Snow Software’s chief technology officer, Peter Björkman, shares his views on how data security on the cloudOpens a new window has become an increasingly strategic matter. He discusses why business leaders and company stakeholders, along with tech leaders need to concern themselves with data security and privacy.
As a data and security whiz, Björkman is responsible for designing and developing software solutions at Snow Software. He offers critical insights on how to manage data breachesOpens a new window , which helps companies manage costs, maximize investments and quickly adapt to changing business priorities. In this exclusive with Toolbox, Björkman talks about the challenges involved in managing customer data and information, practical steps take in case of a data breach on the cloud, and the evolving role of the CTO in the light of General Data Protection Regulation (GDPR).
Key Takeaways From This Tech Talk Interview on Data Security on Cloud:
- Top tips for CTOs to build a culture of security
- Best practices on how to manage customer data and information on the cloud
- Insights for investing in security as a strategic matter
Here’s the Edited Transcript of the Interview with Björkman and His Views on The Need to Prioritize Data Security on Cloud:
Peter, to set the stage, tell us about your career path so far and what your role at Snow Software entails.
I’m a software entrepreneur with close to 25 years of experience in designing and developing software. Before joining Snow, I developed software and lead software development teams as a contractor in a variety of industries and businesses. I’ve spent time both as a self-employed software engineer and as an employee in larger tech consultancy firms. Over the years, my focus has always been to find and develop simple and easy to use solutions to tough challenges with the help of technology, which is essentially what I do today. Since joining Snow in 2005, I’ve been responsible for research & development and the overall strategy of how we design and produce software products. And although my day-to-day work might not be as deeply technical as it once was, the thing I still enjoy most is brainstorming sessions on how to solve business challenges with smart and innovative software solutions.
How has the CTO’s approach to GDPR evolved in the recent past? Do you believe investing in security is an increasingly strategic matter?
I think the realization that personally identifiable information (PII) is involved in so much of the work that people do, has made conformance harder than was originally envisioned. While policy can drive the right behaviors, it is important to be working to detect non-conformance so that it can be resolved before issues arise – for example, while policy may dictate the use of specific processes and systems, the use of open data shares is commonplace in many organizations (even if unsanctioned), so mechanisms need to be in place to monitor for/detect use of these (Dropbox etc, possibly even WhatsApp) and provide education/alternatives (which involves understanding why people are working this way).
The UK regulator has recently flexed their GDPR enforcement powers and fined two large firms for their security mistakes; £183 million for British Airways and £123 million for Marriott. With such sizeable penalties in mind, companies have to ensure that their approach to GDPR and security is sufficient to protect them from such action.
But maybe more importantly, as massive data breaches continue to make the news, security is clearly a business-wide issue and a concern not just for CISOs, CIOs and CTOs, but for board members and business leaders across organizations. Security investment in detection, response and controls is important, but equally important is investment in education so that people understand the reasons for the controls, processes and policies that we are implementing. Securing IT environments and business information has always been important, but as the value of data becomes increasingly apparent and more efforts are taken by third parties to access it, increasing investment is needed to combat these attempts.
With the omnichannel, real-time, multi-device world we live in today, what are the practical challenges with managing customer data and information, especially in the context of asset management software?
Our customers are already seeing employees connect to digital services from a variety of different devices many of which are not owned by their employer. Having flexibility to work anywhere can be beneficial but it raises questions around protecting your company data. For example, allowing your staff to login via Outlook Web Access on their home computer allows them to respond out of hours but it may mean that they download company data to their home computer. Practical solutions that include IT asset management (ITAM) along with an identity service such as Azure Active Directory or Okta, will allow you to manage your estate and protect your data.
In addition to this, it also relates to the statement of open data shares in the previous question. Customers need to start using technology to detect/identify what SaaS applications are being used so that security teams can focus their efforts on places where people are likely to be storing/sharing data.
Learn More: How to Prevent Cyber-Attacks: Q&A With David Ferbrache of KPMGOpens a new window
What are your top tips for CTOs to work with business heads to build a culture of security across the organization?
Avoid jargon and focus on business risk and make sure you’re able to articulate the risks in business terms, using accessible language and examples that resonate with employees. Security is something that sits on a continuum for impossible to access (secure) to easy to access (but open to attackers). Engaging business leads with the perspective of risk can help them weigh up what is appropriate. Using real examples can also be very powerful, for example looking at the $300 million-dollar impact of ransomware on Maersk shipping can help explain why security threats should be taken seriously.
At the end of the day, it’s not about the technology, it’s about the impact it has on employees and customers.
Learn More: How to Move to the Cloud Seamlessly: Q&A with Matt Maloney of FlexeraOpens a new window
Customer data breaches have become an industry wide issue today. Which practical implementations the IT leadership of asset management players need to prioritize in this context?
The first step towards cybersecurity has a strong correlation with good ITAM practice – know your inventory. Having a solid understanding of your IT estate means you know what you need to protect and have visibility of the potential risks. For example, tracking the old versions of operating systems means that you know whether you have systems which no longer receive security updates (e.g. Windows 2003). This tells you how and where to implement the next essential step: patching your technology. And without proper inventory, organizations can unknowingly be exposed to risk.
I would also say that in addition to the technology itself, being able to identify where PII is stored can help security teams to prioritize their investments in both tooling and education.
In the data and information powered business environment, what skillset and mindset changes are needed on both, functional and technology teams to enable effective and efficient digital transformation?
In essence, understanding that the value of technology (hardware/software/service) is the result not of what that tech costs you to run, but the business value that it creates, which is intrinsically linked to the value of the information that it contains or provides access to.
Neha: Thank you, Peter, for sharing your invaluable insights on the need to prioritize data security on the cloud. We hope to talk to you again soon.
About Peter BjörkmanOpens a new window :
Peter Björkman is the Chief Technology Officer at Snow. Björkman is responsible for driving product strategy, maintaining the product roadmap and overseeing the global software development team, which is responsible for the continued innovation of the company’s flagship solution: The Snow platform. He is a software entrepreneur with more than two decades of experience designing and developing software solutions.
About Snow SoftwareOpens a new window :
From self-service technologies for mobile and desktop users through to intelligent software license allocation in complex datacenter environments and automated approval and procurement processes, Snow Software puts its solutions at the center of the organization, empowering all types of IT stakeholders to maximize their productivity and contribution without introducing unacceptable costs or risks, ensuring that every penny invested in technology to support business operations is money well-spent.
About Tech TalkOpens a new window :
Tech Talk is a Toolbox Interview Series with notable CTOs from around the world. Join us to share your insights and research on where technology and data are heading in the future. This interview series focuses on integrated solutions, research and best practices in the day-to-day work of the tech world.
Would you like to share your thoughts about the future of data security on cloud? Find us on TwitterOpens a new window , FacebookOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!