Transcript
I'm Senior Vice President of Editorial with Information Security Media Group. My focus today is on data security, the new necessity. To speak about that with me is Yotam Segev, co-founder and CEO of Sierra. Yotam, thanks so much for taking time to speak with me today. Thank you for having me, Tom. It's a pleasure to be here. Yotam, too often I feel like we give data security short shrift. We don't talk about it nearly enough. What was the past focus on data security? Where do you believe we've fallen short? I think that in the past, a lot of the data security efforts went towards DLP. And you can almost think about DLP as a way to try to catch the data at the last minute as it's leaving the environment. And I think that that approach created a lot of friction with the business and created a lot of anxiety for CISOs. Many people tried to implement these technologies and did not get the results they wanted, were not able to maintain it over time, and found that they're creating more problems for themselves than they're creating value. I think that that sometimes left a bit of a sour taste in people's mouth with regards to data security. And the new approach is DSPM, Data Security Posture Management, first and foremost, are actually allowing people to achieve data security goals, objectives, to protect data better. And do it in a way that doesn't get in the way of the business, doesn't interrupt the business workflows, and doesn't create friction. Yotam, you're the one that referred to data security as the new necessity in a previous conversation. Why now? I think that why now is first and foremost, Gen AI. And that might be the capital N-O-W for now. We always knew we have a problem. We always knew the problem is not solved. But it seems that with Gen AI hitting the enterprise, this problem is getting aggravated and getting more severe with each day. And I think that organizations that won't step up and put the right programs in place today will find themselves in a very, very, very sticky situation faster than we all imagine. So talk about the impact of the emergence of Gen AI. Are you talking about organizations that don't have proper governance? You've got people that might be using private data on their public LLMs. That's one of the issues we hear about. Yeah, so it starts as simply as the classic problem of DLP. What data leaves our organization and to where? But if you think about it, in this new reality, where every employee in the enterprise can very easily accelerate the workflows, getting amazing returns by using public web-hosted LLMs. And these LLMs are not necessarily the place we want our proprietary data to live in. It's becoming a much, much, much more stressful situation. And at the heart of that is the ability to differentiate between the data that matters and the data that clutters. Because 98% of our data, we're absolutely fine with it going outside to these LLMs. But there's specific data types, specific documents, specific information that we really, really, really don't want to make it there. And we have to be able to find it to stop it from going there before it does. So Yotam, talk to me about Sierra. How are you tackling data security in terms of helping your customers know what to secure, how to secure it? Yeah, so first and foremost for us is visibility. The ability to connect to all of the enterprise ecosystems, be that SaaS, IaaS, PaaS, on-premise, and in the future, endpoint, network, email as well, and be able to use machine learning and AI to actually go out and understand what data lives there and give the central teams in the enterprise, the security teams, the compliance teams, the visibility, the asset inventory around data. What data do we have and where does that data live? And how do we get a simple answer to that question across so many systems that are so different from each other? What does Office 365 have to do with an S3 bucket, with an MSSQL database in Azure, with a Snowflake data lake? All of these systems are so different, but the security teams can't handle that complexity. They're looking for a way to simplify and get a concise answer to that question. And that's the first step of every security program we've ever undertaken. What do we need to protect? What's the inventory? What's the asset inventory that we're actually looking to secure here? As you know, resources can be tough to come by these days. What are your recommendations to security and technology leaders about how they can build their business case around data security and get the board's attention? I think that these days it's easier than it ever was before. I think that many boards understand that data is the new lifeblood of the organization. And if we're to maintain our competitive advantage, we have to be able to protect our proprietary data that makes our business unique, that makes our company unique, that allows us to service our customers better than anyone else. And that data comes in very different shapes and forms for different verticals and different businesses. But I haven't met a company that doesn't have it. I haven't met a company that doesn't have some types of data they really want to keep to themselves and be the only ones leveraging. And I think that that is a pretty clear understanding at all levels of the stack today. More than that, I think that when CISOs pursue these objectives, pursue these projects, they have a value proposition to provide to each of their peers. So we're no longer going out to do security for security's sake. We can improve our security, but at the same time, get amazing benefits in cost savings by identifying all the junk we have lying around, this extensible garage we live in in the cloud, and be able to clean that up and recuperate the costs. We get amazing value by being able to accelerate data cataloging initiatives and help to develop and take to market data products, whether it's a proprietary in-house gen AI products, or whether it's the classic solutions that we've been working on for years. And be able to assist the enterprise by really putting in a foundational layer that is going to be so crucial for everything that is happening the next 10 and 20 years of what data is the organization generating? How is that data being generated? Where does it live? How much of it do we have? What's unique and what's not? And by answering those questions, I think CISOs can become a true business enabler and provide value to the entire enterprise. So Yotam, what sort of results are Sierra's customers seeing? Are they starting to clean up their virtual garages? They are. We have customers that are very focused on the cloud savings, cost savings, use cases as a main driver to allow them to justify the project. And I think that they're seeing incredible returns in that sense. Returns that more than pay for the project itself and allow them to improve their security while also becoming more efficient. And I think that we have many customers that are seeing this tool, this product, this platform open up interaction within the enterprise in a different way. And I'll give you the classic example. When I asked CISOs in the past, how do you inventory data? You told me, oh, we survey the application owners. We go one by one through the 10, sometimes hundreds of application owners. And we ask them, what data are they collecting in their application? And how are they keeping that data secure? The reality is that oftentimes the application owners don't know. And we're seeing our customers informing the application owners, enriching them with more insight and understanding of what their business is doing than they have had before. And that's being highly valued by the business. Well, Yotam, we've got scores of security and technology leaders watching this interview. What are the types of questions they need to be asking within their own organizations about how they're securing data? I think the first question is around what are our crown jewels? Now, oftentimes we thought about that as a separate question from the discovery, from the technical discovery and classifications. But the reality is that today data moves so fast and changes so fast that you can detach these two aspects. In order to actually have a clear take on what the crown jewels that put the company at risk are, you have to be doing automated data discovery and classification. Otherwise, you might be missing out on a lot of things that your organization is collecting that you don't even know about. And that's the first reaction we're getting from our customers, even at the POC stage, that they are finding out about data that they never imagined the organization is collecting. Well said. Yotam, thank you so much for your time, for your insight today. Of course. Thank you for the time, Tom. And thank you for the opportunity to talk about this wonderful topic. Again, that wonderful topic has been data security, the new necessity for Information Security Media Group. I'm Tom Field. Thank you so much for giving us your time and your attention today.
