This year, the theme for SecurityNow 2021 was Secure 3rd Party Collaboration… Cloud & Beyond. Like every year, this year, too, the Fireside Chat was one of the event’s highlights. If you missed our fireside chat with Mr. Hamed Shahbar, VP of Security at PIF at this year’s Security Now 2021, here’s a quick summary of the conversation.
Read ahead to know more about how the world’s largest sovereign wealth fund manages data security.
This year, we had the privilege of hosting Mr. Hamed Shahbar to discuss how the world’s largest sovereign wealth fund manages data security.
Mr. Hamed Shahbar is the VP of IT Networks and Security at the Public Investment Fund (PIF), the world’s largest sovereign wealth fund. He is a seasoned professional armed with multiple security certifications, 15 years of experience in the IT field, and 6 years of experience only in IT security.
Here’s a brief summary of the fireside chat between Mr. Hamed Shahbar and Mr. Abhijit Tannu, CTO of Seclore, touching the key aspects of data security, such as third-party risk management, classification-driven data protection, data monitoring, and privacy regulations.
Why Data-Centric Security?
Why should an organization consider data-centric security when there are already many traditional perimeter-centric security solutions available?
When it comes to the Kingdom of Saudi Arabia, the investment done on security here is vast. The most important aspect we need to look at is data security. Data security is the trend. With everybody moving towards the digital world, data becomes the most crucial asset, being exposed.
We need to find a way to secure our data and prevent its leakage. Also, we need a way to ensure that only authorized people can access the data.
How Seclore Helps: Data is easy to protect. But the challenge lies in ensuring that there is no alternative way for a malicious user to steal data from you. For this, watermarking the data is a crucial feature of watermarking data. Seclore provides a dynamic way for watermarking documents.
Third-Party Risk Management
As a large organization, confidential data moves around and even outside to third parties. So how can one control the risk associated with these third-party exchanges? How does Seclore help mitigate these risks?
One of the most significant assets of any organization is data in documents or emails. It is essential to identify the organization’s most critical assets, the impact of their exposure on the organization, and how to secure them.
How Seclore Helps: Seclore Rights Management combined with DLP empowers an organization to protect its sensitive information. It enables the organization to enforce specific policies on the documents, such as who should view them, copy them, print them. Also, it allows the organization to revoke access at any time. For example, when the employees join or resign, the organization must ensure that no unauthorized party has access to sensitive information.
Classification-Driven Data Protection
There are a lot of organizations that are regulated and are mandated to classify information. But what leads an organization to go beyond classification and work on a classification-driven approach to data-centric security? How does it help drive this kind of technology adoption in the organization?
Classification is definitely an essential step of data security. But the classification itself is not going to help prevent data leakage.
How Seclore Helps: Classification along with Rights Management empowers an organization to control their documents, no matter where they are in the world.
Data Monitoring in a “Work-from-Home” Scenario
One of the things that many organizations and security professionals are grappling with is the whole “work from home” or “Work from anywhere” driven by the pandemic situation.
How does Seclore help secure or monitor the data transferred to people’s home devices or when people are working from home?
The pandemic and the COVID situation have been a challenge for us. Organizations had to enable users to work from outside the organization. At the same time, they needed a way to secure whatever they were doing from outside.
How Seclore Helps: Seclore helps the organizations ensure that the users’ documents are protected whenever they are outside and have rights on them. At the same time, we can track the documents, such as with whom it is being shared and who has access to it. Should we prevent access if we, say, notice someone trying to access a document they shouldn’t have access to. Then, with just one click, we can instantly revoke the access. It really empowered us during the pandemic and helped us secure our faith.
How do the different regulations or guidelines from the government shape the data protection strategy for PIF and maybe for other similar organizations in the Kingdom?
H: In the Kingdom, the regulations focus on multiple rules and controls to cover all scenarios. In the Middle East, there are regulations, like the NCA. We also have a new law coming from the NDMO, which only focuses on the data. We need to be prepared and ready for this.
How Seclore Helps: Seclore integrates well with the other systems we have. It helps close all the gaps for these controls.
One of the features that companies find interesting is this complete data visibility around tracking what happens to the protected data. How does that help an organization build a data protection strategy? How important is it?
It is essential to know who has access to the data and what they do.
How Seclore Helps: The tracking logs from Seclore allow an organization to ensure that the data was not being accessed. Suppose a file is accessed from a country where we don’t have any business. There is an alarm allowing the organization to investigate why data was accessed from that particular location of the world. Seclore provides multiple ways to track and ensure that no one else is accessing this data. All of this is being monitored around the clock here in PIF.
Seclore has many large enterprises using the system. Having somebody like PIF using Seclore to protect state secrets is humbling and a matter of pride.
We thank Mr. Hamed Shahbar for making us a part of this grand vision that PIF is working on for the Kingdom.