Search Results

It is estimated that by year 2025, individuals and businesses alike will produce about 463 exabytes of data per day globally and there will be an estimated 175 zettabytes of data in the global datasphereBusinesses use data for a variety of reasons; including but not limited to analyzing customer behavior, providing relevant ads, customer centric product trends and analyzing market value. A DAWN OF DATA REVOLUTION AND WHAT'S AT STAKE? It is estimated that by year 2025, individuals and businesses alike will produce about 463 exabytes of data per day globally and there will be an estimated 175 zettabytes of data in the global data sphere. Businesses use data for a variety of reasons; including but not limited to analyzing customer behavior, providing relevant ads, customer centric product trends and analyzing market value. Thus today data is imperative to a business. As a result most companies are increasingly focusing on their data policies, individuals and businesses are increasingly concerned about ethics surrounding data and privacy laws. But even as these laws emerge, the time taken to comply with these laws officially or unofficially is not very promising. In fact, in a report recently added to the net, it was disclosed that it takes companies about 62 days to discover a high severity data breach and another 71 days to disclose the said breach. Thus, purely relying on a business to do the right thing when it comes to data breaches and data privacy ethics is not enough. Kuber Signal is a company that wants companies to be held accountable/responsible by the individual for their data related decisions. The company quantifies privacy policies for other companies into a standard 4-point metric and a final Goodness score that's comparable across board and then shows these scores to the individual so they can decide what companies keep their data safe. The metrics are: 1. Personal Data Privacy Goodness Score 2.Behavioral Data Privacy Goodness Score 3.Technical Data Privacy Goodness Score 4. Data Sharing Goodness Score Each metric measures how much of an individual data is stored, used and shared by the Company, that individual is a customer of the company then shows what companies in the same industry, selling the same product, rank higher than the individual's company of choice. The company can also track public information around other companies and aims to provide users with the right tools and information so an individual can stay up to date with their specific security concerns, be it companies or other security threats and make better informed choices. Kuber Signal ultimately provides the user with a privacy score that can help them evaluate them online behavior and help mitigate their data related threats. Kuber Signal is founded by a Data Scientist and a cyber-security expert whose expertise lies in investigating brands for their security posture using AI algorithms. The mission of the company is to ensure an individual is aware of their security posture and a know-how into how to improve it. The company also provides individual security assessment, cyber news and information on relevant scams in the individual's playground. In conclusion, data privacy and ethics have never had more value than in recent and coming years. Today a data breach is nothing less than a home invasion of yesterday. This may sound extreme but almost every bit of useful information about a person is somewhere on the internet with some company whose 'terms and conditions' the customer didn't read and if a malicious actor gets access to that data, the consequences for the individuals can be devastating. by P. Observer, 07.12.22 Source : Factiva

Employees who take a proactive approach at work – who speak up with suggestions, try to bring about improvements, and take initiative – generally perform better, are more satisfied with their job, and progress more quickly in their career. For organizations, a proactive workforce which anticipates changes and is willing to contribute to innovation is seen as a competitive advantage. So how can organizations encourage employees to be more proactive?  HOW TO BUILD A PROACTIVE WORKFORCE: TRAINING PROBLEM SOLVERS OR STRATEGIC CHANGE AGENTS? Employees who take a proactive approach at work – who speak up with suggestions, try to bring about improvements, and take initiative – generally perform better, are more satisfied with their job, and progress more quickly in their career. For organizations, a proactive workforce which anticipates changes and is willing to contribute to innovation is seen as a competitive advantage. So how can organizations encourage employees to be more proactive? Previous research has highlighted two potential avenues for organizations wishing to increase the proactivity of their workforce: hiring new human resources with particular personalities and skills sets, or changing the work context, for example by enriching existing employees’ work. However, these strategies often encounter two issues that may block their implementation: the lack of opportunity to hire due to difficult economic or budgetary contexts, and the lack in means and resources to enrich job roles. It therefore falls to training and development to offer a feasible approach to promoting employee proactivity. Indeed, in the United States alone, organizations spent over $165 billion on employee training and development in 2013. But how should training approaches aimed at encouraging proactivity in the workforce be designed? And which training approaches are most effective for employees with different needs and priorities? Karoline Strauss, together with Sharon K. Parker of the University of Western Australia, decided to carry out research to address these questions. “It was clear to us that the training approach an organization should take would depend on the type of proactivity it is looking for in its employees”, says Prof. Strauss. The researchers suspected that a different training approach would be needed to encourage employees to become proactive in solving problems they encountered in their day-to-day work, or to encourage them to involve themselves in strategic change and become proactive in shaping the future of the organization. The researchers developed two distinct training interventions focused on encouraging these two types of proactivity. The researchers then recruited 112 volunteers from a police force in the North of England. The volunteers were randomly allocated to one of the two training approaches, or to a third group that received no training whatsoever. “To test whether the training approaches were effective in promoting proactivity, we compare employees who took part in the training to employees in this third group”, explains Prof. Strauss. “This means that we can rule out that employees throughout the organization became more or less proactive because of other changes that took place during the time of our study”. The researchers then tracked employees over 9 months to see if their proactivity increased. The findings showed that both training approaches were potentially effective in encouraging employees to be more proactive, but that employees’ needs and preferences determined whether the training worked for them. Prof. Strauss’s findings showed that employees faced with a high workload were most likely to respond positively to the training approach aimed at encouraging them to be proactive problem solvers. “These employees felt swamped by the demands they were facing”, states Prof. Strauss. “We succeeded in training them to approach their job in a more proactive way and take charge of challenges and obstacles they were facing”. Training these employees to identify problems in their job and to develop ways to address these problems helped them to find more efficient ways of completing their day-to-day tasks. On the other hand, the training approach aimed at encouraging employees to become more proactive in shaping the future of the organization was most effective for those who are generally more focused on long-term rather than short-term benefits. Employees who were more interested in the short-term did not respond to the training approach in the same way – they did not become more proactive. “Our findings really show that there is no one-size-fits-all approach to proactivity training”, explains Prof. Strauss. “For organizations who want to enhance proactivity in their workforce this has two important implications. First, what kind of proactivity do they expect? Do they want employees to become proactive in overcoming obstacles and finding more efficient ways of working, or do they want employees who think about the long-term future and about strategic change at the organization level? Second, organizations need to consider the situation the employee is in. What are the employee’s needs and preferences? Pushing somebody who is generally not very interested in the long-term to contribute to bringing about a vision of the organization in the future is unlikely to be effective in making them more proactive, and our findings suggest that it can even backfire”. Prof. Strauss’s work has been recognized for the strength of its experimental design which rules out alternative explanations for changes in employee proactivity. However, she suggests that more research is needed on the effects of training interventions on employee proactivity. “Our study is an important first step in determining which type of training approach can be effective in encouraging employees to be more proactive, and who is most likely to respond positively to the training. But can we, for example, combine the different training approaches, and are there other ways in which employees and organizations can benefit from proactivity training?” Further research will need to explore these questions in other organizational settings. by Karoline Strauss , 03.10.16 Source : Knowledge Lab Essec

Corporate social responsibility is an increasingly popular topic in the corporate world and beyond, highlighting a need for best practices and a stronger understanding of what it really means to be a sustainable business. For this to occur, we need ways of measuring corporate sustainability: social accounting is one way of doing so. Adrian Zicari, professor at ESSEC, explains its merits, as well as its limitations, in a recent chapter in the Handbook on Ethics in Finance. SOCIAL ACCOUNTING: A TOOL FOR MEASURING CORPORATE SUSTAINABILITY Corporate social responsibility is an increasingly popular topic in the corporate world and beyond, highlighting a need for best practices and a stronger understanding of what it really means to be a sustainable business. For this to occur, we need ways of measuring corporate sustainability: social accounting is one way of doing so. Adrian Zicari, professor at ESSEC, explains its merits, as well as its limitations, in a recent chapter in the Handbook on Ethics in Finance. First, a primer: social accounting refers to the measurement of an organization’s social and environmental performance, recognizing the need to go beyond measuring economic impact only. There are a number of indicators that can be used, for example the disclosure of pollution information or the composition of the company’s workforce, among others. The list of indicators goes on, as assessing social and environmental information is a complex matter. This makes the scope of social accounting quite broad, and also leads to the question of balancing comprehensiveness and comprehension: more information is not necessarily better, as it can make reports hard to understand. Many of these indicators are not measurable in financial terms, so practitioners of social accounting need to go beyond conventional accounting and gather information from different sources. This requires a significant investment. As a result, social reports are more common in bigger companies. Dr. Zicari explored five issues (1): The motivation behind corporate disclosure of social & environmental information The use of social accounting internally for management purposes The link between social accounting and financial performance Whether or not regulation contributes to sustainability The potential that social accounting has for contributing to sustainable practices Disclosure on social and environmental information Today, the disclosure of social and environmental information is usually voluntary, though some European countries have recently implemented regulations. For instance, some companies in France have to present a “déclaration de performance extra-financière”. This means that in many cases, companies can pick and choose what, how, and when they disclose. This makes it difficult to compare companies, as there are many different frameworks in use. If it is not mandatory, why do companies disclose this kind of information? One reason is to show their legitimacy, i.e. living up to social expectations. Others may have a more “defensive” strategy in play, like if they are under fire from environmental agencies. If they do produce social reports, their motivations may impact the content. Researchers have noted that companies with poorer environmental performance tend to talk more about their environmental projects (2) and use more optimistic language (3). In other words, companies tend to be strategic when deciding what they share and how they share it, and their motivation is often based on protecting or enhancing the company’s reputation. This does not necessarily mean that companies are acting in bad faith, but it does mean that they may not disclose all their social and environmental indicators. Dr. Zicari notes that this can lead to tensions between companies and stakeholders: companies may not disclose all information, while stakeholders may seek more transparency. Should disclosure be mandatory? Corporate social responsibility initiatives and social accounting alike are typically voluntary, but there are increasingly calls for more mandatory reporting. This would be beneficial in that it could increase comparability, standardize reporting, boost the scope of information shared, result in better-informed consumers. One way to increase regulation is through “soft-law” initiatives, meaning the use of frameworks that are voluntary, but provide structure, like GRI, SASB, and Integrated Reporting. If a company says that it complies with one of those, then it has to abide by that and provide the according data. This could also boost stakeholder engagement by providing a reference point and also make it easier to compare companies, as currently comparisons are hindered by the many different frameworks out there. Another option is the use of “hard-law”, legally-binding regulations. One example of this is the Directive 2014/95/EU of the European Union, under which companies with over 500 employees disclose non-financial information. Some initial research suggests that this could have a negative impact on information quality, as companies prefer to share good news (4). Increased regulations on social reporting could help, but regulation alone will not ensure disclosure, nor does increased disclosure lead to increased sustainability. This suggests that while regulation could be useful, it does not replace the need for stakeholders to advocate for sustainability. Using social accounting internally Much of the discussion has focused on disclosure to external parties. What about the goings-on inside the company? Internal indicators can help managers make decisions that align with CSR indicators. However, since the indicators can be hard to decipher, managers may struggle to work with them, especially as CSR work can be siloed within the organization. Companies use different approaches when using social accounting internally. An “inside-out” approach highlights the use of internal social accounting information by managers in their decision-making processes; this can be combined with the “outside-in” perspective, wherein external stakeholders use report information to inform their decisions (5). Both of these perspectives are important in striving for sustainability. To facilitate this process and also help managers interpret the information, CSR discussions should be integrated into corporate performance and dealt with across the organization, rather than being the responsibility solely of a specialized team. What is the link between social accounting and financial performance? Social accounting is not interchangeable with conventional accounting: how exactly do they relate? Their scopes are different, but there is a lot of overlap, both in content and in audience. For example, perhaps a firm makes an expenditure to make a process greener: this will be reported in Profit and Loss Statements (the cost) and in social reports (the effect of the green initiative). An investor may read both these statements, as the financial statements help evaluate the company’s potential and social reports show its environmental impact. The research is mixed when it comes to how sustainability actually impacts financial performance; as a result, managers may be unsure about the profitability of sustainable policies, even if they think the ethical rationale is strong. When measuring the situation, managers thus need to carefully consider the framework they use, and whether or not it is appropriate for the situation. Can social accounting lead to organizational change? Even if the link between sustainability and financial performance is unclear, sustainability remains a worthy goal. This means that social accounting, too, is useful, as a tool for achieving sustainability. What can it actually achieve? Some scholars (cf. 6) suggest that social accounting can inform better decision-making and facilitate teamwork. Others are less certain (cf. 7), who argue that it is mainly symbolic and may not lead to significant change. One thing is true: realizing true improvements is difficult, and the mere implementation of social accounting processes will not automatically improve sustainability. Further, over-reliance on social accounting may lead to a focus on the “small picture”, rather than truly revisiting conventional business models. While social accounting is not a silver bullet, it has shown success; the KPMG Survey of Corporate Reporting (2017) (8), studying reporting practices in 50 countries, found that social reporting is widespread, and there is a community dedicated to its improvement and implementation. Social accounting could also help with the “big picture”: while reports may highlight smaller, incremental improvements, these could inform long-term changes to conventional business practices. For example, mining: by definition a polluting activity, but nevertheless one that is necessary for industrial production. Using social accounting could give managers and stakeholders information that could help reduce the environmental impact as a short-term strategy, while preserving the need to look for long-term solutions that are better for the planet. Social accounting is necessary and helpful for improving business models. Increased disclosure illuminates managers how the company can improve and informs the company’s efforts to be socially responsible. More transparency will benefit stakeholders and empower the public. We need to remember that social accounting remains a means to an end, and it will be tested by how effectively it creates measurable change in corporate practices. Key points and takeaways Tension exists between companies and stakeholders, as the former may not share all information and the latter seek greater transparency. Regulation could improve report quality, but will not automatically improve disclosure. Managers may find it challenging to work with social and environmental indicators, leading us back to the first point: some information may not be disclosed because it is not well understood or not readily available. We still do not have a clear picture of the link between sustainability and financial performance. We must be clear-eyed on the promise of social accounting. It can help improve existing business models, but does not create new ones, and managers should be encouraged to use complementary tools. All things considered: social accounting is an increasingly helpful tool for managers and stakeholders, and can help improve corporate sustainability. References Zicari, A. (2020). The many merits and some limits of Social Accounting: Why disclosure Is not enough. Handbook on Ethics in Finance, 541–557. https://doi.org/10.1007/978-3-030-29371-0_14 Cho, C. H., & Patten, D. M. (2007). The role of environmental disclosures as tools of legitimacy: A research note. Accounting, Organizations and Society, 32(7-8), 639-647. Cho, C. H., Roberts, R. W., & Patten, D. M. (2010). The language of US corporate environmental disclosure. Accounting, Organizations and Society, 35(4), 431-443. Costa, E., & Agostini, M. (2016). Mandatory disclosure about environmental and employee matters in the reports of Italian-listed corporate groups. Social and Environmental Accountability Journal, 36(1), 10-33. Burritt, R. L., & Schaltegger, S. (2010). Sustainability accounting and reporting: fad or trend?. Accounting, Auditing & Accountability Journal. Burke, J. J., & Clark, C. E. (2016). The business case for integrated reporting: Insights from leading practitioners, regulators, and academics. Business Horizons, 59(3), 273-283. Rodrigue, M., Magnan, M., & Cho, C. H. (2013). Is environmental governance substantive or symbolic? An empirical investigation. Journal of Business Ethics, 114(1), 107-129. Blasco, J. L., & King, A. (2017). The road ahead: the KPMG survey of corporate responsibility reporting 2017. Zurich: KPMG International. by Adrián Zicari , 08.06.21 Source : Knowledge Lab Essec

Have you ever wondered why consumers tend to make suboptimal financial decisions, and why financial firms are often in a position to exploit them? CONSUMER FINANCE IN THE DIGITAL AGE: LEVERAGING BIG DATA AND TECHNOLOGY TO PERSONALIZE PROTECTION Have you ever wondered why consumers tend to make suboptimal financial decisions, and why financial firms are often in a position to exploit them? Clearly, this is due in part to consumers’ biases and limited rationality. As consequence, even well-meaning policy interventions have often regulated for rational consumers and made them worse rather than better off. However, recent developments in behavioral science and economics seem to have made their way to traditional regulatory interventions. And while the combination of behavioral insights and big data analysis is raising issues relating to privacy and equality before the law, it is also opening up the possibility of tailoring the regulation of financial market behavior to more empirically valid characteristics. Consuming Financial Products Retail clients, you, me, we all engage with the financial system in various ways. We open accounts, we get personal loans, we may even be tempted to invest in bonds or shares. Some of the opportunities in the financial market are believed to dramatically improve our well-being. Pension-related products are one striking example: they help up save effortlessly for times when we will not have an income anymore. However, financial markets are complex and also expose consumers to greater risks than other marketplaces. Some risks are product specific and derive from the speculative nature of the instrument. Other risks are more general and related to consumers’ pattern of behavior. Even products such as insurance products that are not indexed to the ups and downs of the financial market do expose financial consumers to ill-suited or expensive choices. Decision-making and the Human Brain It is now widely recognized that individual cognitive processing has limited capacity. The human brain deploys mechanisms to economize on cognitive processing in decision-making: this saves time but results in systematic errors in decision-making, which might not happen if the person was given unlimited time and the analytic resources to make these choices. Therefore, consumers make predictably costly mistakes in financial markets: they buy high and sell low, invest in attractively presented instruments they do not understand, and pay excessive fees. The Myth of Rules of Thumb and the Rational Consumer If we want to protect and empower the financial citizens that we are, close attention should be paid to consumers’ behaviors, to their imperfect analyses and distorted judgments. Let us not forget that many existing rules are written with a fictional (rational) consumer in mind: someone who reads labels and disclosures, takes the time to scrutinize contracts, and checks the terms and conditions. In reality, we are nothing like the fictional consumer. Instead, we use shortcuts to make decisions, relying on intuition rather than deliberation. Thus, many potential errors, anomalies or biases in consumer decision-making may be explained by the use of rules of thumb leading to incorrect beliefs. We are unlikely to make an active choice when one option is a default (‘inertia’). An example of this is automatically renewable contracts, such as are often found in banking services. It has also been established that we can only deal effectively with a limited amount of information (‘information overload’). For this reason, it is not sensible to throw into the terms and conditions of loan agreements more information than consumers can process. Another example is present bias. This causes us to discount costs that seem distant in the future (‘hyperbolic discounting’). For example, a credit card with a low introductory teaser interest rate and high long-term interest rate is regarded as attractive, irrespective of the total cost. A last example, ‘optimism bias’ can lead us to misjudge the amount of use we make of a service: thus we might believe that we will never be in a situation where we need an expensive overdraft. Errors of this kind can result in choosing a contract that does not suit our needs. Leveraging Big Data and Technology to Personalize Protection Businesses have long been aware of this set of behaviors and regulations have started to take into account and incorporate insight from behavioral studies. What would be useful is to bridge the gap with Big Data, which is just another key to understanding consumer behavior. The power of Big Data and associated predictive analytics could be used to improve the efficiency of consumer law. While heterogeneity among consumers often means that regulations are over- and under-inclusive, the rise of Big Data has significantly decreased the costs associated with creating and administering personalized legal rules tailored to specific individual profiles or circumstances. This is just one example out of many more. In short, the combination of behavioral economics and Big Data analysis opens up the possibility of tailoring the regulation of market behavior to more empirically valid characteristics, and to personalize it. This exciting prospect also opens up major questions, relating in particular to how privacy can be ensured and how justice can be achieved. Nevertheless, private law can potentially embrace and harness these insights, and use them to solve problems such as unfair terms or debt payment issues. by Geneviève Helleringer , 21.09.21 Source : Knowledge Lab Essec

Every day brings with it the news of yet another company falling victim to a cyberattack. The costs the affected businesses face are enormous: lost critical data, stolen assets and damaged reputations.  Why cyber risk assessments should be a part of your business strategy Every day brings with it the news of yet another company falling victim to a cyberattack. The costs the affected businesses face are enormous: lost critical data, stolen assets and damaged reputations. But despite these very real threats, company leaders may resist committing the necessary resources to prevent them. After all, no one wants to pay for more than they need. This goes for cybersecurity as much as any other business expense. That’s why it’s vital for C-suites to include cybersecurity as part of their capital planning. And the key to that is determining what “just enough security” is for the organization to meet its business goals. What’s the best way to determine how much security is “just enough”? Most C-level executives are accustomed to making overall business decisions based on risk. An effective risk management program identifies true risks to the business and determines how to reduce those risks to an acceptable level. Including an acceptable level of cyber risks into the organizational risk management program makes cybersecurity a part of the overall business strategy. And the best way to do this is to undergo a cybersecurity-related risk assessment. This helps translate the costs of what it could take to prevent unacceptable levels of cybersecurity risks or to reduce them to an acceptable level. These costs can then be included in budgetary calculations and overall risk management plans. According to the SANS Institute , “the ability to perform risk management is crucial for organizations hoping to defend their systems. There are simply too many threats, too many potential vulnerabilities that could exist, and simply not enough resources to create an impregnable security infrastructure. Therefore every organization, whether they do so in an organized manner or not, will make priority decisions on how best to defend their valuable data assets. Risk management should be the foundational tool used to facilitate thoughtful and purposeful defense strategies.” Many frameworks and industry standards, such as those offered by the National Institute of Standards and Technology (NIST) and ISO, provide guidelines for conducting risk assessments and implementing controls (best practices) to mitigate or prevent security risks. In general, risk assessments help organizations determine their inherent security risks by doing the following: Identifying, estimating, and prioritizing risk to their operations. Determining the possible threats from bad actors that can compromise the confidentiality, integrity, or availability of the information they are processing, storing, or transmitting. Identifying what measures or controls are in place to protect the critical assets and what measures/controls are lacking. Following recommending preventive measures and investing in security upgrades to reduce high levels of risk. What does this mean? It depends on the type of business. Because as these examples show, not all risks are created equal. A bank storing and processing large amounts of financial data or a hospital maintaining extensive patient records would be very concerned with the confidentiality of their data and the damage to their customers and patients if hackers accessed or leaked it. A risk assessment could tell them that they need to prioritize their resources toward protecting the confidentiality of their data with privacy-related controls and other security measures. The risk assessment might also indicate that they are vulnerable to a ransomware attack, so they should implement a recovery plan and perform daily and weekly system backups. But the risk assessment may indicate there is less risk to the availability or integrity of their data, so they would not need to invest as much in these areas. Researchers developing intellectual property may be concerned both about outside actors wanting to steal their discoveries or insiders willing to sell them to competitors. The risk assessment might indicate that they are indeed vulnerable to such attacks. So they might prioritize increasing resources on instituting protective, access and monitoring best practices . They might also invest in awareness training to educate staff on recognizing phishing emails and other social media campaigns as well as internal threats. The risk assessment could suggest they have fewer risks to the confidentiality of this data, so they would not concentrate resources on protecting this area. Once company leaders have identified the critical assets they most want to protect, have an idea of what cyber threat might attack these assets and how vulnerable their assets are to an attack, and understand how severe such an attack would be to their ability to function, they can make informed decisions on how to target their resources toward addressing the risks with the most significant impact to their business. A risk assessment turns intangible concepts such as security, risk, and prevention into tangible realities with actual costs attached. Undetected/unprevented cyberattack equals financial ruin. And that’s an inevitability that every C-suite must face in today’s interconnected world. by Baan Alsinawi , 05.11.21 Source: www.securitymagazine.com

During a media event at Netskope’s SASE Week, Steve Riley, the discussion moderator and field chief technology officer for Netskope, asked, “What’s the driving force for SASE? Why now? What’s changed?” How secure access services edge security will transform networks During a media event at Netskope’s SASE Week , Steve Riley, the discussion moderator and field chief technology officer for Netskope , asked, “What’s the driving force for SASE? Why now? What’s changed?” The short take is that we are in the midst of a digital transformation, with a stronger reliance on mobile and cloud computing than ever before, according to various attendees, and we need to implement secure access services edge (SASE) now to properly address data security and networking issues that are quickly approaching. Jason Clark, chief strategy officer at Netskope, said that business has been moving to a cloud-based framework and that cloud adoption has been accelerated by the pandemic. “Data is now sitting on a CPU that you don’t own or control because it’s on the cloud, and it’s being transmitted on a network — or the internet — that you don’t own, and the users are off the network. The security teams are being stretched by this,” he said. Clark stresses that moving to SASE means “a repositioning of security to consolidate to one new security inspection point. It’s a smart reset.” When Ed Amoroso, founder, and CEO of cybersecurity consultancy TAG Cyber , was asked why he was advocating for a move to SASE, he used an easy-to-visualize model. “Hub and spoke networks consolidated and brought everything to the datacenter. Now data is scattered among apps, cloud, and different work clouds so the hub and spoke doesn’t make any sense anymore,” he said. “By conceptualizing what you need in your mind, you start putting together SASE. We’re at a time when people need different networks that can be controlled from the cloud. Anyone listening can self-generate that SASE is required just by thinking about how we use networks today.” Meeting network engineers’ needs After, Riley poised two thought-provoking questions — “If everything is on the cloud, is there a network to manage?” and “If there is no datacenter, are there now many centers of data?” — George Gerchow, chief security officer at Sumo Logic , led a discussion on the importance of focusing on data security and encryption. Gerchow stressed repeatedly the need for collaboration with control, saying, “You have to have availability, but that availability has to have seamless security. Availability matters because people have to use their services, but if you don’t have security to go with it, good luck, because it can be over in an instant.” Clark suggested that there are two avenues in building a SASE framework: “If it’s security-led, then it’s about the data. Sometimes it’s network-led, and for networking, [then] it’s about access.” Supporting the idea of a network-led framework, Amoroso said, “Many things that have nothing to do with security are an important part of the architecture.” He pointed out that he has a stack of laptops that he still uses for each company with whom he consults because that’s the only way to access his corporate clients’ perimeter. The reality is that network engineers are probably busier than they’ve ever been, and SASE can bring about needed improvements to network access. Zero trust is adaptive trust Introducing the topic of zero trust elicited some laughter from panelists. They all proceeded to comment on the buzzword aspect of the phrase, despite much misunderstanding about what it really is. Clark summarized by saying, “It’s a framework that needs to be embedded in how we operate. It’s not binary. Trust is not on or off. Zero trust has a zero to five scale in my mind.” Riley added, “Zero is the starting point, but ultimately you’ll have to extend some level of trust in order for some level of interactivity to occur.” He followed that up by suggesting that the term “adaptive trust” would be more accurate, which was met with panel agreement. Clark described a zero-trust relationship as allowing its users to “give the least amount of access as possible, as much as possible, so that bad things can’t happen.” Gerchow added that zero trust is a fabric of many things, and that it entails working closely with vendors and partners to stop anything that isn’t supposed to happen. The great SASE migration Overall, the panel seemed to largely focus on a key question, “How do we convince the C-Suite?” Panelists agreed that SASE is the future of data security and secure access, but disagreed on how long it will take for a cloud adoption tipping point moment. Clark brought up the importance of the shared responsibility model, where you can control what user has access to, as well as what data is included. He said that a company should have its own standard for considering third-party risk before granting any outside agency access to its cloud-based framework. It was Amoroso who summarized the task of transitioning to SASE best. “It’s like if you have a new house, and you move your messy garage one piece at a time into the new garage, but you want to keep it organized as you go,” he explained. “The data that needs to move to the cloud is scattered. There are companies dealing with lost data. I think it’ll all eventually get to the cloud, but moving it is complicated.” by Corinna Makris , 06.11.21 Source: www.venturebeat.com