Why DSPM? Data Security Beyond DLP | ISMG Interview with Yotam Segev, CEO of Cyera

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi there I'm Tom field I'm senior vice president of editorial with information security Media Group my focus today is on data security the new necessity speak about that with me this yotm SEI co-founder and CEO CA yotm thanks so much for taking time to speak with me today thank you for having me Tom it's a pleasure to be here yo Tim too often I feel like we give data security short shrift we don't talk about it nearly enough what what was the past focus on data security where do you believe we fallen short I think that in the past a lot of the data security efforts went towards DLP and you can almost think about DLP as a way to try to catch the data at the last minute as it's leaving the environment and I think that that approach created a lot of friction with the business and created a lot of anxiety for cissors many people tried to implement these Technologies and did not get the results they wanted were not able to maintain it over time and found that they're creating more problems for themselves than they they're creating value I think that that sometimes left a bit of a sour taste in people's mouth with regards to to data security and the new approaches BPM data security poster management first and foremost are actually allowing people to achieve data security goals objectives to protect data better and do it in a way that doesn't get in the way of the business business doesn't interrupt the business workflows and doesn't create friction y Tom you're the one that referred to data security is the new necessity in a previous conversation why now I think that's why now is first and foremost gen and that that might be the capital n o w of now we always knew we have a problem we always knew the problem is not solved but it seems that with Gen hitting the Enterprise this problem is getting aggravated and getting more severe with each day and I think that organizations that won't step up and er put the right programs in place today will find themselves in a very very very sticky situation faster than we all imagin so talk about the impact of the emergence of gen are you talking about organizations that don't have proper governance you've got people that might be using private data on their their their public llms and that's one of the issues we hear about yeah so it starts as as simply as the classic problem of of DLP what data leaves organization into into where but if you think about it in this new reality where every employee in the the Enterprise can very easily accelerate their workflows get amazing returns by using public web posted llms and these llms are not necessarily the place we want our proprietary data to live in it's becoming a much much much more stressful situation and at the heart of that is the ability to differentiate between the data that matters and the data that clutters because 98% of our data we're absolutely fine with it going outside to these llms but there's specific data types specific documents specific information that we really really really don't want to make it there and we have to be able to find it to stop it from going there before it does do your talk to me about CA how are you tackling data security in terms of helping your customers know what to secure how to secure it yeah so first and foremost for us is visibility the ability to connect to all of the Enterprise ecosystems be that SAS AAS pass on premise and in the future and Point Network email as well and be able to use machine learning and AI to actually go out and understand what data lives there and give the central teams in the Enterprise the security teams the compliance teams the visibility the asset inventory around data what data do we have and where does that data live and how do we get a simple answer to that question across so many systems that are so different from each other what does Office 365 have to do with an S3 bucket with a a an mssql database in Azure with a snowflake data link all of these systems are so different but the security teams can't can't handle that complexity they're looking for a way to simplify and get a concise answer to that question and that's the first step of every security program we've ever undertaken what do we need to protect what are what's the inventory what's the asset inventory that we're actually looking to secure here as you know resources can be tough to come by these days what are your recommendations to security and Technology leaders about how they can build their business case around data security and get the board's attention I think that these days it's easier than it ever was before I think that many boards understand that data is the new the new lifeblood of the organization and if we to maintain our competitive Advantage we have to be able to protect our proprietary data that makes our business unique that makes our company unique that allows us to service our customers better than anyone else and that data comes in very different shapes and forms for different verticals and different businesses but I haven't met a a company that doesn't have it I haven't met a company that doesn't have some types of data they really want to keep to themselves and be the only ones leveraging I think that that is is a pretty clear understanding at all levels of the of the stack today more than that I think that when cesos pursue these objectives pursue these projects they have a value proposition to provide to each of their peers so we're no longer going out to do security for security sake we can improve our security but at the same time get amazing benefits in cost savings by identifying all the junk we have lying around this extensible garage we live in in the cloud and be able to clean that up and recuperate the costs we get amazing value by being able to accelerate data cataloging initiatives and help to develop and take to Market data products whether it's a propriety in-house gen products or whether it's the classic solutions that we've been working on for years and be able to assist the Enterprise by really putting in a foundational layer that is going to be so crucial for everything that is happening the next 10 and 20 years of what data is the organization generating how is that data being generated where does it live how much off do we have what's unique and what's what's not and by answering those questions I think cesos can become a true business enabler and provide value to to the entire Enterprise so Y what sort of results are cra's customers seeing are they starting to clean up their virtual garages they are they are we have customers that are very focused on the cloud savings cost savings use cases as a main driver to allow them to justify the the project and I think that they're seeing incredible returns in that sense returns that more than pay for the for the project itself and allow them to improve their security while also become more efficient and I think that we have many customers that are seeing this tool this product this platform open up interaction within the Enterprise in a different way and I'll give you the classic example when I asked sisters in the past how do you inventory data you told me oh we survey the application owners we go one by one through the tens sometimes hundreds of application owners and we ask them what data are they collecting in their application and how are they keeping that data secure the reality is that often times the application owners don't know and we're seeing our customers informing the application owners in reaching them with more insight and and understanding of what their business is doing than they have had before and that's being highly valued by the business well y we've got scores of security and Technology leaders watching this interview what are the types of questions they need to be asking within their own organizations about how they're securing data I think the first question is around what are crown jewels now often times we thought about that as a separate question from the discovery from the technical discovering classifications but the reality is that today data moves so fast and changes so fast that you can detach these two aspects in order to actually have a clear take on what the crown jewels that put the the company at at risk are you have to be doing automated data Discovery and classfication otherwise you might be missing out on a lot of things that your organization is collecting that you don't even know about and that's the first reaction we're getting from our customers even at the PC stage that they are finding out about data that they never imagined the organization is collecting well said yo time thank you so much for your time for your Insight today of course thank you for the time Tom and thank you for the opportunity to talk about this uh wonderful topic again that wonderful topic has been data security the new necessity for information security Media Group I'm Tom field thank you so much for giving us your time and your attention today

Info

Channel: Cyera

Views: 459

Rating: undefined out of 5

Keywords:

Id: uIZSgOJMOPs

Channel Id: undefined

Length: 10min 11sec (611 seconds)

Published: Wed Apr 03 2024