Protecting data, managing risk; no longer just an IT conversation

by Dr Guy Bunker.

I recently attended the eCrime and Information Security conference in Frankfurt; the secondary slogan for the conference is ‘protecting data, managing risk’ and of course that was what it was all about. Serendipitously, in the exhibition area, we were next door but one to Blue Coat so it was a good opportunity for our team to chat to the Blue Coat team about our recently announced partnership and what we can do together.

The sessions were the usual mix of product, technology and business problems, and there were some good sessions. ‘Email encryption’, ‘Distributed Denial of Service (DDoS) attacks’, ‘Advanced Threat Protection’ and ‘Data Loss Prevention (DLP)’ were all hot topics, as were the EU legislative changes around both data protection and privacy. The Clearswift session on the need for ‘Internal DLP’ through the SECURE Exchange Gateway and Adaptive Redaction as a means to make DLP deployment easier (and with less risk to the business) was very well received – and as per usual we had a good stream of people to the booth afterwards.

One thing that struck me was that while the exhibition hall was full of IT companies, the audience were not all ‘IT’. I would think it was nearly a third which carried titles like, Risk Manager, Risk and Data Analytics Manager, Audit Executive and I even met my first Data Privacy Officer – a role which will (or should) become commonplace in the next couple of years. This just shows how information security is becoming increasingly important to the business as a whole. The conversations with the non-IT person are different. The nuts and bolts of the technology are of little interest – what they are interested in is the solution and whether it addresses a business problem that they have. While we, as an industry, have talked for many years about solutions addressing business needs, it is only now that the conversations are starting to happen on a much more regular basis – and it’s not one that is driven by the vendor, but by the client – and the terminology is all different.

So, conferences are a great place to meet new people and discuss technology in a different way. However, without deep technical questions to be discussed at length, as the stand visitor isn’t always into that, it is also somewhere which focuses the mind – where is the real value, and can I explain it in 30 seconds, enough to keep the person interested. For example, encryption... it is not about the encryption technology per se, that is a given... the conversation is about ease-of-use and the impact on audit. As we were in Germany it was also important that the processing was done on-premise or in a German cloud. Different, but extremely important, values the solutions need to get across.

Overall it was a good event for Clearswift. Our session was well received and along with meeting some existing customers, had the chance to talk to some potential new ones. I also had the opportunity to spend some time with our German team, discussing what we need to continue to do in order to address their market and their customers – to keep their critical information safe.