Friction matters: Data security lessons from Snapchat and Google

data security lessons

In this podcast recorded at RSA Conference 2017, Grant Shirk and Veliz Perez, Head of Product Marketing and Product Marketing Manager at Vera respectively, talk about how the need to protect confidential data extends past the borders of your business.



data security lessons

Here’s a transcript of the podcast for your convenience.

Grant Shirk: Hey, everyone! This is Grant, over here, at Vera Security. And I’m joined by Veliz Perez, part of my Product Marketing team. And we’re really excited to be on this podcast, and talking to you from the RSA Conference in San Francisco.

Veliz Perez: Yeah, that’s right. We are live at the RSA Conference. And, you know, Grant, there are a lot of things that we could talk today about in the world of cybersecurity. Obviously, we’re going to talk about Snapchat. And specifically, Snapchat’s Spectacles.

For years now, at Vera, we’ve said that security companies can really learn a lot from how consumer products are marketed, adopted and used in the enterprise. And there are hundreds of examples that come to mind, and hundreds of examples that we could draw on, but really, the difference between how Snapchat built Spectacles compared to Google Glass makes a great parable for our industry.

Grant Shirk: I love parables, because essentially, this is a story about a friction in an experience, whether it’s the user experience or the acquisition experience can really alter the path of a product.

Veliz Perez: That’s right. And those of you that remember Google Glass, the one word that summed up the entire Google Glass project was ‘glassholes’. And everything about its implementation, from its launch to its adoption was defined by how clunky, and intrusive, and just kind of plain out weird it was. And it’s not a surprise that the product failed and Google shut down the project.

Grant Shirk: Yeah, essentially. Does that sound like any other security products that you know? I mean, that’s the contrast that we’re talking about. On the surface… Now, if you make the comparison, Snap built essentially a duplicate product coming into this market. It’s pair of glasses, you wear it to capture images and video of what’s going on around you. But from concept, to launch, to execution, their focus outside of what they were building was really eliminating friction at absolutely every step of the way. The product itself, instead of trying to capture a huge universe of use cases, is defined by its upmost simplicity.

Veliz Perez: In hindsight, it sounds like, ‘Well, of course you’d want to build the most simple product.’ But it’s really hard to replicate that, it’s really hard to build a product that’s super simple. And it’s something that most security companies forget. And I’ve seen that time and time again at RSAC.

So, at Vera, it’s really our mission to remove the friction associated with data and email security, and make it as intuitive and simple as possible. And that really takes us to our most recent product launch, which is Vera for Mail.

Grant Shirk: I think there’s an obvious parallel to the world of security. We start with this big idea that this… At RSA so often the conversation that you have when you go to the booths and you go to these sessions, it’s about features or capabilities, it’s the strength of the security, it’s the machine learning, it’s the encryption, it’s how people are using big data in interesting ways. But in every single conversation I’ve had this week, this challenge of friction is completely ignored, but it’s this thing that’s right in front of us; and particularly when you look at email security. This is a 30-year problem. And not only is it an old problem, it’s a big problem.

Diving into it a little bit more, Cisco just released their 2017 cybersecurity survey. And there were a couple of things that really jumped out in this area, and they really hit close to home. And the headline of this is that email security is one of the least trusted, least effective tools in the organization. But at the same time, for most organizations of any size, somewhere between 75% and 80% of their sensitive content, IP, and even thoughts, hopes and prayers for the organization are transmitted through email. And there’s this weird disconnect in that where in this survey, nine out of ten security pros have zero faith in the effectiveness of their email solution. That’s kind of a problem, especially when data exfiltration is one of the challenges that call out as the biggest issue. And I think a big part of it is friction. So much of it is built on these older technologies, PGP, S/MIME. I mean, we collaborate a lot, but we don’t live in a world anymore where we can actually go to a PGP party, check IDs and pass around keys. It just doesn’t work.

Veliz Perez: I have never been to a PGP party, but I think that’s a good thing. I think when you look at all these stats, it kind of boils down to one thing. We’ve destroyed trust in email security. And so, if I send an email, I don’t have any tools to protect it and the enterprise, I don’t know if it’s going to be forwarded. And at Vera, we’re going to change that.

And so, last week we announced our new product, Vera for Mail, which is essentially enterprise grade security for email that your team will love. And so, Vera for Mail seamlessly secures the body of email messages and ensures that your confidential data is viewed only by trusted parties. Vera is going to be a single way to secure your files, emails and any other communication without adding any friction to your organization.

Vera mail

So what does that mean in practice? If I assign Grant and email, then only Grant can access it. And this is beyond encryption or access control. So if he downloads an attachment, I can track and control that document through its entire lifecycle. No PGP party, no proprietary plug-ins, no complicated key exchange, frictionless. And if I no longer work with Grant as a trusted partner, I have a kill switch for my email messages that actually works.

Grant Shirk: You wouldn’t actually do that to me, would you?

Veliz Perez: Maybe.

Grant Shirk: Okay. So, to wrap up, we talked to our customers a lot. We came from this world of file security, thinking about unstructured data and how can we protect it in a world where we can’t control where it’s placed or how it’s stored. And our customers, having kind of tackled that, they’re still frustrated with the complexity of securing communication. It always feels like it’s another system, something else to bolt on, something else to integrate, another place to manage the data. ‘And it’s even still another tool I have to teach people how to use.’ And particularly when it comes to email, any additional friction is a deal-breaker. And so, that is a critical point of entry.

And so, as it turns out, I think we actually paid this off. There is a connection between the story of Chat and Google Glass. If you have a solution that is appealing to people, that accomplishes simple tasks in simple ways, in a way that doesn’t force them to think too hard about what they’re doing, doesn’t introduce weird uncomfortable barriers to adoption, either technological or social, people actually line up to try it. But if you don’t, you kind of wind up the only glasshole in the room.

So we’re really excited to get Vera for Mail into our customers’ hands and also with the broader world. We’ve launched it in private beta. If you’re interested, we would love to share it with you, and have your organization sign up for it. And you can get a sneak peek at that at vera.com. Thanks, Help Net! This has been a really good conversation.

RSA Conference 2017

Don't miss