Why Organizations Need Privacy by Design | In Conversation with Kalyan Chakravarthy & PD

Hello everyone.
This is Pete Prasad, co-founder
and chief product Officer at lightman ai,
and today we have the pleasure of talking to Kian Chakeri
kc, uh, for those of us who know him well.
Uh, he is the CIO at the regional municipality
of Durham region, uh, in Canada.
And he has kindly agreed, um, to share some
of his perspective and thoughts
with us on what's next in the IT landscape
and particularly in the area of security and privacy.
Casey, a very warm welcome to you. Thank
You. Thank you, fidi. So
Casey, I know that you,
you just returned from the big Gartner conference, uh,
in Florida, and you probably, uh, got an opportunity
to a hear from the analyst team, but also from your peers.
You probably also met a number of vendors over there.
If we could start with, uh, what are you seeing as the next
emerging, uh, trends in the IT landscape?
That would be great. Yeah.
Always when I go to such kind of a conference,
it is like drinking from a fire hose, right?
Like there is so much of information
and like it is varied set of things like
what is happening in the world from the technology
perspective, what's happening in business.
But like what I took, like if I have to just summarize
for myself and like come back, I think there are key things
that came to me is every business strategy,
like I think majority of the c CEOs
and like, uh, business leaders, their
strategy component has a digital in that.
So there is no longer a digital is a separate strategy,
but like almost in everything there is digital
that is playing a part.
The second most important thing, which I found it very,
very interesting is
after the post pandemic,
the culture is no longer in the organization, the offices
that is there, but the culture
that you're developing will be on the
digital side of the things.
So how do you get that digital engagement,
that cultural engagement, that like those kind
of nuances with your employees?
I think that is a big, big second thing
that like, that I took.
And the third, like a, uh, which is very interesting,
which I always believe in
and like I am more passionate about,
is about the augmented reality,
bringing off augmented reality into, uh,
the day-to-day life.
Like where, um, when I was listening to the, uh, c uh,
the global CEO of Accenture, uh,
and she talking about like if she has
to put in a bet on which technology she picked meta as like
that is where like it would be there in
that like Metaverse would be the one.
And like when I look at it like,
because it is a combination of everything.
It is, we talked about, uh, data analytics,
we talked about big data
and the power, we talked about cloud computing,
we talk about ai, we take ar, we are everything
but like met, like the metaverse, like combines everything.
And like how can you really use that
for a customer experience as well as an employee experience
and customer engagement, employee engagement.
So the, the world is going to change
and the post pandemic, like I think we all need
to really look at how's that engagement becomes that part
and like how we can use technology.
So those are my top three.
If I have to take from, uh, four days of nonstop
of listening to things and like getting,
and like some things sometimes they don't stick,
some, some do stick.
So if I missed anything, big ones, it's not that,
like I'm saying these are the only three.
This is what I, I took it
From it. Wonderful. No,
that's a great summary.
It's a digital culture and augmented reality.
Uh, everyone could almost say it's like culture is getting
digitized in some sales no longer in the offices,
but it's actually moving to a dig digital world
where employees are, uh, supposed to be getting engaged
and they're engaging with their customers and,
and so on over, uh, digitally in some sense.
Very interesting. Now as we become,
as the world becomes more and more digital
and we all move towards the metaverse, one of the concerns
that we hear probably often now is around privacy
and security, uh, which is sensitive data gets everywhere
and who sensitive data it is
and who are we sharing that with?
How are we handling that sensitive data?
If I were to ask you from a mid to long term perspective,
about a year from now to three years from now,
what are the key challenges you see emerging,
particularly in the area of privacy and security?
I think there are no new challenges that are coming in.
The challenges are the same,
but like how we tackle it might be a bit different,
and like the pace with which we need
to tackle becomes a very important one.
The first being, uh, when I talk about privacy
and security is about awareness.
The awareness of privacy
and security amongst the employee base
that you have the organization wide,
because the digital dexterity of like majority
of the organizations, it's a spectrum, right?
Like you have, there are people like it's that bell curve,
like, like in any of the sampling, right?
Like it is the bell curve where there are a lot
of people who fall into that.
Like they understand the things,
but like, how are you dealing with this, this side
of the outliers and how are you making sure
that you are moving them onto it?
So awareness becomes a, a big, big part.
That's the first part of it.
That's where like I take it back to that engagement part
because if you engage them, you can teach them,
you can make them self aware
and you can tell them what needs to be done.
Uh, the second part of it is like I think, uh, majority,
many people say this
and like I, uh, I think I, I'm repeating, uh,
but it is about privacy by design and security by design.
It is, you are not, it, it cannot be an afterthought.
It cannot be because it becomes
so complex the moment you built it.
Like you cannot retrofit these two things into it.
So if you are doing anything, like just, I think it's better
to really think about what is that data that I have
and then like how am I securing it
and how am I making sure that like it is being accessible
by the people who are only allowed to be accessible.
Then, uh, the third, like
where the next one from a privacy perspective is about, uh,
your knowing what you have, it, it,
it is about like your asset management.
And when I say asset management, uh,
when you look at asset management,
you typically think about your hardware,
your all this kind of a thing.
But like this is about data is also your asset.
So you need to have what is the data that you have
and what kind of data, who owns it?
So that governance perspective, I think having
strong governance fundamentals becomes
a very important thing.
And like if organizations have not invested on it,
I think this is high time you invest on it
because if you don't have the governance,
you can't be handling privacy
and security in a piecemeal way
because this is an enterprise wide,
this is an application agnostic, infrastructure agnostic.
It is an application, like it's an enterprise wide thing.
So that's where you need to have that governance structure.
So get that one in that structure will decide
and define what your security strategy
and your privacy strategy will be.
Got you. Got you. So privacy
and security by design, not done in a piecemeal way,
but having an enterprise wide approach through privacy
and data security as, uh,
IT leaders start looking into the emerging trends within it,
uh, which includes things like metaverse
and a digital culture that's, that's emerging
and emanating essentially now we at lightbeam, we are
grateful and lucky to count the region as, uh,
our one of our customers.
I must ask you at this point in time, uh,
because obviously you as, uh, the IT leader
and your team would be looking at so many solutions,
you are always bombarded with one
or the other solution every day, almost, I must say.
What stood out for you when you were assessing lightbeam
as a platform to handle your data security
and data privacy, uh, privacy compliance needs?
Yeah, so I don't want to put in the sales pitch of yours
by me, but like I will definitely say what attracted me
to this particular product is I think the biggest thing was
the ability of this particular tool
to understand the sensitive data across all formats.
Because like we have seen like majority
of the solutions looking at in a standard,
either it is in a, um, in, in a text
or like any other thing,
but like this one cuts across all the formats
and like it it's integratability
with like the existing applications as well.
Like to really able to read that is what like first thing
that stood out for me.
And then, uh, when we were talking even about like data,
like it, it is not only did not look at data internally when
we are transferring, but like when we are sharing data
with our external stakeholders where like it is necessary
because we are in a municipal government.
Like we work with different agencies
with different stakeholders.
So, uh, a tool that has an understanding of like how, what,
like what, so that like external stake, that flexibility is
what like is the second one.
And third, like I can feel that like once I have this,
we have got our compliance, uh, regime automated, like,
so where I'm not spending, I'm not like really having to go
through and say, Hey, is it, is it really, are we complying
to these many, what these are all the five steps?
But like once you configure it, you configure it,
you forget it once in a while, you do the QC part of it
to make sure that like everything is running right.
But like that takes away really a lot of, like,
that gives me back a lot of time that my team used to put on
to making sure that there is a compliance.
So it's, for me, it's like, for the lack of better word,
this is like a compliance as a service for me
where like it takes care of the, uh,
takes care of the stuff.
So that would be my top three.
Like I don't want to go into the technicalities of it,
but like from a business usage perspective,
these are the things that like I thought that, uh,
really attracted me towards this particular tool.
Well, we really appreciate that feedback, uh, Casey,
and it's very, uh, encouraging, uh, for us to hear how you
and your team, uh, are able to see value
and derive value, uh, first of all, uh, using our platform.
Uh, very, very, very much appreciate that.
Obviously as other organizations, state
and local agencies, enterprise, uh, organizations, uh,
federal agencies, as they start looking,
I suppose they probably are looking at this problem already.
Uh, what would your guidance be for them as they start,
you know, bringing, putting together their one year,
three year or five year plans for, uh,
digital transformation with respect to it?
And as they start looking at security and data privacy and,
and compliance, uh, much closer way in some sense.
Uh, so that I, I, I think I go back to the, uh,
basic thing that, like I said like a few minutes ago,
it is about having a governance framework.
I think you need to have a solid foundational governance
framework where like once you have the framework,
you identify that tasks that like you want to do
and like what is your mandate from like,
because each, like, whether it is a,
if you're a local government,
like in in Ontario you have some c particular set of things
that you need to be compliant about.
If you're in a Quebec, there is something else.
So it depends upon what kind of organization
and what kind of data that it is there
and what are the laws like m hipaa, p hipaa,
like all these kind of things that are there.
So make sure that like you have all the list
of your compliances that you need to meet
and your data inventory that you have, like
what is your data assets
and like what is the key information like,
because not every data is as um, uh, precious
as like the other one, right?
Like, so identify those things, see where you need
to start first and like once you are starting there, see
how can you automate it?
Because like the biggest challenge
that we get into is like we have so many things to do
with less number of resources.
So that is where like whether you call it
as a security operation centers, that's where the so came,
and same way like maybe like you find this for, uh,
privacy ones, like where like we,
maybe you might have parks like a privacy operation center,
like where like what happens?
Like, because not everything is like, is
as important as it is there.
So setting those priorities,
setting you are dividing your data also into, uh,
different priorities
and making sure that like you are automating majority
of them is what like my direction would
Be. Wonderful. Well,
we are definitely going
to borrow the privacy operation center concept from you.
Uh, I, I learn every day, every time I talk to you,
there's something new that comes up
and I think this pop concept is, you know, really, really,
really useful for us.
So we are definitely going to borrow that from you.
Great advice to the fellow CIOs.
Uh, start thinking from a data governance, if I were
to just paraphrase, um, what you stated,
start think from a data governance standpoint.
Start thinking from an automation standpoint, yes,
there will be many rules and regulations.
Uh, there are current ones, there'll be emerging ones.
Um, you know, if you start from a data governance framework
is what you're saying, and with automation built in place,
then no matter what the current regulations are
or the feature ones are, you'll be,
you'll be starting at a fair, very good spot.
Great advice. I must ask I guess from my team, any piece
of advice and guidance, uh, from yourself
for lightbeam itself, for our team? Uh,
I think what I like, like when, when the team, like any
of the solution providers who come to me
and say like if they ask me for advice,
said you should be the experts in your industry.
And that's small domain, like,
because we like from where I sit, like the roles like
where we are and what it does like is we have the
breadth of the information.
Like we look at it from a start to end from this way.
Like you come in with these niche nice solutions which
really solve a business problem.
And like, so you need to have that depth into it
and the depth that like you are voting into it is the
privacy part of it.
Like, and once again come, uh, coming back
to on the compliance side of the things work, uh,
depending upon the region that you are, um, working
and like when I say region, like not the municipal region
but like the geographical region, right?
The compliance changes. Like I think every,
like a Canadian privacy law is different than a US will be
different than a uk and like even on top
of the Canadian municipal there might be some
local area regulations.
So I think when talking to the leaders, yeah, I would love
for the team to bring in that localized concept
to really have it
and say these are the eight things that you need to,
you should be compliant about
and this is how our product make sure
that like you are compliant to this eight or nine things.
Rather than say we are like we do it with us, we work
with uh, UK GDPR.
That's the be like all those kind of things.
If you just contextualize it and bring it to it
and say this is what you need to do
and this is how we deliver it, I think
that would be really, really helpful.
Very well put. This is another, uh, like I said,
every time we talk to you, we learn.
So this is another one of those.
So basically think global
but act local, making super contextual,
contextualized talk about what in that country, in
that region would be of use.
Not, you know, not only just the overall international, uh,
regulations and so on.
Uh, very useful Casey, uh, we will work on them
and, uh, contextualize, uh, as we go
and, uh, talk to our other partners and customers.
Thank you so much for spending a few minutes with us today
and sharing your perspective into
how the IT landscape is changing.
How does that impact privacy and security, um, worlds
and how one could go about looking at different
solutions that are there in the market.
Uh, we really appreciate your feedback.
Thank you so much again, and
Thank you for having me.
It's, uh, great to share my views.
Like, not that like many people subscribe to it,
but like I think I wanted to express
what I thought like would, would go into it,
but so thank you for giving me this time.
Absolutely. Thank you. It's a pleasure.