Categories
Innovation in Compliance

What’s The Use Case with Blane Warrene


 
Blane Warrene is the Vice President of Product Management at Smarsh, an organization that helps companies manage risk in their electronic communications. Tom Fox welcomes him to this week’s show to talk about a variety of topics surrounding compliance around mobile and hybrid work environments. 
 

 
Compliance Challenges in The Hybrid Work Environment
There are three key factors that are compliance challenges in the hybrid work environment: the risk that comes with using company devices, bringing your own devices to handle company data, and consumer applications. Blane stresses that implementing policy is vital because policy is the frame in which the organization operates. However, Blane also remarks that a layer of processing technology has to be embedded within policy in order to completely tackle the issues that cause compliance challenges. 
 
Finding The Right Balance
Many companies and clients struggle with finding the right balance among apps, smartphones and global work tools. The key to achieving this balance is to first find out what the client or customer wants to enable. “The right first question is what problem are you trying to either solve, or what do you need to enable for your business,” Blane tells Tom. Take compliance out of the equation and simply focus on what the customer wants to achieve with their company. When you approach it that way, you often get a clearer answer that leads to the use case. 
 
Capturing Communication
Tom asks Blane what Smarsh recommends to capture or archive communications such as email or text. Blane explains that social media communication is what you want to plan for because each of the sources that you go to, has a different way to get the data. Smarsh makes it easier for someone who wants to capture a wide set of data. “What we do recommend is that it comes in on a regular frequency such as real time or daily, and they certainly have the ability with retention rules to not keep everything forever which is not productive,” Blane says. Certain pieces of data can only be kept for a finite period of time, but doing this ensures that the client doesn’t have a blind spot on the things they know they’re using. 
 
What Tools Should You Allow
Companies sometimes determine what tools they should allow based on where they are in the world. The tools are also based on what they as companies are trying to solve, how they communicate and what models they support. “That discussion helps us, basically enable us, to say to them ‘Here is the way you solve these use cases and ultimately you want them in a single pane of glass’,” Blane expresses. He adds that from a compliance perspective, you want to know that you can retain that data even if you get it in different ways. Data should be able to be viewed in a common context and not across separate silos.
 
Resources
Blane Warrene | Twitter 
Smarsh
 

Categories
Innovation in Compliance

Leveraging Communications as an Asset with Robert Cruz

 
Robert Cruz is the Vice President of Information Governance at Smarsh and is Tom Fox’s guest on this episode of the Innovation in Compliance Podcast. Tom and Robert talk about information and data governance, communications data strategies, and how Smarsh helps its customers mitigate risks through its platforms.  
 

 
New Communication and Risk
In the hybrid work environment employees use new communication sources such as Whatsapp, Discord, and Slack to converse daily. This poses a risk that compliance professionals are now challenged to govern since each of these technologies is different. Firms have to update their systems for this purpose and this is where Smarsh comes in. “Our communications intelligence strategy and platform helps customers bring [communication data] into a central point of control, so they can not only identify the risk but also that they can leverage this information as an asset of their business,” Robert tells Tom. These new communication sources are simply ways for companies to engage, and if leaders can engage on their clients’ terms, it can allow them to expand their markets. 
 
A Level of Complexity
Workers have started to return to the office. Tom asks Robert to share how this has impacted the hybrid work environment, and if it has added any complexity for the compliance individual. The biggest challenge for compliance is that controls need to work consistently regardless of where an individual is. “You need to be securing an individual, not securing the particular location that individual is located in,” Robert says. Compliance professionals need to make sure that they don’t have blind spots, and that their controls work regardless of technology. This has also created more areas for which compliance professionals have to be accountable. 
 
What’s Next
Communications data strategies in the coming years are not going to be heterogeneous. Robert stresses that when data is heterogeneous, it makes it difficult for people to understand. What is going to happen in the future is an acceleration in public cloud adoption and the adoption of artificial intelligence solutions. “The use of the machine to help individuals get through the volume and variety of information… are definitely on trend lines and will just become even more prominent and common across not just large enterprises but into medium size and even smaller firms in the near future,” Robert remarks to Tom.
 
Resources
Robert Cruz | LinkedIn 
Smarsh
 

Categories
Innovation in Compliance

Right Question to the Right Person at the Right Time with Ishan Girdhar


 
Ishan Girdhar is Tom Fox’s guest in this week’s show. He is the CEO and founder of Privva, a cloud-based platform that streamlines data security to enable law firms to easily implement their own risk assessment. Tom and Ishan explore risk management in the new hybrid work era and what compliance professionals need to be thinking about in the coming years in that regard.  
 

 
The New Normal
The new hybrid work environment is here to stay. More companies are going back to the office but with fewer employees on site. This means that company leaders and compliance officers need to find a way to manage risk around virtual collaboration and communication technologies in a remote work environment. They will need to make sure that all employees are connected in a secure way. “When you have people working from home and working remotely, access to sensitive information grew exponentially… Many people have devices like Alexa or Google Home; those are devices that are recording every conversation that’s happening in your home,” Ishan cautions. Implementing policies that ensure employees aren’t working in the vicinity of these devices and making sure that companies lock-on set intervals, will go a long way in mitigating the risk that is posed from working in this environment.
 
Keep Communications Focus
Employees have to act as stewards and maintain and adhere to company policies surrounding risk and compliance. Tom asks Ishan how he keeps a communications focus in his organization, in a way that doesn’t lead to compliance fatigue. Compliance officers need to ensure that they’re actively capturing communication across their organizations, and that they have the tools to do so. “Make sure that your tech stack has the right capabilities to capture information and communication across your network,” Ishan remarks. Communicating the right ways to work with your clients and employees is also something that companies need to be thinking about. Use the right tools and the right steps to make sure your actions are in line with your internal corporate policies; the compliance departments can have access to that information if it’s required.  Make sure that the data is integrated and that all of that dialogue is time-stamped so it can be captured together. 
 
Creating Effective Cybersecurity
“Every product that technology brings to make your lives easier, better, faster, and cheaper for your clients comes with cybersecurity risk,” Ishan tells Tom. In order to mitigate cybersecurity risk, consistent training of your employees is necessary. Cybersecurity needs to be built into the culture of your organization and is a way for you to do your jobs in a timely and efficient way. Compliance professionals should be on top of what’s happening in the market with regard to new threats and risks. Have detailed policy monitoring and reporting requirements, and ensure you’re adapting your policies to the new norm. 
 
Third-Party Risk
Tom posits that third-party risk is beyond company to company, and that it’s actually the entire scope of your communication. Third-party risk is your suppliers, your partners, and your customers. Companies need to think about where their data is hidden, and where it’s going. “How is it leaving your environment? Where is it going? What’s the sensitivity of that data?” These are the questions Ishan implores leaders to think about. The biggest challenge with third-party risk management is that you have a say, but you don’t have full authority in enforcing change. It is also a two-way street in that as a company, you are also a custodian of information and you have to understand your minimum baselines, the security controls that are nonstarters for you, and what risks you’re willing to accept. If you are sending sensitive data to a third party, you have to include management and leadership as part of that conversation and process. 
 
What’s Next
Buying technology that will be sustainable going forward is one of the best ways to respond to cybersecurity risks in the coming future. Privacy is also a big challenge that companies are going to face. “Build out your budget and make sure that you have the right investments in place as you continue to grow and continue to go into the future leading up to 2025,” Ishan advises Tom and the audience. 
 
Resources
Ishan Girdhar | LinkedIn | Twitter
Privva