B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 1 month ago

Looking Ahead: Data Security Solutions for 2021 and Beyond

ABOUT THIS EPISODE

It should probably go without saying at this point, but the COVID-19 pandemic changed the landscape of business forever. While some companies may be “returning to work,” the way that we work has changed.

And with that change, comes an increased need for security. With so many people working from home, companies are seeing their most valuable assets, their intellectual property, living out in the cloud, behind unsecured home wifi networks. And while VPNs are great, they’re not foolproof.

On this episode of B2B Tech Talk, we sit down with Jim Fulton. Jim is the Senior Director of Product Marketing at Forcepoint, and we chatted all about:

- The driving forces behind the renewed interest in Data Security

- How the technology behind it has changed over the years

- Why IT professionals are not the bad guys when it comes to Data Protection & Security

- Where he sees technology going in the next year

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.

...you Are listening to B- two B tech talkwith ingram micro, the place to learn about new technology and technologicaladvances before they become mainstream. This episode is sponsored by ingrammicro security, strengthen your security practice. Let's get into it.Welcome to B two B tech chalk with ingram Micro. I'm your host Shelbyskirt hawk. And my guest today is Jim Fulton, senior director of productmarketing at force Point. Jim so thrilled or happy here today. Well,thanks Shelby looking forward to it and we really appreciate being able tospend time with uh folks been working with the England for for a long time.They're you know, they're really, really excellent solution provider outthere. Well, yeah, I mean that there is a lot that that ingram micro can do forbusiness and uh you know today specifically we are talking about datasecurity solutions for 2021 and 2022 looking ahead. But first off Jim if Isaid that the demand for cybersecurity solutions is great. That's certainly bean understatement. But what about data security specifically, what's happeningin the world that is really kind of driving this renewed interest in datasecurity? Well, we're seeing so many things happening in the news uh I thinkwe've all almost been kinda beaten to death in in hearing about breaches ofinformation and and frankly vendors sort of spending a little bit too muchtime dragging out scare tactics and things like that. But what what reallyhas changed in the last two years is if you think back to before the pandemicorganizations had some people working from home or on the road, some numberof road warriors, but by and large, they might not have had a significantportion of their, their employees working remotely. That of coursechanged overnight on March 13 of 2020. And suddenly we had huge numbers ofpeople working from home who perhaps never had before. Or or if they were,they were only doing a little bit checking email and so forth. But afterthe organizations had gone and jumped through hoops and done heroics to getpeople connected, they started to realize that wait a second now, thesensitive data that our auditors require us to control or Ourintellectual property, that is the core of our business is suddenly now livingout beyond kind of the walls of the business and is on laptops, on homecomputers, up in the cloud in ways that it never was before. So what we've seenin the last 18 months is a real...

...resurgence in interest fromorganizations of all kinds businesses, nonprofits, government agencies lookingat, trying to answer the question, how do I have visibility into where myinformation is? And even more importantly, how do I maintain controlof what people can do with that sensitive information? Because itreally is out there in the wild. Also, specifically when we look at datasecurity, I'm curious uh you know, how the technology behind it has, hasevolved over the year. Like where did it start and where are we now? Yeah,it's a good question that the history actually has taken a kind of a windingpath and until a couple of years ago, the state of the art was really focusedon a technology called data loss prevention or DLP. And yeah, this was aset of tools that principally were used by larger organizations to set policiesfor how information could be used. When were you allowed to upload somethingonto a website? Were you allowed to attach files to an email? Were youallowed to copy say, a spreadsheet that you were working on onto a USB driveand things like that? And candidly it was viewed as being something that wasreally the domain of some of the largest businesses that had, you know,large organizations fleets of ph d s ready to to configure and maintain thesecurity because it was candidly in many cases uh somewhat complicated.What has happened in the last few years is that the industry really focused ondramatically simplifying how you would set up policies controlling how datacould be used and to really automate the process for figuring out one, whatdata do you have, where is it, you know, is it up in SharePoint? Is in in in onedrive, is it in a s A p or or salesforce? Or is it on laptops? Indata centers and really applying automation to the various pieces oftechnology so that people didn't have to spend as much time trying tocategorize every single thing or then trying to figure out how to specifyevery possible combination of uh if you've got 1000 users and you've got100 applications and they could be working in a whole bunch of differentplaces. There's no way you can do all of that by saying, okay, fred can dothis now at this time of day with this...

...data in this location. But jane can'tunless she's here and and instead applying automation, that would changethat and make it much simpler and much more consistent. And that's reallywhere we are now. Post pandemic is in a in a world where organizations can muchmore simply discover where their information lies, build policies aroundwhat various groups of people are able to do. And then to enforce those samepolicies consistently everywhere from their their laptops, through thenetwork into the web and and and cloud and this seamlessness and this unifyingof of all of these different things together is really what has changed inthe data security market in the last few years. And as we sort of dig in andlook at where it's going, this automation is actually reallycontinuing. And so the state of the art today is all about being able to definehow people can use information, not just in terms of, well is it shall beyour gym or is it marketing or engineering, but to actually be able todo it in terms of of risk. So if you think about the way we operate in thereal world, we tend to say, okay, well we trust people to do their jobs, butwe set up certain guardrails and say, well you're not supposed to copy ofthis, this kind of very sensitive stuff, you know, out on on the instagram. Okay,that would be bad. Don't do that. All right. But by and large we allow peopleto do their jobs. So however, if people start making mistakes or if we startseeing patterns of behavior that suggests yeah, that's that's a littleout of the ordinary. And uh Tom doesn't usually log in the 2:00 AM and startcopying lots of files or there are various things going on. And so what'shappening with with some of the most advanced data security systems today isthat they're able to say defined policies based on low medium and highrisk where low, if someone is low, they present a low risk, their trusted, thenallow them to go about their business. But if they start doing things that,you know, put them into the medium risk bucket, we'll start logging whatthey're doing a little more thoroughly and perhaps even get to the point ofrecording parts of the sessions so that you're able to see what was happening,which is is good for absolving people when they're doing something legitimate.And then only in the extreme when someone's really doing things that arehigh risk to actually block it. Because...

...that has always been sort of the thedevil that was haunting security people is that they had these powerful toolsfor controlling how people could use information, but they actually wouldnever turn it on fully. They would let it run and sort of sort of like the oldcommercials for Lifelock where you'd see a security guard at a bank, Oh,there's a robbery happening, people, why don't you do something about it? Oh,that's not my job. I just say that that something is happening and and that'sthe way data security tools were used in many organizations, but with thisautomation, this ability to personalize that enforcement and to focus blocking,for example, which is is sort of the most extreme form of control and focusthat on just the people who really merit that level of attention. Youactually address one of the biggest things that had held back, you know,the use of data security technologies and many organizations that used to getin the way it had a reputation of being the thing that prevented productivityand instead what's happening is it's flipping around and suddenly this isbecoming the way that organizations can really embrace having people workremotely as they then look at the transition to a hybrid workforce whereworking from home or working on the road or working in the office becomesall the same thing. This ability to do that actually becomes an enabler. Itallows organizations to say sure, go work on that sensitive data. All right,because we have the confidence that we can maintain control of it and so wedon't have to, you know, create rules that say you can't do your job whenyour remote or you're traveling and so it actually is dramatically opening upwhat organizations can do and what people as individuals can do. You know,I think about that end user, my own, you know, office experience, I wasprobably I. T. S worst nightmare because I was always working in themiddle of the night remotely and the a lot of times if I if I couldn't accesssomething easily, you know, I would create shortcuts, I would kind of youknow, do work arounds and so a lot of times a lot of the files that I wasusing, you know, on a regular basis for the magazine, I had them on my owngoogle drive and I know now that that is just a nightmare, but you know, forfor those end users that are trying to, trying to get done, get work done in achallenging environment, Can you speak more about the impact that it has hadfor the end users and for companies that they can say, okay, you know, wehave better ways to create user groups...

...and and and profiles that allow theaccess that that you guys need and it provides that just extra level ofservice because I think that's something that often gets maybeforgotten in an I. T. Department is that you know, it can be a customerservice department and so how how does that work I guess. And how is it how isthis this form of data security really opening up those lines. Yeah. And infact I would say it never gets run if you talk to I. P. I. T. People I theyreally are some of the strongest advocates for being able to enablepeople to work safely for keeping information secure everywhere and theirpassion. And the reason they get into it is to be able to help people and tobe able to accelerate business. And so what we've seen is this shift wherebefore, honestly there were somewhat hampered by behavior that they wereseeing because what you describe is exactly what everybody does. Eitherfind workarounds or the reason why so many organizations for example wouldn'tturn on data security was sort of the squeaky wheel syndrome or sometimesreferred to as the squeaky vice president syndrome where you know,someone high ranking person be working, you know, late at night on somethingcritically important for a board meeting the next day. And if a policywasn't configured properly and it prevented her or him from from beingable to copy data out. Well that became a five alarm fire at midnight with theC. I. O. Getting a phone call and cascading down to people to suddenlyturn off the security. Not even to provide a workaround. Just turn it alloff so that things could could happen in the moment. And so what we're seeingis because finally the technology is catching up with the way people want towork suddenly it's not getting in the way anymore. And that becomes reallyimportant because as we saw with the pandemic, the way the world works ischanging and it was already changing. You think back to all of the discussionand perhaps the overuse of the phrase digital transformation. All right. Sowhat every vendor was talking about, what, you know, pretty much everyorganization had some sort of program looking at it as Yeah, this issomething we need we need to do in some cases to remain competitive in othercases to open up new business opportunities. And you know, theurgency varied tremendously. Some...

...organizations it was a five year plan,What the pandemic did was to accelerate all of those by at least three years.And in some estimates We've seen some people saying that they were seeingdigital transformation efforts being accelerated by as many as five years.Which is pretty amazing when you think of how it really we've been dealingwith this for only 18 months. But the reason for that is that it it becameclear that organizations Have to be able to function in a very distributedway like this, just there's been no alternative for 18 months. But now thatwe're coming out of it, what's happening is they're beginning to seethat the silver lining to that giant morass, the silver lining in this caseis the cloud that the cloud itself is what has enabled people to workremotely to be at home. And now that organizations have really gone to theeffort to figure out how do we provide access to the three main places whereinformation resides and people need the web cloud applications and MicrosoftOffice 3 65 is the best best known and actually the biggest driver an example,but also as organizations put applications up onto Aws or MicrosoftAzure, you know, the third area is really the, the internal privateapplications, whether they're up there in say a private cloud area or whetherthey're still back in the data center and so the three legs of the stoolbeing the web, the cloud in the data center, people had to be able to get toit no matter where they were, but you know, after they went home and whatmost organizations did was first to make sure, okay, does everyone have areliable computer, You know, if they weren't an employee who had a laptopsuddenly organizations were shipping laptops all over the world because theyat least recognized while we maybe had people used their home computers for ashort period, that's really not not the best way to be handling it. But onceonce they got over the access issue and get into the web and get into the cloudis obviously easy. We all know how to do that. No problem. They wrestled with,how do we get to those data center applications? And this is wheresuddenly all of the people who have been lucky enough in their professionallives to never ever have to use VPN software suddenly had voiced upon them.And VPN software is perhaps one of the greatest evils inflicted upon themodern worker because it's plumbing meant for connecting sites, has nobusiness being used by real people. And...

...certainly not for being able to getinto applications. And aside from the complexity it creates, it's actuallythe I. T. Organizations worst nightmare because it allows people who honestlyyou don't know for sure if that's really shall be out there or if that'ssomeone pretending to be Shelby or someone who stole Shelby's credentials.Because unlike you know, the world pre pandemic where most of the time perhapsyou were using an internal data center application. Now, if you were in theoffice, you probably either passed by a security guard or receptionist or youhave people walking by your desk all day long. And if you know, and ifinstead you were really frank from somewhere else, they'd be going umExcuse me, can I help you? What are you doing? What are you doing here? Butthat doesn't work when everyone is working remotely. And so that reallyled organizations to begin thinking about how do we control how people getto these internal applications to the same extent that we control how theyget to cloud based applications and that is what really drove this. Thisacceleration was people realizing that you have to think of getting to thoseresources on the web in the cloud, in the data center has really been 33sides of the same problem and in fact that's where the industry has beenheading is treating all of those is the same problem where you want to be ableto control all of that with the same types of policies managed from the sameproduct without having to worry about the complexity of juggling multiplevendors all pointing fingers at each other with I. T. People having to learna gazillion consoles and dealing with the gaps and redundancies that comeabout. And that combined with that need to say okay we're going to control howpeople get to resources and then we're gonna turn around and we're going tocontrol what they do with the information that the spreadsheet theydownload from SharePoint or a sensitive file that they get off of a data centerapp. And so it's that combination of how do you get to information and thenwhat you can do with it once you get it really has redefined what security isabout post pandemic. Well, so let's get specific about force points, data lossprevention solutions and sweet. So what is it exactly, I guess what is all doesit consist of and more importantly, what is unique in force pointsofferings? Yeah. So Force Point has...

...been one of the leading providers ofdata loss prevention or DLP technologies for a number of years,were for for nine times in a row. We were one of Gardner's leaders in itsmagic quadrant. We are widely acknowledged to have some of the besttechnology out there. What it really does. It provides a set of tools thatall work together to enable you to discover where sensitive data lives,whether it's in data centers up in the cloud out on people's laptops werefloating around the network and then to be able to categorize that thatinformation because one of the big challenges when you think of, how doyou, how do you manage security is not to try to say, we're going to trackwhat every single individual file is that every single person creates.Alright. It's how do you do that in an automated way. And then once youdetermine, okay, this has what looks to be financial data in it or this hasproprietary information. How do you then keep track of that as it movesaround. And so what what our DLP suite does is to really make it Easy in anautomated fashion to find that data to then define policies and particularlypolicies that that help with compliance mandates so support like 86 countriesaround the world and hundreds and hundreds of different built in policiesthat make it easy to say. All right, you're not allowed to to copy this sortof data or print this sort of data or you're not allowed to do this or youare allowed to make sure that it's logged that that this data is beingbeing touched and so part of what makes us different is then once you have that,so you find it you write policies about what you can do with it. We then havesome of the broadest enforcement technology. So software that can run onyour laptop that runs in the network, It runs up in the cloud. It runs in ourweb security system so that you can ensure that those same policies arefollowed no matter what people are working with. So if they're trying ifthey're attaching a document to an email, is able to catch and go hold on,hold the phone here. Or even if the document was coming from a machine thatdidn't have the data loss prevention, being able to scan it and say mm notsupposed to be emailing this. This kind of super secret information around. Andso it's that that combination of being...

...able to do things throughout each ofthe steps and having the broadest range of built in policies to make it simplewhether you're in healthcare, financial services, retail banking industriesthat are dealing with personally identifiable information or if you'refocused on protecting very sensitive intellectual property, we helped do alot of that heavy lifting, then we ensure that it's enforced appropriately.But the thing then that that really sets us apart when you add that depthand breath is actually take it to a third dimension, which is reallyfocused on on automation. And we spoke earlier about how really the one of thefundamental problems is insecurity of all kinds is how do you define who'ssupposed to do what and how do you deal with the fact that it's you can't justdo it through a peephole of saying well in on these websites, you're allowed tobut you know, if you're dealing with this, you know, web app over here orthis guy, this cloud app over in SharePoint, how do you connect the dotsacross them? And how do you automatically define policies not justbased on people's identity? That's table stakes everything does that.Right then. Really, the next frontier is doing that in an automated way again,based on this notion of risk and being able to look at what's happening sothat you can spot the needle in the haystack because one of the biggestchallenges that has faced. Data security over the years has been thatit's very difficult in most systems hours are much simpler but where thereputation came from is that that people would try to define policies butthey'd either be overly broad or overly narrow. And if they're overly broadsuddenly they would generate this tsunami of alerts and notificationsthat would swamp the I. T. Organization and they'd be trying to chase down allof these spurious hey someone did this. Well were they supposed to is it okay?Were they not? And so automation now has been the holy grail of datasecurity and being able to do that so that you can connect the dots acrossall of the different things that someone is interacting with. It reallyis a game changer. Because it again it's back to the notion of simplifyingthe security making it more reliable.

Making it more consistent and making itsomething that the organization can do given that every I. T. Organization onthe planet is overstretched and I've never talked to an I. T. Team that feltit had too many people. All right. They're being asked to do more withless all of the time. And so they have to find ways of simplifying thatsecurity. And that's really our focus is on you know making what used to besort of security that was only used by the most advanced organizations andbringing it to the rest of the world so that organizations of of all sizes cantake advantage of it because they have to, it's the only way you can operatein today's digital world. And so that's that's really where we're headed isproviding a way to truly deliver a unified approach to digital security,whether that's data, whether that's the access to it on the web and in thecloud or in the data centers making it so that you're able to do that in oneset of products in one place and not have to reinvent the wheel for everysingle different type of information that that you have. Right, well, so umI just read some uh I guess breaking news last night about force pointsacquisition of SSC provider, bit glass of security service Edge, what can youtell us about SSE and how will it complement your DLP suite? Yeah, we'rewe actually see them as two sides of the same coin that ultimately when youyou look at today and and the way people are working. So as organizationsgrapple with, you know that the latest buzzword is their hybrid workforce. Howdo you have a how do you support a hybrid workforce? It boils down to howdo you make sure that people can get to the information that they need to gettheir jobs done And then how do you secure the usage of that information?And so the data security technologies like DLP and some other really coolstuff that we're working on really are are focused on what do you do with theinformation security service edge, which is part of, of gardeners sort ofbroader model that's called sassy for secure access service edge, it's thesecurity parts of sassy for listeners who are just hearing about it for thefirst time. And so that really represents the sort of the grandunification of a variety of different security technologies all deliveredfrom the cloud. And so what we did and...

...coming together with bit glass is toreally accelerate our ability to deliver both access and usage ofsensitive information, intellectual property in one solution from onevendor so that people don't have to try to cobble together a mixture of, ofdifferent products and different technologies were making it again muchsimpler by building the data security into the access security and we callthis resulting platform Our data 1st sassy platform. And so it bringstogether the security service edge, you know, the DLP technology and ouradvanced networking technologies such as SD WAN. And in fact we're one of theonly vendors to really offer all three of those pieces that really all worktogether. And so we're very excited about about bit glass. Uh it wasabsolutely a beautiful compliment to the technologies that we've reallypioneered and we see it as an opportunity to dramatically change themarket for security to make it simpler so that organizations really canprovide for having people work anywhere at home in the office on the roadwithout having to reinvent the wheel every time they move. And that is thebiggest change that's happening out there in the world today. The shiftback to a hybrid workforce in many ways while it's less visible to everyone tothe organizations that's almost as big a change as moving to an all all workfrom home model was last year And this one is the forever situation. We'renever going, we're never going back. We will never return to 2019. Well, asyou're, you're mentioning kind of what we're going to see in the future. Andas we start to come to a close for this episode, we always ask our guests thesame question and that's where do you see technology going in the next year?So I think the key things that we're going to see and certainly these areissues that were chasing but but we're focusing on it because it makes sense.And the industry is headed. There is there are a couple of main themes. Oneis the notion of convergence the days of having what were referred to assecurity stacks, networking stacks and so forth, which in many cases wereliterally piles or stacks of boxes, of hardware, of software layers, you know,piling up on top of each other and the...

...notion of assembling many, manydifferent technologies together under the under the notion of having the bestin breed of every possible thing that has proven itself to just be completelyunwieldy that what has happened is too many organizations been dealing withthis complexity and frankly people were getting overwhelmed. And so what we'reseeing is this coming together, this convergence of security technologies ofnetworking technologies and then what Gardner referred to with with sassy asthe convergence of convergences of all of that beginning to come together sortof setting the stage for a new generation of security technologiesthat incorporate automation based on behavior based on what's happening inwith the user with the device with the data and shifting to a model that isbased on risk, not just on who you are, you have to know who the user is, wehave to know absolutely, it shall be, it's not someone who got Shelby'spassword but to be able to really I know that and know that over time andthat's actually the essence of what what is sometimes referred to as zeroTrust, which is the idea of saying insecurity, people always have to haveexplosive permission for what they're doing. And so automation, you know,tied with this idea of always making sure people are permitted to do thingsis really the future of of security. And so we'll see these converged, cloudbased solutions that bring things together so that organizations you canaccomplish what they need to without being overwhelmed. You'll see thatautomation tying into what people are doing what data is doing and reallymaking it possible for people to truly work everywhere knowing that data willwill be secure anywhere. Well how can our listeners find out more about whatwe talked about today? So there are a couple of ways. So ingram Micro has a asenior solution specialist dedicated to force point. Her name is is ShaunaGentner, S H A W N A dot G E N T N E R at ingram micro dot com. Or they canalso go to the site. Imagine next that imagine and next all one word dotingram micro dot com and there there's...

...a nice search box, what are you lookingfor? You can type in force point and get links to a variety of resources andwe'll also have other resources here affiliated with the podcast And so, youknow, between shawna and the rest of the team at at ingram Micro, you know,can really find out how this new generation of access and usagetechnologies that ingram can can help you to really turn into reality canfundamentally change what you're going through as you you know, tacklebringing people back to work from home, setting up a truly hybrid workforce.And and that to me is what's really exciting about this topic is it's notjust about the technology, it's about enabling people to work moreproductively in ways that they enjoy more. And how often do you hear theword enjoy used in the same sentence as security when you do it right? It'sreally all about that and making people's lives better. Well, jim, thankyou so much for joining me. Well, thank you for having me. I've really enjoyedour conversation today and and hopefully we'll have more opportunitiesin the future. Absolutely well, and thank you listeners for tuning in andsubscribing to B two B tech talk with ingram Micro if you like this episodeor have a question, please join the discussion on twitter with the hashtagB two B tech talk. Until next time I'm Shelby scare hawk. You've beenlistening to B two B tech talk with ingram micro, hosted by Kerry roberts.This episode was sponsored by ingram Micro Security. B two B Tech Talk is ajoint production with sweet fish media and ingram Micro To not miss an episode.Subscribe today to your favorite podcast platform.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (331)