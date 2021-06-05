Realize that properly storing and protecting information is a never-ending process. Just like in a house, it will need new doors, but it shouldn’t prevent you from putting the right doors in place now.

It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?

As a part of our series about “Five Things Every Business Needs to Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Gus Malezis, CEO at Imprivata.

Gus Malezis is the President and Chief Executive Officer of Imprivata. Gus is widely recognized as a visionary leader in the information technology security industry where he brings more than 30 years of experience driving innovation and growth while building market leading organizations.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in Athens, Greece before moving to Canada when I was 13 years old. It was a huge change, but I treated it as an adventure, and worked hard in school to learn the language quickly. My parents were working professionals who taught me the importance of taking pride in what I do, and always doing it as well as I can. When they decided to move back to Greece after 10 years in Canada, I stayed, as I wanted to go to college to become an architect. I ended up working many different jobs to put myself through school, only to end up working in computer science — an area that has captured my heart and mind for over 35 years.

Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.

I ended up in my current career path because at the time I couldn’t find work as an architect; those jobs were very scarce, and could no longer afford to pay my bills by working at burger joints and pizza shops. I decided if I couldn’t be an architect, I still wanted to help people by solving problems, and there was demand for this in software and computer science. People needed help with technology, and I was curious. I felt inspired by new machines, like the Apple II and IBM PC 1, and learned how to make connections between them. It was all about solving problems as they appeared.

Can you share the most interesting story that happened to you since you began your career?

Early in my career, a client asked me to build him a thermodynamics program, and I had no idea what “thermodynamics” even meant. He described the problem he needed to solve, and I asked him to give me a week to figure it out. After doing all the research I could, I figured out how to help him, delivered a solution to the delight of the customer, and was able to make a significant amount of money. It taught me not to be afraid of the unknown or say no to a challenge because there is usually a good outcome.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

There are a few notable people who have shaped me and helped me find success. First, my father has always been a guiding light for me, even after his passing. He embodied honesty and sincerity, always helping those around him however he could, and I aspire to do the same. Second, an executive at a company I used to work for, Marcel Bernard, gave me the benefit of the doubt, embraced me and offered me guidance when I needed it. He is retired now but incredibly knowledgeable, and I am still learning from him today. I am also a fan of ancient philosophy, being of Greek origin, and I have been drawn to Socrates in particular. Socrates gave up his life for truth, honesty, and conviction; I have studied him extensively and his teachings have helped me get to where I am now.

Are you working on any exciting new projects now? How do you think that will help people?

The most exciting thing I am doing now is working to help those who have been selflessly helping our entire society get through the past year: our healthcare workers. They are the army at the front lines of our collective battle for survival, putting themselves at risk with minimal preparation and protection. I am also always excited to help our employees at Imprivata succeed through our many different initiatives, such as our mentorship and leadership development programs. We are proud of our internship program, as well; I am committed to helping the younger generation progress in their career paths and find success.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

People cannot thrive professionally until they have taken care of themselves and their families. Especially during the pandemic, I’ve encouraged people to prioritize this; only then can they do their jobs. I’m very proud of our company’s approach. It’s about people first, and we can’t put our people in a position to compromise their well-being or burnout.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?

This requirement is a legal and fiduciary mandate. In healthcare, the responsibility to protect confidential information is elevated. We’re targeted by hackers, and we have to take that extremely seriously. At Imprivata, we don’t actually have access to patient information; we’re interfacing with the people who are dealing with patients. Our job is to protect the confidentiality of these providers. We avoid handling our customers’ confidential information at all costs, and if we do, we treat it with the utmost control and make sure we use best-in-class tools.

Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?

Before considering destroying customer information, it’s important to understand what it is you’re protecting and who you’re protecting it for/from. Then, you have to assess the entire IT system, and you are better off making the appropriate improvements and determining best practices as opposed to just destroying it. Consider this analogy: if a system is a house holding assets, does the risk of robbery mean it should just be burned down, or should steps instead be taken to protect? The reality is, you’ll always need the house, just like you’ll always need your personal health information, and destroying it is not always the best option.

In the face of this changing landscape, how has your data retention policy evolved over the years?

We have evolved to safeguard beyond regulatory guidelines, treating them as a baseline as opposed to the maximum line. We consider all risks and possible scenarios, and take steps to protect data accordingly. Because we’re focused on cybersecurity and safeguarding customer information, we take this especially seriously. Again, we treat it like a house, and if we’re going to protect it, we need to make sure we have good doors installed, with good hinges and good locks, and that someone is always checking to make sure we haven’t left the door open. Years ago, we weren’t worried about doors and locks — we were worried about making things accessible. Our focus has evolved, shifting from utility to security.

Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?

When it comes to customer and partner data, unlike many organizations, such as social media companies, our policy is to collect the minimum amount of information, and only what we need. We usually just need lower-risk information, such as contact information for tech support. However, when it comes to intellectual property, including the software we build, we need to protect the data we store against malicious attacks. We focus on the integrity of the systems we deliver to our customers. That’s the biggest concern we see with supply chain hacks. Our policies include using highly advanced systems and backup systems. We treat all the data we store — regardless of its sensitivity — with great care.

Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?

It is terrific to see federal agencies taking a more active role in monitoring for cyber hack events outside government agencies. Some agencies have demonstrated that they have the knowledge and capability to be responsive and help us defend against attacks. In healthcare, specifically, I am concerned about the lack of a universal patient identifier — the equivalent of a driver’s license for healthcare. Many are against this concept, expressing privacy concerns, but the only way we can protect patients is by knowing who they are. Privacy and identity serve each other. It falls under the umbrella of interoperability and the need for access to information in order to treat patients properly. I’m anxious to see progress here and monitor how this debate continues to unfold.

Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?”

Have a strategy and an architecture for security. Have a plan in place. Start by putting that plan in action. Realize that properly storing and protecting information is a never-ending process. Just like in a house, it will need new doors, but it shouldn’t prevent you from putting the right doors in place now. Always be thinking that there are bad guys looking to break in. Don’t ever believe that they’re taking a break. Use partners that you can trust. Don’t try to do this alone.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

It’s so important to embrace young people, especially those about to graduate college or who have recently graduated. I would bring them in, show them what a good business can be, how to solve customers’ problems, and how they can succeed. Young people are brilliant and have so much energy, but I worry about the demands they face. They need access to good role models.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!