Kris LahiriCo-Founder and Chief Security Officer, Egnyte
Kris is a co-founder of Egnyte. He is responsible for creating and implementing Egnyte's global information security and compliance manageme Kris is a co-founder of Egnyte. He is responsible for creating and implementing Egnyte's global information security and compliance management strategies, policies and controls that protect all of Egnyte's customers' content and users.
It’s easy to aspire to be just like a Fortune 500 company – killer quarterly earnings, adulation from the press, respect from your peers, etc. It’s just as easy to forget there’s a reason these largely successful companies stay on top. They innovate, they provide superior service, and they often have a strong ecosystem of partners. However, there’s one element of these companies that has historically been overlooked but is now receiving an increasing amount of attention – trust.
With an increased focus on consumer privacy and an explosion of data being created, companies have to take a much more active approach in building trust between themselves and their customers. A core part of building that trust is the handling of data – where data is stored, who has access to it, and how it is being accessed – on the company side and on the customer side. By showing your ability to properly manage and protect data, you will gain respect and trust from customers, prospects, partners, and the public in general.
On the flip side, if you are unable to properly handle data it will not go unnoticed. These days breaches are being publicized via blogs, news outlets, social media, and more. Just one breach can send a company’s reputation in a freefall, crumble any trust they have built with the public, and cost them dearly.
There are a few of the things you can learn directly from the most successful companies in the world about how to securely handle your data and build trust with the public.
Understand data governance is about quality of data
Sanjay Saxena, SVP of Enterprise Data Governance at Northern Trust (no. 486), accurately described that data governance isn’t simply a defensive measure, but a way to actively bring value to your customers. Saxena eloquently puts that data governance should also be focused on improving, maintaining, and acting upon the data you have – and that once you’ve made the steps beyond security and compliance, it’s a huge competitive edge.
While you should always be secure and compliant, that doesn’t mean that you shouldn’t use the data responsibly to understand your customers. For example, Saxena says that “another aspect of the monetary benefits of data governance is the role of metadata. Firms are increasingly focused on collecting metadata about their clients and the products they have purchased.”
Well-governed data isn’t simply secure and accessed by the right people – it’s understood, built upon and manipulated. AT&T (no. 9)’s Steve Stine also echoed similar points on what makes a good Chief Data Officer.
Make governance a core of anything involving the customer
Apple, no. 4on the Fortune 500, subtly mentioned data governance in the rollout of one of the most pervasive pieces of consumer fintech – Apple Pay. Apple specifically made Apple Pay create tokens of randomized credit card numbers for each card you’d load into your Apple device, never actually storing the credit card data on their servers.
This is productization with governance inherently built in – Apple understood exactly where the issue may be if there’s a loss of a device or a breach (the customer information), and limited that entirely to singular tokens that, if lost, would be easily locked and not leave the user vulnerable.
The simplest decision you can make with your customer’s data is to keep it as far away from the outside world as possible – even if it’s more difficult to build, it will protect them and you, no matter how large or small your company is.
Build a risk-aware culture
IBM’s 10 essential security practices are valuable, but the most powerful lesson to internalize is that you should have a risk-aware culture from the very beginning of your company. No. 34 on the Fortune 500 likens a risk-aware culture to how we take preventative actions to stop ourselves getting sick or from getting hurt, and I think it’s a powerful way to, even in your early days, save yourselves from future issues.
This means taking care of business from day one, and instilling in your people that your data, and especially your customer’s data, should not be treated in a cavalier manner (such as keeping customer information in plain text), and enforcing access to critical data in such a way as to prevent it easily leaking. There’s a fine line between risk-awareness and paranoia – but it’s necessary to internalize this message from day one.
You’re not as different as you’d think
A Fortune 500 company may have billions of dollars in revenue and exabytes of data to govern, but you share similar goals – delighting your customers in the fastest and safest way possible. You also likely have an advantage in considering data governance at an earlier stage – you can embed the ideals of great data governance in your culture early and often, and build your infrastructure to reflect it without having to change vast legacy systems. It’s a win-win for you and your customers.
TNW Conference 2019 is coming! Check out our glorious new location, inspiring line-up of speakers and activities, and how to be a part of this annual tech bonanza by clicking here.
Get the TNW newsletter
Get the most important tech news in your inbox each week.