I will introduce some basic concepts, frame the problem, talk about the urgency, and end with what we can do as a group to overcome them.

• Good morning folks — I am sure you didn’t expect to start your day learning about Security & Privacy.
• Don’t worry — it’s not all gloom and doom. We have television news channels for that.
• I will introduce some basic concepts, frame the problem, talk about the urgency, and end with what we can do as a group to overcome them.

Privacy vs. Security

Privacy & Security: Two sides of the same coin

• Let’s start with the fundamentals as it’s essential to know the distinction between privacy and security to understand the problem and impact from a business perspective.
• The definition of Privacy from a data perspective is, it is about your, as in your customer’s data. Mis-use means using it outside the scope of what you told the customer you would use it for, this is governed by “Terms of Use or Service.” Mishandling is not managing the data in a safe and compliant manner which can put this data at risk of exposure.
• The definition of Security is still the same since the age of castles and gauntlets. It’s all about the controls you put in place to protect your assets, but this is getting tricky in an online world where we go from atoms to bits — more and more value today has moved from physical to digital.

New Data Economy: the big paradigm shift

• How many of us today, are wearing a fitness tracker? Did a transaction online? Own a digital wallet? Or use a smartphone?
• We now live in a world of Smart hardware, Everything Software, and Ubiquitous broadband Connectivity — all of this is generating new data and insights about our every action and leaving a digital footprint in the form of new data.
• All of this exponential innovation is made possible by Unlimited elastic infrastructure — The Cloud! — Everything today is cloud-first.
• Just look at the earning reports for Cloud service providers like Amazon, Google, Microsoft — and the high growth of SaaS companies.
• Remote working is the new normal, which means no more data boundaries.
• We are in a new ERA — We can safely assume that every Company is a Data company or will become one soon
• This is resulting in an exponential increase in the 3 V’s.
• Volume: 90% of the world’s data was generated in just the past two years. We will be at 175 billion terabytes by 2025.
• Variety: The definition of what is your personal Data is expanding each day. E.g. location, Sensors, New -\ patterns, and behaviors powered by Machine learning algorithms.
• Velocity: Data today is no longer captive in your data stores. It is moving across applications at an unprecedented rate::An average mid-size company used more than 100 SaaS applications today.
• I was fortunate to be part of early teams at Yahoo!, Facebook, and Uber, building and scaling some of the largest data platforms, and I also had front-row seats to watch how data became important to the business to become the business itself.
• Many larger companies have some of the best security talents, and are investing millions of dollars in Security — and we are still seeing a significant increase in data breaches and record fines millions of dollars in fines!
• Where are we falling short? What are we missing? How come existing controls and processes aren’t able to keep up as the business models and underlying technologies are evolving — its because we are…

Accumulating Privacy Debt

• I want to introduce the concept of the Privacy Debt. This room is full of experts who know about their financial balance sheets. You have your assets and liabilities. I am certain you all have built solid assets and done a fantastic job managing the liabilities.
• Similar to prudent financial management --- if businesses don't start implementing mechanisms to gain visibility and implement controls around their most valuable asset, which today is "Data," you might turn this valuable asset into a liability.
• Top news stories are filled with examples every day, like the SolarWinds breach that impacted 18,000 customers
• The Log4j vulnerability impacted 89% of all IT environments.
• Cyber attacks and data breaches can kill businesses or economies today.
• Record fine ~% of your revenue, sometimes amounting to 100's of millions of dollars.
• As per Gartner, "More than 60 jurisdictions around the world have enacted or proposed privacy and data protection laws". Many of these can stifle innovation or slow down your business expansion considerably if done wrong.
• All of this is compounded by significant geopolitical unrest.
• So, where do we start? Let me try to end this on an optimistic note --- all is not lost.

Guardrails for the new data economy: Privacy Observability

• Any new change in the business ecosystems requires a fresh new perspective and approach.
• This room is full of individuals who are used to solving hard problems and dealing with challenges --- the .com crash, financial crisis, and most recently COVID --- I am sure we have all come out stronger, smarter and motivated.
• If we apply the same first principles of thinking to the state of Security & Privacy today and break it down, it's not so hard!
• I would recommend starting with "Privacy Observability," which in simple terms is Privacy management & Data monitoring:
• Privacy management: Know your obligations by industry, jurisdiction & regulations based on your business.
• Data monitoring: Understand your data in the context of your business, what you collect, where you store it, how it's used across your business, and your technology footprint.
• Use this data intelligence to design and implement security controls in the form of processes and tools --- this will help you navigate the current landmines and future proof your business as you expand or regulations evolve.
• Even when it comes to big tech companies like Apple, they have been proactive and come out in support of prioritizing the security and privacy needs of their users. This approach is working well and quickly becoming a competitive differentiator for Apple, while many other companies are failing at it.

The most crucial takeaway is:

• This is the time for us to leverage our reach and business domain expertise to have an open dialogue with our peers in the security community. Business leaders must out to regulators to provide continuous feedback to help shape these new data regulations if you are not already doing so.
• We must ensure the new rules and regulations are informed and designed to protect our customers' interests, and at the same time they don't end up stifling innovation, making the world more insular, or crushing our economy.

Let us "Act Now" to make Security + privacy a business priority to ensure we work together to "Secure User Trust" and stay ahead in this new data economy. --- Thank you, folks!!!

---

What is Borneo?

Borneo helps security & privacy teams achieve continuous compliance and data protection through accurate & actionable data discovery.

Want to watch Borneo in action? Request a demo here and we will get back to you soonest.