This is a transcript of our interview with Roger Hale, CISO at BigID.
You can watch the original interview here.
Boris: Hello ladies and gentlemen and welcome to our interview with Roger Hale. Roger is a Chief Security Officer at BigID which is a US-Israeli data protection and privacy software company. BigID aims to transform how enterprises track, secure and govern the most important digital asset - a customer and employee data. Roger, thank you for taking your time and coming to our virtual interview. You are in your car, you just pulled over, but thank you for your time.
Roger: Oh, this is how important your audience is. I have pulled over on the side of the road just to be able to speak to them.
Boris: Okay, Roger, can you tell me a short story about BigID? Why did you choose to focus on the data privacy issues and why there was a need for your solution?
Roger: So BigID is 4 years old. Founded in 2016 and the idea behind it was the fact that businesses and individuals didn’t know where the critical data was. At this time, there was a lot of discussion about what was going to happen with GDPR, was it actually going to be around, was it actually going to be impactful and privacy was the discussion at the point of the time.
BigID realized that most solutions were security first and were focused on you know, on around just protection of the data and not the context of the data usage which is so critical to privacy. With that they can, they look to building the company that was privacy first. Believing that coming within the privacy first and adding the contextual usage of data along with the protection of data. It would be an approach that wouldn’t be able to span beyond the privacy and actually roll into security and data governance as well.
Over the last four years we have continued to prove that out, that coming from a privacy-first perspective of understanding the impact of your most critical data. From a privacy aspect with all those additional controls around how it’s being used has broadened across all data usage to make sure that a company has the visibility to understand and the ability to make decisions and to take action on their most critical data asset protections.
Boris: Roger, can you explain what exactly BigID offers to industry? How it differs perhaps from other software providers in this space and what are some examples of your customers’ use cases?
Roger: So I think what really sets us apart is that we’ve defined a discovery in depth to really contextualize, not just identify or do pattern-matching to find data, but understand the correlation of data and then the meta data around that and taking that from that foundation to then be able to interact and work with the rest of the technology stack to enrich what companies are doing now with technology investment that they’ve already made as well as bringing to the front, identifying what they need, they need to do more or they need to adjust how they’re operating to protect those critical assets.
So it’s not a, “our product solves all of your problems”, but we are from the privacy, from a security, from the data governance perspective, we are providing you not just visibility of understanding across your known network and the dark spaces of your network as well, but we’re giving you the ability to interface with the current technologies stack that you have, to action on that data as you should whether it’s within our applications, our partner applications or the current technology stack that you have. So we’re a team player with everything that you have today.
Boris: So we are currently in the midst of a major crisis, the most important, disruptive period to our society in the peacetime history and the pandemic is having serious implications for businesses across the globe as they adapt to the new normal of operations. Can you perhaps elaborate more on this topic because there are a lot security and cybersecurity and the remote work involved. Could you perhaps elaborate more on this topic and how you guys are helping your customers and the society as a whole during this time? What tips do you have risk managers to help their organizations to stay the course during this pandemic crisis?
Roger: Well, with this pandemic and especially with all the effort and considering the geolocation and contact location and everything else that companies are considering and healthcare providers are considering, trying to be able to capture as well as just the regular healthcare data, it really is one of those things that comes back to our discovering the correlating, identifying that made the data around the actual data itself that you have to protect then we’re able to give you the visibility to provide the protections to meet the HIPAA compliance, to meet the compliance from any of the regulations to allow our businesses to leverage that understanding what are the context, what are the data around there which could include geolocation data.
So again at this time and when there’s an event or an incident that spurs this level of change in growth at the same time that’s the most important time for companies to be aware and have the visibility into where the data is going and how it’s being used. So that’s what we’re able to provide to, that visibility to assure that the data that can be collected and used is and the data that shouldn’t be collected to use that it can be protected and it can be separated.
So we’re giving them visibility to those tools to assist all of our customers in assuring both the increased scope of sensitive data and the increased usage of sensitive data is only being used for a legitimate business purpose and customers can apply the regulatory, industry and policy protections to support their industry and business requirements.
Boris: What is the data ethics and how is it related to data privacy? Can you give some real-life examples?
Roger: So again, I mean this is a great time to consider that. I mean, previously, you know, before, before the privacy regulations came around, if you have collected the data, it was, the concept was it was now your data, you could do what you will. The data privacy regulations and especially now that we’re in the middle of a pandemic, the idea of capturing data that correlates back to an individual including who they’ve been in contact with, you know, the ethics of what you do with that data really has to be defined in the data usage, the goals of being able to manage data for the purpose of healthcare, for the purpose of what you’ve captured it for.
To me, that is the ethics of, is this the right thing to do with that data, do we have right to do that? Now we have given that specific permission to use my data, as an example, in that manner. The ethics of using data for the right purpose and making sure that we have that consent. You can look at the current case with Apple and Google as they’re building technology. However, they’re making sure that that technology cannot capture other data elements and so that cannot be aggregated that would then create a breach of data privacy, in that manner.
So the ethics of can we build something versus should we build something comes back to considering the use cases and what you should do with data.
Boris: So for my personal question, it makes me sometimes very nervous, but what people or brands know about me or my company. They know the appliances that I use in my house, the software that I install, they know the websites that I am visiting, they can read the emails that I’m sending. It’s like there’s no privacy anymore. So where do you think that data privacy as a whole is heading. What are the trends in the data ethics space and what should we expect from you guys in the future?
Roger: Well, the trends in that is that they do have that information. Is that information anonymized? Do they even use that information, if it’s anonymized based upon how they would captured that information, based upon implied consent versus, direct consent, right? That’s where, and that goes back to the last question on ethics when it comes together where what we see is there’s going to be more and more opportunity to address implied versus direct consent and providing those tools to be able to action on information and be able to respond faster and with more clarity to individuals as they’re asking why you’re using their data and what manner.
Giving you that control over your data. That is, should be the new norm. But also considering and being able to identify how that data is being used across the systems within the company to allow the chief data officers to be able to assure that the data that they are gathering and they’re using is being used to the policies that the data was captured for. So the internal ability to use that information and assure that the right people have the right access to the right information and that’s not over privileged but that also that you do have data integrity in that process.
Boris: Fantastic. Thank you, Roger, for your interview. I wish your company high growth. It’s really a very good topic that everyone is very interested right now and I believe you have a bright future for your company.
Roger: Well, thank you very much. We’re really excited here at BigID and you know our goal is to be able to empower our customers so that they can make those right decisions and they can manage people’s data correctly.
Boris: Thank you.