With data volumes and velocity multiplying, how do you choose the right data security solution?
There is no doubt that the COVID-19 pandemic has caused radical changes in our personal and working lives. The sudden and massive surge of employees working from home and the anticipated long-term popularity of the option is also forcing CIOs and CISOs to gauge – to the best of their abilities – how the balance of remote and in-person operations will look in the coming months and years.
“Have we adequately set up out cloud-based infrastructure to allow employees to operate just as well remotely as they could and can in person? And how can we make it easy for them to switch between remote and in-person operations while maintaining a high level of security?” they are asking themselves.
Among the many pieces that need to brought together to solve that puzzle is data security. Then again, finding a data security solution that will fit an organization’s needs – current and future – has always been a challenge.
Choosing the right data security solution
Jean Le Bouthillier, CEO of Canadian data security startup Qohash, says that organizations have had many issues with solutions that generate large volumes of (often) not relevant and not actionable data.
“My first piece of advice for organizations looking for the right data security solutions would be to consider whether they provide valuable metrics and information for reducing enterprise data risks. It sounds obvious, but you’d be surprised at the irrelevance and noisiness of some leading solutions — a problem that is becoming a nightmare with data volumes and velocity multiplying,” he told Help Net Security.
They should also analyze the pricing model of solutions and ensure that they are not presenting an unwelcome dilemma.
“If the pricing model for protecting your data is volume-adjusted, it will mean that over time, as data volumes increase, you’ll be tempted to reduce the scope of your protection to avoid cost overruns,” he noted. Such a situation should ideally be avoided.
Another important point: consider returning to basics and ensuring that you have a solid data classification policy and the means to automate it.
“Data classification is the fundamental root of any data security governance because it provides clarity and authority to support standards and other programs like user awareness efforts. In the context of data governance, data visibility and, ultimately, data-centric controls can’t work without data classification,” he explained.
“Think back on the millions of dollars spent on artificial intelligence projects that didn’t result in operational capabilities because little attention was paid to data quality, and accept that data protection projects – like any other ambitious project – can’t succeed without rock-solid foundations.”
From helicopter pilot to data security startup founder
Le Bouthillier, whose academic and professional background includes a master’s degree in Computer Science from the Royal Military College of Canada, a 4-year stint as a tactical helicopter pilot in the Royal Canadian Air Force, and two years in a technology leadership role with the Canadian Special Operations Forces Command, finished his time with the Royal Canadian Air Force as Director of the Flight Deck, the RCAF’s corporate innovation lab in Communitech, Waterloo, Ontario.
“In 2016, there were significant investments in machine learning, and it seemed evident that this would result in greater data-dependency for firms and a considerable need for modern controls to protect data confidently across vast hybrid infrastructures. I knew that data security was underrated at the time, and I was eager to leverage my experience to deliver better capabilities to enterprises scrambling to protect their assets,” he shared.
So he decided to complete an Executive MBA at the University of Ottawa, leave active duty in early 2018, and focus on developing new and better ways to protect sensitive enterprise data by starting Qohash.
Operating a software development company in Québec
The company operates between Québec City and Waterloo in Ontario, to leverage both cities’ talents fully, and they also have an office in Montreal, where their focus is on machine learning.
The main challenges they had to grapple with since the company’s inception were in relation to scaling the company as rapidly as possible, starting from a blank slate.
“It can be a lengthy process to put all of the necessary foundations in place, particularly when delivering enterprise-grade cybersecurity solutions. We’ve had to move as fast as we can while laying solid controls for security (i.e., SOC 2 Type 2). A good startup also needs to be continually growing, so we have had to decide where to focus our limited resources to achieve maximal growth,” he noted.
Securing a competent workforce was, apparently, less of a problem.
“Quebec has leading experts, universities and research centers in artificial intelligence and big data (IVADO, MILA, CRDM_UL). The region is an excellent and underrated location for starting any software development company because the talent is formidable and affordable,” he explained.
Event though leading firms such as Google, Microsoft, LogMeIn, Autodesk have chosen to open facilities in Quebec, Le Bouthillier posits that the fact that French is the primary language has prevented many other firms from tapping into Quebec’s talent pool – though not Qohash.
“Since we now operate between Quebec and Waterloo, our company operates entirely bilingually, bringing tremendous diversity as a catalyst for innovation. That being said, from a hiring perspective, we saw a dramatic increase in demand for cybersecurity know-how across the board. Therefore, we have to be aggressive when hiring the very best minds.”
On the other hand, the shift to remote work has made it easier to attract talent worldwide, and they are working hard to refine their processes and technologies to be as effective as possible in this new environment.
“I can easily envision a future where Qohash operates 24 hours a day with operations in multiple locations and timezones,” he added.
Their immediate plans are ambitious all-around: a consolidation of their market position with two offerings responding to the demands of both large enterprises and small and mid-sized businesses (SMBs), a push to make their solutions available to the US market, and the acceleration of their product development.
“Companies that have worked with us have been amazed by our velocity and technical capabilities. I am proud to say that most recommendations we receive from customers can be rapidly reviewed and incorporated into our solutions. Nevertheless, we are accelerating our development to provide customers precisely what they need to address the complex challenges they have,” he concluded.