First of all, you need the fence, right? The physical protection, the cybersecurity tools that make sure you have the right firewall and the right approaches to how you manage data access and network access. So that’s your perimeter.
Next, you need a plan to limit exposure of this protected data outside of the fence. You have to provide consumers a way to request and view the data you’ve collected on them. You have to provide your customer support teams access to all that data to fulfill customer requests, too. So you need a solution that provides the right information to the right person when they need it, without exposing everything behind the fence to cyber attacks.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Yuval Perlov, CTO at K2View.
Yuval Perlov started his career at Team Telecom International (NASDAQ: TTIL, later acquired by TEOCO Corporation) where he created state-of-the-art mediation and ETL products for the Telecom industry, advancing to the role of AVP in charge of R&D for North America. He then proceeded to lead a development group in the eBay catalogs team. Prior to joining K2View Yuval served as CTO of Nextrade Ltd., creating innovative products in the financial sector. He is an alumnae of Tel Aviv University.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
My father was a diplomat, so I grew up all around the world. I spent many years in Europe, including England, Italy and France, as well as some years in the United States and Israel. Coming from a multicultural upbringing and speaking several different languages helps me understand and work well with different cultures, which I believe to be a necessary tool to thrive in today’s diverse workforce.
Is there a particular story that inspired you to pursue a career in data management? We’d love to hear it.
I started my career working for a telecom network management company. It was before everything was connected through the internet, so we had hundreds of protocols that connected switches and routers. It was a huge challenge just to find a way to connect to a certain network element. We would do these site surveys all around the world and try to connect to different network elements to understand the data that we can receive from each of them. It was always a mystery trying to figure out how to get alarms from a huge switch. The data interfaces got a lot easier over the years because the industry standardized, but that’s how I initially got started in this field.
Can you share the most interesting story that happened to you since you began this fascinating career?
When I first got started in my career, I was working with a telecom customer in Hong Kong and there was a language and cultural barrier. I remember asking a question about getting all future alarms from this point forward (subscribe) and I was met with an awkward silence. After a few minutes I realized they thought I am looking to fetch data from the future! It wasn’t because we spoke different languages — it was the way we talked about data. In the world of data, it’s all about how we communicate and understand it. The communication barrier around data is always a huge challenge not only because of the way we speak to each other, but it also goes into protocols and how we model data and how we understand each other.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
My first boss gave me the chance to enter this world of data movement and data transformation. When I was younger, I wrote some Pascal. Looking back, it was probably not very professional. But I reached out to someone in the business, and he agreed to take a look at what I wrote. It was a chance encounter, but he told me he’d give me a shot. In the first few years of my career, he ended up teaching me a lot of what I know today.
Are you working on any exciting new projects now? How do you think that will help people?
The way we look at the world at K2View is about modeling business entities. Working on the business entity level is ingrained in our DNA, so we always analyze data from a business perspective, not a system or database perspective. It isn’t about tables and schemas and columns and queries, but rather about what really makes up an individual customer, a product, a switch or some other entity. Take all the information about this customer, bring it into memory, and make it available so I can ask meaningful questions about it and analyze it.
We are constantly working on better ways to discover and understand the relations that define a customer with as little help from someone who is going to integrate the system into the organization. There will always be the need for a person to be involved in the implementation, of course. But we are working on projects that will make it easier and faster to implement these kinds of projects, where our system understands the business entity, shortening the lifecycle of these projects from months to weeks and days.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
My best advice is to pace yourself and take it one day at a time. The work never ends, but you have to plan and decide what you are and are not going to do each day. In my team, we say you have to be able to count the days. When you work nonstop, things start to blur and pretty soon, it becomes really hard to recall what you did when or how long ago. That means you’re not doing clear stops, and everyone in every industry needs that. It’s easier to do that when you leave the workplace, but now with the pandemic, we don’t even have that. So, it’s important to make your own full stops, perhaps spending time with your kids or having dinner at a specific time, to force that pause.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The data management industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
First, I’m most excited about the way it’s going to help and protect people. As the information industry grew, we forgot to take care of people’s privacy, information they needed to protect, and information over which they should have control. Information privacy, ownership and control were virtually unregulated for a very long time. The result was a jungle where every organization could take whatever data you provide them for free and do with it as they please.
Second, I’m excited this is changing for the better. As a society, we’re saying there must be very clear boundaries of what can and cannot be done with the data organizations collect about us. We should have the right to know exactly what data they have about us, to be notified of how and when that data gets used, the right to consent and withdrawn consent for its use, even the right to be forgotten.
Of course it creates challenges to comply with all these new regulations, but that is another thing that I am excited about. Yes, it creates additional costs and technology challenges for large organizations which have all this data scattered across hundreds or thousands of systems. But the opportunity to solve this problem, to help companies meet the challenges quickly and efficiently, that is what drives me and everyone at K2View. In my view, solving it will be a huge benefit for individuals, for societies, even for democracy. I think that’s a very good direction..
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
From an individual’s perspective, I hope everyone will take the opportunity that the regulators are giving them, to secure, protect, and take back control of their personal data. From the business side, though, it will create an enormous burden on large organizations to handle all these requests from consumers to know more about what their data is being used for. If they aren’t able to comply in a timely fashion, they face huge fines. These companies have newly protected data scattered across dozens, hundreds, sometimes thousands of legacy systems with enormous databases and data warehouses. Tthey need to take all these privacy regulations into account long after their big IT systems are already built. How do they comply if a customer asks for an extract of all the data collected about them, or worse, if they demand to be forgotten or have their data purged?
So they need to retool and reintegrate all their systems to make compliance easy — a very complex and expensive undertaking, if not done the right way — or they risk huge costs or fines each time they cannot comply with a request by the deadline. Second, making all these data sources more available so that consumers agents can comply with privacy requests carries the additional risk of mass data breach, where data and systems previously well behind a business’ firewalls are potentially more vulnerable to cyber attacks. Either way, if not approached intelligently, the costs can be high.
As you know, data can be compromised even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
There are a number of services that can and do proactively notify individuals whose personal data (especially passwords) may have been exposed during a breach or hacked database.
Personal computers often have built-in features that can show on how many different sites you have used the same password. These can be helpful if the password hacked on one site is used elsewhere.
Of course, if you get an email about an e-commerce purchase that doesn’t sound right, it can be an indicator your account at the merchant may have been hacked. (Be careful of clicking links in such emails, because they could themselves be a security risk.)
It is always a good idea for consumers to examine their monthly back and credit card statement for unusual activity. Websites on which a consumer has saved their payment information can be hacked and they may or may not inform their users in a timely manner.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Beyond understanding the extent of the breach, that is, what has been compromised, one of the most important aspects that companies overlook is proactively notifying and working with their customers. Today’s customers are concerned about the security of their information and digital identities, and they expect you to notify them and to tell them exactly what happened, what was compromised, what you are doing about it, and what they need to do themselves. In fact, the new data privacy regulations demand this kind of notification and transparency as a consumer right. Don’t wait for the regulators and the lawsuits that will follow when customers react in anger.
Of course, you must also investigate and understand the technical nature of the breach so you can ensure it can not reoccur in the same manner or in the same way. While you can never have a hundred percent guarantee a breach will not happen again, it is critical customers know how you reacted to the issue, your level of confidence that it is resolved and patched, and that they’re getting a transparent view of what occurred and how they are affected.
Like any business, we must comply with these regulations, and it means we had to look at the way we store data and conduct our business to make sure we comply. But it also inspired us to look at how our product can help companies around the world to comply with these laws.
When we first started our company, it was all about data migration and data movement. There was no discussion about privacy laws. But because a lot of data migration involved customer data, working with our customers, we came to truly understand customers as business entities. That is why I said our DNA is about modeling customers and other business entities. Then, when these regulations came along, it was a perfect fit because we completely understand how a customer is deployed across hundreds of IT systems. We understand the relations between the data points of a specific customer. Providing the tools and assistance for projects like this was a perfect opportunity and a perfect application of our product. This is when we started creating this offering of data privacy management on top of our fabric platform.
What are the most common data privacy and cybersecurity mistakes you have seen companies make?
I think a lot of mistakes have to do with focusing on the tools and not the processes in the organization. It is easy to think that technology fixes everything, so IT departments buy and deploy some tools. And that is fine, assuming they are deployed correctly, but focusing only on the tools ends up not solving the real problem.
A lot of data breaches and data privacy violations aren’t the result of a tool not doing its job, but rather from lack of training, from the way you conduct business, from the way you treat your customers, from the way your customer care is done — from the processes you have throughout your organization. The way you treat the privacy of the data you’ve been granted from your customers: how you treat it, how you move it around the organization, how you train employees and the processes you create to keep this data safe.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or data privacy errors? Can you explain?
We’re not in the cybersecurity prevention business, so I cannot comment on whether there has been an increase in hacking or data breaches. From our standpoint, we have not seen an increased risk in customer data privacy, either, but to some extent, we’ve seen that the employee data is at a higher risk of exposure. In a short time, IT departments have invested a lot in tools to enable this new remote work, and they sometimes can overlook employee privacy which also frequently falls under privacy regulations. For example, a company might choose a video conference tool that doesn’t fully embrace full encryption or employee privacy. And because employees are now working from home on their private, often wireless networks, their data and the files they transmit and receive may be less secure. So I think the pandemic should probably cause us to take a look closer at how we protect our employees’ privacy and not just customers’ privacy.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- First of all, you need the fence, right? The physical protection, the cybersecurity tools that make sure you have the right firewall and the right approaches to how you manage data access and network access. So that’s your perimeter.
- Next, you need a plan to limit exposure of this protected data outside of the fence. You have to provide consumers a way to request and view the data you’ve collected on them. You have to provide your customer support teams access to all that data to fulfill customer requests, too. So you need a solution that provides the right information to the right person when they need it, without exposing everything behind the fence to cyber attacks.
- Don’t hold data you don’t need in the first place. A lot of breaches have overarching consequences because a company is holding more data than it actually needs and not telling its customers they are holding it. That is a compliance violation right there.
- Prepare a plan for when the inevitable breach happens. Make sure you have a communication plan for notifying affected customers, and communicate proactively. Transparency with customers is key to dealing with both cybersecurity breaches and data privacy compliance.
- Give a lot of thought to the processes you create in your organization to comply with the new privacy regulations and the tools you put in place to support them. The right process and supporting tools can turn these new challenges into opportunities for better servicing your customers.. And of course, consider Data Privacy Management from K2View.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!