“Never again should it be possible to say we didn’t know.” – WEF 2015, Data-driven Development Report.
Recently world leaders gathered at Davos to discuss leading issues affecting the world economy and other global initiatives. This year Cyber Security and the power of Data Science were two of the most talked about subjects at the 45th annual World Economic Forum.
Marc Benioff, the CEO of Salesforce, said in an interview at Davos: “cyber security should be everyone’s number one agenda …but there is no finish line.” Instead of promoting greater security measures, Benioff advocates for a fundamental shift to data transparency in order to build trust.
“Only through radical transparency” Mr. Benioff said, “are we going to get to new levels of trust”.
Mr. Benioff’s thoughts are echoed by two recent WEF reports, “Data Driven Development” and “Partnering for Cyber Resilience”, written by panels of industry and academic experts. Both reports argued for transparency. “No one should be able to say ‘we didn’t know’, The “Data Driven Development” report states. The latter report, which argues for the quantification of cyber threats, contends that “data availability” and “willingness to share information” are critical to building sound cyber threat models.
There is no question that we are creating a massive amount of digital data, faster than we ever did in the entire history of mankind—individuals are digitizing every aspect of their lives and companies are creating ever more digital assets. What’s more, behind every data-generating device, there is a cloud, often in a far-flung data center, where the most detailed and intimate information about a design, a person, or an enterprise is stored and processed. At the same time, however, our ability to sensibly manage, track, and secure this data remains distressingly lagging.
One of CipherCloud customers, a CISO of a large enterprise, was concerned about how information workers in his company were using collaboration cloud services. He postulated that there were 10-15 collaboration services in use at his company and he’d like to “rein that in.” We did an audit, and turns out his employees were using nearly 70 distinct collaboration, information-sharing cloud services. The CISO was flabbergasted and is now scrambling to deal with the massive potential of a data leak.
Like this CISO, too often companies feel unequipped to deal with the onslaught of the digital revolution. Many believe that at some not-too-distant date, the community will face a “Come To Jesus” scenario about what a “commercially reasonable” approach to handling digital data, and those who do not adhere to such approaches will face severe legal and financial consequences.
Here at CipherCloud, the 4-years-young company is developing a deep understanding of enterprise data, of data that flows from the company boundary to the cloud and back, the pattern of which it flows, the context within which data movement happens, and the risk it represents to a company. The insights drawn from this understanding are eye-opening and powerful, an imperative tool for data transparency and data-driven controls.
What’s more, the engineers here are developing techniques to cryptographically de-value the data based on the insights gleaned from data usage and movement. We believe that data science insights should be part of the protection fabric — every movement of data should deliver intelligence to inform security controls. It is only with this closed-loop linkage can we move beyond simple signature-style blocking and into the realm of truly predictive and data-driven governance and cyber defense.
The world is at the cusp of a data revolution; entire industries, cultures, and ways of life will be transformed by the technology. This movement will affect each of us in a profoundly personal way. Those with deep data expertise will be at the forefront of the movement. I can’t wait to learn more about the intersection of data science and security, and I’m extremely excited by the work we have embarked on here at CipherCloud.
In the coming weeks, I will be writing more about data, data security, privacy, and the daunting tasks of managing your enterprise data in the age of the digital revolution.