Archive for August, 2017

Balancing Privacy, Security and Access

August 11, 2017

Aug11PanelAug11Audience

FountainBlue’s August 11 When She Speaks event was on the topic of Balancing Privacy, Security and Access.  

We were fortunate to have such a passionate, experienced and diverse set of panelists, who covered a broad range of areas around the privacy, security and access topic. They shared some common characteristics:

  • They are curious about both the technologies and the business models, and industrious, intelligent and flexible enough to embrace new learnings and experiences so that they can fully explore business opportunities, and add value for their teams, their products, their companies, their industries.
  • They are forging new ground in many ways in the short term and for the long term, so that those who follow will be better prepared to successfully balance privacy, security and access.
  • They regularly navigate a delicate balance between being both philosophical and practical, both prescriptive and fluid, both confident in existing best practices and curious about how to stretch the envelope to the next level, and are both consistently principled and innovative. 

Below is a compilation of their thoughts and advice on how to best balance privacy, security and access.

Consider the career and business opportunities ahead.

  • The technologies, the business models, the leaders are changing rapidly. There are tremendous opportunities ahead for every company, in every industry. 
    • We have so quickly gone from wired to wireless, from wireless to mobile devices, from mobile to phone to IoT and are rapidly evolving still. We don’t give up the old technologies, but do keep embracing the new ones!
  • Think about solutions that reach traditionally non-tech sectors. These are great, practical use cases for technology solutions.
  • In considering new opportunities and solutions, think about how technologies like Blockchain, Artificial intelligence, machine learning, IoT, might factor in.
  • Consulting and specialized services in this area may be on the rise, in response to the growing and complex demands.

Embrace best practices in managing the balance between privacy, security and access.

  • Define the norm, the standard processes and procedures in detail, in collaboration with other business and technology stakeholders. Clearly defining baseline requirements, worse-case scenarios, rapid-response protocols and the like, will help ensure that you keep your customers happy, your company compliant, your product secure. It will also help position your company for success, making good choices in the short term and for the long term.
  • Nurture partnerships and relationships to build a community of supporters representing a range of needs and motivations.
  • Communicate clearly, often and transparently. Opening the kimono and speaking candidly and authentically and inviting collaboration can work wonders in building empowerment and engagement, thereby distributing responsibility, commitment and ownership.
  • Speak to the overarching need for complying to processes and procedures as well as the implications for divergence from accepted norms. Speaking about consequences in logical, non-emotive terms will more likely build cooperation than rantings and threats to those making questionable choices.
  • Be ever plan-ful and strategic, while also allowing teams to innovate quickly and maintain access with minimal hassle.
  • Be customer focused. Customers will help you define direction, and your internally policies will help you create a solution which is safe, secure and scalable.
  • Consider outsourcing some of these solutions to specialists if it’s not a core competency.
  • Assume positive intent, but plan for external infractions and attacks and for user negligence.

Manage your career opportunities in this space.

  • Keep stretching yourself and providing value. Be open to new roles and responsibilities and positions in this hot and emerging space.
  • Consider both entrepreneurial and corporate opportunities.
  • Be open to taking classes. Technical coursework and certifications would allow you to drill deeper, business classes would help you get a broaden perspective. Both are important.

It’s inevitable that we must continue to leverage tech to fight tech hacks and vulnerabilities so there’s an ocean of opportunity ahead! Make sure that you, your team and product, your company and industry, are well equipped to stay above water and swim underwater. 

————

FountainBlue’s August 11 When She Speaks event was on the topic of Balancing Privacy, Security and Access. Please join me in thanking our gracious hosts at Palo Alto Networks and our panelists!

Facilitator Linda Holroyd, CEO, FountainBlue, Chief Revenue Officer, 888 Steps
Panelist Shruti Gautam, Cofounder – Firecode.io, Senior Software Engineer, eBay
Panelist Sujata Ramamoorth, CSO, Cloud Platform and Services, Cisco
Panelist Geetha Rao, CEO, Springborne Life Sciences
Panelist Paola Zeni, Global Privacy, Senior Director, Palo Alto Networks

Balancing Privacy, Security and Access

August 4, 2017

PrivacySecurity

FountainBlue’s July 28 VIP roundtable was on the topic of ‘Balancing Privacy, Security and Access’. Please join me in thanking our executives in attendance and our gracious hosts at Palo Alto Networks. Below are notes from the conversation.

As a responsible customer, government official, executive, vendor, partner, consumer, parent, citizen, we must continually look at balancing the need for convenience and access with the need to remain secure and compliant, the need to get things done efficiently and the need to protect against malicious and unintended negative consequences.

It becomes increasingly more important to do so as technology is enabling more people access to more solutions, devices and technologies. With the increasing occurrence of alarming security breaches and astounding examples of privacy breaches, governments are implementing policy updates to protect its citizens, corporations are implementing mandates and requirements, and partners and customers, and professionals and consumers are left wondering how to proactively manage their data, their devices, their security.

It’s a fact that leaders in companies and governments and households have a larger view of the impact should there be breaches in security and privacy. However, should mandates, policies, devices and other limitations on usage and access become too inconvenient for those under management, they may be less cooperative, less complicit as their focus is more on getting something done, and not necessarily on what the implications are should a risk actually be realized.

It’s clear that companies are required to track, manage and enforce regulations and policies, but it’s also clear that they must proactively secure themselves and their staff and proactively communicate about any compromising hacks. Companies are also required to track staff information, but also be able to report information which is to be retained by the company even after her/his departure. It’s also incumbent upon the staff member to ensure that private information remains private – not on company cloud or e-mail for example.

The trick is to align all the stakeholders to agree on the larger goal – to get things done while minimizing associated risks around security breaches. It takes a combination of mandates and policies and cooperation between all parties to successfully and proactively manage that balance. 

Equally important is the ability to provide the customer what they need, and even anticipating their need, while also complying with the privacy and security requirements of the companies and the governments involved.

There’s a clear up-side to collecting data – products and services would be more customized to personal needs and preferences. It’s great when that happens as it saves people time, but there’s also a nagging ‘big brother’ feeling if the predictions are intrusive, if they are wrong, if they force customers to do something they didn’t sign up for…

Change is happening quickly, and many are weighing in to influence policies and directions are there are business, political and social implications. For example, many eyes are on the EU and the May 2018 decision for the GDPR, even for those who aren’t European residents/EU members. 

I’ll conclude with a comparison mapping this balancing act with driving. 

  • Within the US, drivers know what the speed limits are, how to drive, which side of the road to drive on, how to obey signs and signals. Although accidents and problems happen, it generally works.
    • But cars are able to go much faster than the speed limit, and drivers can generally do so without negative consequence unless there’s a ticket or an accident. Similarly, staff members may know that they shouldn’t keep private information on the company cloud, and many may do so without negative consequence, unless there’s a privacy breach.
    • Traffic rules and protocols vary outside the country and even between cities. Similarly, security and privacy policies vary across companies and countries.
  • The rules and protocols are much more clear, more accepted, more established, more supported through documentation, etc., But the rules around balancing privacy, security and access are not at all clear in many circumstances. Thus we are all feeling our way through the many variables, trying to align all the motivations involved for all the players.

It’s a complex time with many factors and many leaders and companies weighing in as this balance impacts our daily work and home lives.