Hindsight in 2020

I’ve often reflected on my journey through startups and the unique goals, challenges, and motivations each opportunity presented. What strikes me is the impact of past industry-wide decisions that have now resulted in serious, long-lasting consequences to businesses and consumers alike.

During the height of the social gaming craze and “there’s an app for that,” trading access to personal information for a free account was normal practice. This data would enable developers to tailor experiences, increase user bases, improve customer retention, and ultimately generate revenue. The seemingly innocuous, permission pop-up modals would list all the personally identifiable information (PII) developers would access with just a click of “Allow.”

Throwback to 2011 “Words with Friends” permission modal on Facebook

Back then, most consumers and developers didn’t foresee the ramifications of these trade-offs.

For consumers, giving access to your friends list, IP addresses, phone numbers and more was a minor point of friction for free entertainment or a tool of convenience.

For developers, “data hoarding” seemed harmless as information was most likely stored in open source, relational and/or NoSQL databases for future use.

Most consumers didn’t realize at the time that our data would soon become the most valuable commodity for someone else’s future.

While collecting and storing PII and using easy-to-get-started infrastructure technology, more lessons were learned along the way. We learned that easy and free technologies are not always the best choice as you scale to support millions of concurrent users. Scalability, performance, throughput and latency, along with data security, were often architecture afterthoughts that brought forth a host of new challenging problems to solve.

Many flaws of early adopted data stores birthed a new, unsettling trend of data breaches and leaks — exposing highly personal information that continue to fuel the cybercrime landscape of scams, phishing, identity theft, account takeover, and fraud. With GDPR, CCPA, and other privacy laws, including newer legislation like the newly passed California Privacy Rights Act (CPRA), breached companies face many financial consequences, including government mandated fines, legal fees, costly execution of breach responses, reputational impact, customer defection, and stock uncertainty.

Today, tens of thousands of employees and millions of consumers with thousands of devices and endpoints across the world are generating petabytes of data to store, manage, and protect. As Bessemer Venture Partners eloquently outlines, the C-suite and founders need to build out a data privacy stack that will protect and secure consumer data. In addition, multi and hybrid clouds, data centers, and complex infrastructures need to be secured, managed, and accessed to move business forward as quickly and effectively as possible. As architecture evolves, so does the need for enterprise-grade performant solutions, and now, finally, data security needs to be a P1 feature.

What does that mean for CISOs? If the endless sea of RSA Conference booths weren’t telling enough, a $100 billion market of security solutions provides a staggering amount of options CISOs need to consider to secure their data and infrastructure. Even with all of the careful planning, technology investments, and training, it is the unknown that keeps CISOs up at night. What about the security of third party suppliers, an unintentional misstep, or a purposeful employee related data breach?

The 2019 Varonis Global Data Risk Report found that 53% of companies leave 1,000 sensitive files exposed to all employees, “58% of companies found over 1,000 folders that had inconsistent permissions,” and “27% of a company’s users had removal recommendations and were likely to have more access to data than they require.”

Meanwhile, the Ponemon Institute reported that 53% of organizations have had data breaches caused by a third party, with remediation costs averaging $7.5 million.

Further, exposed customer PII is the most expensive for organizations with each record costing $150.

In March 2020, General Electric experienced a data breach affecting former and current employees caused by a third party provider, Canon. Data exposed included passport information, drivers licenses, direct deposit forms, medical child support orders, death benefit forms, documents relating to GE employees, and other highly sensitive information. But shouldn’t this highly sensitive data be protected, redacted or omitted from purview of most employees and third party suppliers?

Whether by insiders, black hat hackers, or third party supplier leaks, data breaches happen every day. The financial and reputational ramifications — regulatory and compliance fines, devalued brand, and broken trust of customers — are hard to recover from.

That’s where smart, performant data governance solutions come into play. Companies need to invest in best-of-breed solutions that prioritize security, performance and the speed of data access at scale.

This is what excites me about joining Okera.

Okera serves as a converging point for Chief Data Officers, IT, business units, and CISOs by solving for the last mile of data delivery in a secure and efficient way. Data engineers and stewards who understand requirements of variant data consumers (data scientists, analysts, HR, marketing, etc.) can easily set and adjust role-based and attribute-based policies to ensure regulatory compliance. Sensitive identity attributes can be obfuscated, tokenized or removed, allowing organizations to unlock the full potential of their data, drive business innovation and gain competitive advantage. If the dataset is compromised or breached by a third party, employee or contractor, the data is de-identified and effectively useless to cybercriminals.

I am thrilled to be part of this amazing team, helping to protect the privacy of citizens and making data breaches and leaks useless while unblocking business transformation at scale. We are excited about what’s to come in 2021.

Read about our latest product release and blog on how we Secure Data Access with Okera: Adaptive Security Plane with nScale Pattern.

By the way, we are hiring! Check us out.