Thought Leaders in Cyber Security: Kris Lahiri, Chief Security Officer, Egnyte (Part 3)

Kris Lahiri: We integrate with all the top identity management providers. Now that I know who can get in, what types of access do they have? It’s not necessary that everybody in your finance department should automatically have access to payroll info. It’s also not true that everybody needs access to the finance folder.

This type of real-life situations that we’ve seen in the past as well as with our customers is what is built into the platform. We refer to this as our permissions model.

This is our model which reflects that actual thing that we’ve seen across for all our customers as opposed to a very consumer way of looking at it and saying, “Every user is a thumb drive in the cloud. We’ll just treat them as individual consumers of a certain cloud service.” We have a unique way of looking at how we protect the content and the platform.

As a result of this centralized control, it integrates very seamlessly with any of the framework that is starting up. It lets people say, “This is how I need my user base to have certain access.” It automatically integrates in with audit capabilities. People are running monthly, quarterly, or year-end audits.

It also helps with more specific things. We are starting to do a lot of things in the life sciences industry and how they integrate with this GXP compliance. Those types of things really work well on our content platform. That’s why we keep referring to this as the only business-first architecture.

The first layer was very foundational at an infrastructure level. The second layer is more of how a user interacts with a platform. What is our differentiation? What are the security angles there? At a higher level, we are really seeing a huge push. This started in 2018. During 2018, we definitely saw an uptick in the whole data governance side of the house.

Nowadays, the fact that you will have things in at least one or two cloud vendors is a given. What is the type of governance and the policies that you can run your business on in terms of just core PII handling or breach management. I definitely thank the whole GDPR initiative that started. I know they put a deadline. People had to react to it.

On the flipside, it changed a lot of people’s thinking of their responsibility of what data they keep. I have a lot more advanced conversations here. To my point earlier, I think data governance is becoming front and center here.

Sramana Mitra: I’m going to pick up on a couple of points and have you follow-through a bit. One thing you said that is a little bit higher level trend that we should discuss is this business of shadow IT. When cloud computing started to become mainstream, one of the strategies was to go around IT and start working with the business groups.

It was very well understood that if you have a business application and you go to the business buyer, you can build your deals. It seems like what you’re telling me is that because of security concerns and data governance concerns, all that is getting normalized and IT is starting to take control of those instances. Did I pick this up right?

Kris Lahiri: You’re completely on the right track. Let me elaborate on that for just a second. You have definitely come across, over the last four or five years, the whole DevOps cultural shift. It is related to what you’re seeing. Because of the ease at which you can start doing things in public cloud and also leverage other SaaS, the DevOps is in the world of people building that software.

You can use that same parallel to say, “I’m able to deliver faster results whether that’s because new systems got built or because I integrated a few other tools that were available.” To the business, that is a huge benefit. They were able to build out so many new things a lot more rapidly. The agility was much higher. 

This segment is part 3 in the series : Thought Leaders in Cyber Security: Kris Lahiri, Chief Security Officer, Egnyte
1 2 3 4 5 6