TCB — Total Cost of a Breach — Trumps TCO: How to Minimize it via Automation

Steve Kaplan
4 min readApr 18, 2022

--

My first channel partner biz focused on Citrix and was named the Citrix Partner of the Year. My second focused on VMware where we won a similar award. Next was joining Nutanix when it was still a very small company. Many people have asked me, “How do you know which technology to bet on?” My response is, “I follow the money.”

What I mean by that is certainly not VC funding, but rather customer savings. In the Foreword to my most recent book, The ROI Story: A Guide for IT Leaders, long-time Citrix CEO, Mark Templeton, wrote, “A passion for innovation, however, makes it easy to forget that potential customers who do not eat, drink, and sleep the technology daily may not immediately grasp its full potential…a comprehensive ROI framework quantifies the advantages of doing something new.”

AI-Enabled Data Privacy Automation

ROI is a primary driver behind the current rush to automate, and McKinsey says automation is the number one technology trend that will shape the next decade. When former Nutanix colleagues, PD and Himanshu, first told me what they were up to, I was immediately intrigued as I had never even thought about using AI to automate data privacy. But while I certainly respected Himanshu and PD’s accomplishments at Nutanix, and loved their concept, I wasn’t versed enough in security to judge whether LightBeam had the technical chops to change an industry. I introduced the founders to one of the smartest C-level people I know in IT, Ken Kerrick, who was CISO at a university at the time. Ken remarked:

“For our university, we handle a lot of privacy-related regulations (GDPR, HIPAA, CCPA, etc.). Because of our legacy systems (i.e., ERP), we don’t have a lot of opportunity to manage how data flows back into the organization from SaaS apps such as Dropbox, SharePoint, Salesforce, Office 365, etc. LightBeam provides us with a dashboard to give us this information in a way that no other product does.

In Higher Education, many institutions run in a decentralized manner with certain core enterprise services managed by IT, and many other shadow IT environments managed by the departments (e.g., Schools of Pharmacy, Law, Dental, etc.) LightBeam can provide IT, InfoSec, Privacy, Legal, HR, Risk, and Compliance teams a single tool enabling centralized services in a decentralized environment. In my mind, the LightBeam solution not only provides a single pane of glass approach to mapping and tracking privacy/regulated data, but it also assists with bridging the gap for the groups responsible for the administrative and security safeguards for that data.”

Ken’s enthusiasm for LightBeam was hardly unique. The second long-time client I introduced to LightBeam, a mid-market CIO, also loved the idea and even told his Bay Area colleagues about it prior to their POC. Similarly, channel partners who I respect immediately saw the value in the solution and are preparing to introduce it to their customers.

The ROI of Data Privacy

It’s not always easy to put a cost on data privacy. Okta, for example, saw its market cap fall by $6 billion the week its breach was made public. And the $500,000 fine the FTC imposed on CafePress for covering up its breach pales in comparison to its reputational hit.

Ransomware is another area where the fine an organization pays to get its data back is only the start of the true costs. PD, for example, talks about a customer he formerly worked with that spent 48 hours straight trying to recover data from encrypted containers AFTER they paid the ransom. Then there’s all the cost and reputational damage resulting from notifying every customer that their sensitive data might have been compromised.

And ransomware attacks have evolved where the hackers often threaten to publish privacy information. Since the vast majority of organizations do not even know what their exposure is, this is a particularly insidious threat. LightBeam, on the other hand, lets customers know if their sensitive data is exposed at unwarranted locations BEFORE it becomes a problem. This proactive approach helps organizations avoid the problem in the first place. In the unfortunate case where a company’s or its partners’ data got breached, LightBeam can help identify what sensitive data might have been exposed, letting them make a business decision about whether the threat of data publication has cause for concern.

Autonomous Privacy and Data Protection

LightBeam utilizes its powerful AI engine to immediately reduce both risk and cost. It fosters autonomous privacy management tying together discovery, cataloging, access controls, and data loss prevention (DLP). One of the platform’s key innovations is LightBeam’s ability to detect fragments of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data and help privacy and security teams understand the identities (customers/patients/partners) to whom such data belongs, enabling them to automate security of all sensitive data proactively.

LightBeam consolidates the compliance processes required at each stage of a business, discovering and identifying ownership of sensitive data, automating previously manual processes, and enforcing regulations to remain compliant across a myriad of regulations.

In addition to slashing the risk of PII/PHI exposure, this platform automates manual and time-consuming mundane tasks. It can also eliminate the requirement to purchase a myriad of other privacy-enabling products.

LightBeam is aptly named as it shines a spotlight on an organization’s data — wherever it exists in the cloud. I am proud to be an advisor of the company, and am happy to assist customers with quantifying the value LightBeam brings. I believe the day is coming where “LightBeam Certified” will be a badge of honor that organizations display on their websites.

--

--

Steve Kaplan

Lucky career — went all-in on 3 small start-ups: Citrix, VMW, NTNX. Co-author of 5 books. Upcoming new solo book, The ROI Story. LinkedIn: http://goo.gl/EVzUw