing atmosphere of RSA Conference 2024, Sean Martin, host an On Location Brand Story With ITSPmagazine, engages in a thought-provoking discussion with Vishal Gupta, co-founder of Seclore. The theme of this year's conference, the Art of Possible, sets the stage for a conversation that unravels the critical role of data in driving business innovation and success.
Protecting Data in the New Technological Landscape
Vishal Gupta sheds light on the importance of ensuring that security and collaboration align seamlessly, emphasizing that CISOs and security teams must work in harmony to foster a secure yet conducive business environment. In a world where data sprawls across diverse platforms and devices, the focus on data protection emerges as a paramount necessity to mitigate risks and safeguard critical assets.
Shifting from Infrastructure to Data Protection
The dialogue navigates towards a fundamental shift from traditional infrastructure protection to data-centric security. Gupta highlights the challenges that arise when enterprises grapple with securing an ever-expanding volume of data across varied networks, devices, and applications. The conversation underscores the significance of transitioning towards a data-centric approach to address the inherent vulnerabilities in contemporary cybersecurity frameworks.
Enabling Secure Data Collaboration with Seclore
By introducing the innovative concept of embedding security, privacy, and compliance directly into the data itself, Seclore revolutionizes the paradigm of data sharing and collaboration. Gupta elucidates how organizations can enforce personalized security policies, regulate data access, and monitor data interactions in real-time to prevent unauthorized usage and ensure data integrity.
Navigating the Path to Data-Centric Security
As enterprises embark on the journey towards data-centric security, Gupta emphasizes the importance of meticulous planning and strategic implementation. By focusing on targeted use cases and achieving early wins, organizations can gradually scale their data protection initiatives and cultivate a culture of data-centricity within their operations.
The enriching discussion between Sean Martin and Vishal Gupta showcases the transformative potential of data-centric security solutions in the realm of cybersecurity. For further insights and collaboration opportunities with Seclore, connect with them on LinkedIn, on their website, or meet them at upcoming industry events.
Learn more about Seclore: https://itspm.ag/seclore-km6r
Note: This story contains promotional content. Learn more.
Guest: Vishal Gupta, CEO, Seclore [@secloretech]
On LinkedIn | https://www.linkedin.com/in/jiguptaji/
Resources
Learn more and catch more stories from Seclore: https://www.itspmagazine.com/directory/seclore
View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Embracing Data-Centric Security | A Brand Story Conversation From RSA Conference 2024 | A Seclore Story with Vishal Gupta | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: And hello everybody. You're very welcome to a new On Location from RSA conference. This is Sean Martin, where I get to talk with lots of cool people about cool innovations. This year's theme is the Art of Possible. And, uh, I think sometimes we, we forget what we're aiming for, which is to make business possible, not to enable security teams.
The security is there to help enable the business and, and what's a big driver of business? Data. Of course, our systems have changed and shifted and morphed over time. Data's stayed pretty consistent and it's a very important part of what we're, what uh, business relies upon. And, and Vishal Gupta, thank you for joining me today.
We're going to talk about What it means to protect data in this new world of technology lives everywhere. Super easy. Everywhere than where, than where we used to live 10 years ago. So, um, first few words about who you are Vishal and what you're up to.
[00:00:57] Visha Gupta: Uh, I'm one of the founders of Seclor and, uh, the agenda is to make sure that security and collaboration don't become mutually exclusive goals.
So they don't, they're not competing with each other and that CISOs and security teams become popular within the organization.
[00:01:14] Sean Martin: Perfect. Well said. That's it. We're done. Alright. No, in all seriousness, um, as we were talking earlier, the things have changed, right? Uh, mobile phones are personal, the perimeter's fading away, if not non existent at this point.
Yep. Um, stuff's moved to the cloud, stuff's moved back on prem, yet still, we rely heavily on our data. Yeah, so get, paint a picture of kind of the state of The world now in terms of the technology stack and how businesses are operating and, and perhaps where things might be left a little exposed where they shouldn't be.
[00:01:53] Visha Gupta: I think enterprise focus for the last many decades has been around protecting infrastructure, which is devices, networks, applications, and the likes. And the challenge with all of this protecting all of this infrastructure is that you just cannot do enough of it. Data is moving across all devices. It's moving across all networks, all applications, and it's also moving to things or stuff, infrastructure, that the enterprise cannot monitor or control.
So personal devices, for example, public networks, like RSA here, everybody's using a public network. Uh, applications have all moved to the cloud and so on. And for the enterprise, it's become a little bit of a data chase. It's almost like, uh, You, the enterprise are constantly following the data and everywhere the data goes, the enterprise wants to control it.
Personal devices, cloud applications, public networks, third parties, and so on. And it's impossible. You just cannot chase the data enough and secure the spots where the data lands. So that's, I think, that's a big challenge for the enterprise. And our insight at the time we were starting Seclor was that the only way to protect data is to protect data.
I know it's a self referential statement, but it's true. There is no amount of infrastructure security. Why do
[00:03:14] Sean Martin: they compromise systems? Maybe they want to take down the system for denial of service, but ultimately it's about the data.
[00:03:20] Visha Gupta: Absolutely.
[00:03:20] Sean Martin: So, wherever it is. So, talk to me about how this reality impacts how teams operate.
If they're constantly buying Technologies and putting policies and controls in place, chasing as data. Where, where are they, where are they missing the mark?
[00:03:37] Visha Gupta: It's just not possible. So enterprises are realizing, teams are realizing that they just cannot get policy uniformity across devices, networks, applications, employees, third parties, and so on.
Unless they move the, they change the game. The roots of the game change. And the only thing that they really care about is data. So there are a lot of examples where data security actually replaces infrastructure security. We have a lot of financial services companies which, who have been able to completely dismantle their VPN infrastructure.
Because now the data that they're sending over the network is protected. And therefore the need to protect or control the network itself goes away. For example, uh, there are lots of enterprises who've been able to do away with personal device control, MDM kind of technologies, because they realize that they don't really care about the device, right?
They only care about the enterprise data going to that personal device. Because there will
[00:04:39] Sean Martin: always be a hole, right? There's always a hole. There's always an open end somewhere.
[00:04:42] Visha Gupta: Yes, absolutely.
[00:04:43] Sean Martin: That slips through the policy cracks,
[00:04:45] Visha Gupta: right? And the other option is to stop the data from going. As I always say, if you stop data from flowing, it's like water, right?
It starts stinking, right? So it has to constantly flow for it to be useful.
[00:04:57] Sean Martin: And it doesn't flow where you think it's flowing. Exactly.
[00:04:59] Visha Gupta: It flows in all the wrong places. The water's
[00:05:01] Sean Martin: coming out of that plug. That's not where it's coming in. Yes. All right, interesting. So, so how does what Seclor does help with that?
[00:05:13] Visha Gupta: What Seclor is doing is we've created a mechanism by which security, privacy, compliance, observability, everything can be built into the data itself. So consider it like a firewall around a piece of data. So the simplest example I can give you is, I send you a document via email. Something which happens maybe trillions of times every day.
Right now, what Seclor has done is that you take the document or the email and you put a firewall around it and the firewall has certain rules. Who can access it? What can each of these people do with that document or email? How long can they continue to use it? From where can they use it? What is the purpose?
And so on. So for example, I can send you a document and say, Sean can view and edit and respond back to me, but not forward and copy and print. And at the end of three days, I don't like you anymore. I do like you, but at the end of three days, if I don't like you, Zero trust. But at the end of three days, I can press a button and make all copies of the data vanish for you.
So the capability to make data collaboration or sharing reflect real world relationships. Like you can recall data back, you can stop data from being misused while continuing to encourage data being used. And making that distinction very clearly that if you respond back to me, that's good. But if you forward it to somebody else, that's bad.
Right? That's the distinction between use and misuse.
[00:06:48] Sean Martin: So how do teams kind of, because I see a few things here and I want your view of how this happens. So I need to shift from infrastructure. Protection, and I need to shift to data protection. Um, and I say those separately because I think there's two different things.
Skill sets
[00:07:07] Visha Gupta: and, and,
[00:07:08] Sean Martin: and how you build programs and all that. So, how do you help organizations make that transition?
[00:07:15] Visha Gupta: So, there are a couple of unique challenges that come with data. If you're trying to protect infrastructure, right. So, for example, if you're trying to protect devices. There is a finite, countable number of devices in enterprise.
If an enterprise has 10, 000 employees. When I say enterprise, then maybe it is dealing with 20, 000 devices. Maybe. But when it comes to data, it's uncountable. An enterprise of 10, 000 employees will typically be dealing with billions of pieces of data. Trillions sometimes, right? So the first challenge in this whole data protection is just to even do an inventory of where is my data, what is happening to it currently, right?
And those kinds of things. So that becomes a big challenge of it's own. We help enterprises solve that problem. OK. The second is, now you've discovered it, you've classified into highly confidential and public. So, in your mailbox, there might be a highly confidential board communication, and the email just next to it is a lunch invitation, right?
Presumably, these two are very different levels of confidentiality. Depends on who you are having lunch with. I know. That's a good question. So, assuming it's, it's If it's Marco, my But if it's your girlfriend, you don't want that, right? So, being able to apply differential security and privacy policies to these two emails, which are both lying in the same mailbox.
It's your mailbox next to each other and so on. So that's something that we help enterprises define, these differential security policies, and actually apply to these two emails which are sitting in the same mailbox. And the last but not the least is being able to monitor and control what's happening to that data.
That forward looking financial statement for a, for a publicly listed company could be worth billions of dollars for a very short period of time, right? If you knew how a publicly listed company is going to perform even 10 minutes in advance, that can mean a lot of money and a lot of lawsuits, right? And so on.
Which is an issue for the
[00:09:20] Sean Martin: company, not just the person that makes the money. Yeah, absolutely. For the
[00:09:23] Visha Gupta: person who's making the money, it's not an issue at all. But for the company, it can become a big issue. Investor lawsuits and so on. So we have a lot of listed companies who actually use Seclor to make sure that, for example, forward looking financial statements don't go out before the analyst call actually happens.
We have a lot of enterprises who use Seclor to protect customers Intellectual property. Designs that they are sharing with fabricators who are in a different part of the world. For example But
[00:09:54] Sean Martin: you have to share.
[00:09:55] Visha Gupta: You have to share. How are they going to build
[00:09:56] Sean Martin: it?
[00:09:56] Visha Gupta: Exactly. It's like, you stop water from flowing, it starts thinking.
So if you stop data from flowing, it becomes useless. I mean, the safest computer in the world is the one that you never switch on. It's also the most useless.
[00:10:10] Sean Martin: Exactly.
[00:10:10] Visha Gupta: Right? So, you don't want that. You want to share, but you want to make sure that it is secure. And that's what, so that's what I, in the Initial period, I talked about security and collaboration being viewed as conflicting goals for enterprises.
Either I share or I don't share, right? These are the two options. And we are creating a third option which is share but be able to control. Which makes these two mutually conflicting goals be achievable together.
[00:10:40] Sean Martin: Sounds like a dream to me. So how, what's the first step? I think you mentioned the inventory and kind of getting a sense or a picture of what's there, how it's being accessed and used and shared perhaps even, and then you switch on the controls.
Talk to me about some of the first steps.
[00:10:59] Visha Gupta: So the first step is usually that we, we focus only on large enterprises as a company. So our kind of world view is restricted to large enterprises. But within that are some of the biggest challenges that we've seen enterprises is. Uh, to try and boil the ocean, right, which is to do this for the whole enterprise all at one go.
And that's almost a surefire way to disaster. So what we encourage enterprises is to establish specific use cases, maybe one or two, maybe board communication could be a confidential, right, uh, intellectual property, uh, compliance around privacy, right? And so on. And these are usually the most common use cases.
Our strategy is always to encourage enterprises to budget for early quick wins, right? So if there's a specific context that is established, right? Let's say confidential data needs to go to a third party. Then focus on that, get it up and running in two weeks, a month, right? And so on. And for a large enterprise, getting anything done in that time frame is a win.
Get that, establish this, go from one or two use cases to three or four. And then a pattern usually emerges within an enterprise. Then an enterprise wide rollout works. We've seen a lot of enterprise deployments of data centric security technology, which is the class of technologies that, that we belong to, uh, try and do an enterprise wide inventory or an enterprise wide data protection, and, and failing at it.
[00:12:38] Sean Martin: Well, I'm a huge fan of the quick wins, repeatable wins, the scale that, and, uh, Sounds like you have a good strategy. And, uh, I'm thrilled to meet you, Vishal, and to hear this story. And, uh, thanks everybody for listening to this brand story with Seclor and Vishal Gupta. Please do connect with them and the team.
[00:12:59] Visha Gupta: Yes, absolutely. LinkedIn. Here
[00:13:00] Sean Martin: at RSA or on LinkedIn. It's always easy wherever you are. And, uh, thanks everybody. Catch you on the next one.
[00:13:07] Visha Gupta: Thank you.