Episode 6: Data Beyond Borders: The Schrems II Aftermath
Are the current rules and regulations for securing information and maintaining privacy fit for purpose when you think about the future? Do you think work and lifestyle changes brought about by Covid-19 will have a regulatory impact that we need to plan for?
Neira discusses these questions with Enza Iannopollo, Senior Analyst at Forrester and Thales’ own Mukesh Chandak, Business Development Director.
Neira advises organisations of all sizes on payments, fintech, regtech, cybercrime, information security, regulations (e.g. PSD2, GDPR, AML) & digital innovation. With more than 20 years in financial services & technology, she believes in change through innovation & partnerships and always strives to demystify the hype surrounding current issues. She enjoys her work as a strategic board advisor and non-executive director. She also provides coaching, training/e-learning, speaking, payment security expert witness services, and helps with M&As cybersecurity due diligence. She likes engaging on social media & regularly addresses global audiences in person or virtually.
She is the 1st Advisory Committee member for PCI-Pal, a global leader in secure payments & chairs the Advisory Board for mobile innovator Ensygnia. She is proud to be an Ambassador for the Emerging Payments Association and a friend of the Global Cyber Alliance. You'll find her on the Refinitiv list of Top 100 Influencers in Financial Services, the Planet Compliance Top 50 RegTech Influencers, the SC Magazine list of the UK's 50 Most Influential Women in Cyber-Security 2019, the Cybersecurity Ventures Women Know Cyber 2019 (100 Fascinating Women Fighting Cybercrime), the Jax Finance Top 20 Social Influencers in Fintech 2017, the City AM Powerful Women in the City List, the Richtopia Top 100 Most Influential People in Fintech. Tripwire nominated her "Top Influencer in Security To Follow on Twitter" in January 2015, CEOWorld Magazine nominated her Top Chief Security Officer to Follow on Twitter in April 2014, she is the Merchant Payments Ecosystem Acquiring Personality of the Year 2013, the SC Magazine Information Security Person of the Year 2012 and is an InfoSecurity Europe Hall of Fame alumni. She was voted to the Top 10 Most Influential People in Information Security by SC Magazine & ISC2 in 2010 & has served on the PCI SSC Board of Advisors for 4 years. She is a British Computer Society Fellow.
Neira has previously worked for Barclaycard, Santander, Abbey National, Oracle Corp. and Unisys. Her clients span industry sectors, including financial services, fintech, retail, legal, consulting, information security & technology.
She loves technology and cars...
Our Guest Speakers
With almost a decade of experience in the fields of privacy and business technology, Enza contributes to shape and evolve Forrester's point of view on Privacy & Risk. She have developed thought leadership and produced research on compliance with data protection rules, privacy as a competitive differentiator, ethics, and risk management. Working closely with clients, she helps them embed privacy and ethics in their strategic initiatives, through approaches that deliver business growth, while protecting customers' and employees' trust and their brand reputation.
Mukesh is Director of Business Development at Thales Cloud Protection and Licensing Business unit. In his current role he is responsible for driving business through strategic partnership with SaaS and other cloud solution providers. Mukesh brings 20 years of experience working in digital security industry encompassing various roles and responsibilities. Mukesh is tech savvy and has a great knack for deriving business application from technology. Mukesh has been fortunate to work in different market segment such as telecommunication, mobile payment, Automotive, IoT. He is now in cybersecurity business for last 3 years focusing on helping partners with data protection and security. Mukesh earned his Bachelor’s degree from IIT Bombay, India with major in Computer Science.
About this Episode
On July 16, 2020 the Court of Justice of the European Union issued the Schrems II decision in the case Data Protection Commission v. Facebook Ireland. That decision invalidates the European Commission’s adequacy decision for the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules.
The decision also impacts other personal data transfers from Europe to the U.S. The decision requires companies and regulators to conduct case-by-case analyses to determine whether foreign protections concerning government access to data transferred meet EU standards.
In the aftermath of the Schrems II decision, Neira Jones asked me to join Enza Iannopollo, senior analyst at Forrester, for the sixth episode of the Thales Security Sessions podcast to discuss data transfers in the post-Schrems II and post-Brexit era. The objective of the podcast was to examine how the current rules and regulations for securing information and maintaining privacy will impact our future. In addition, we tried to investigate whether the work and lifestyle changes brought about by COVID-19 will have a regulatory impact that organizations need to plan for.
The truth is that the Schrems II decision will have a great impact not only in the U.S. but also across the world. The termination of the data transfer from EU to other countries could literally mean a partial or complete shutdown of that business or maybe the whole company. However, the level of the impact depends on the geography and the vertical of each organization and the strategic privacy planning they have done for sustaining compliance with GDPR.
On the other hand, the work from home initiatives because of the pandemic have grown the businesses’ appetite to adopt public cloud infrastructures. This increased reliance coupled with the EU – UK post-Brexit agreement and the EDPS guidance for business to perform a risk assessment before transferring data, creates a new environment. Businesses may have to supplement contractual clauses and legal remedies with technical controls to ensure that data transfers are transparent, safe and lawful. These safeguards should cater to both direct data transfers and transfers performed by a third-party.
It is therefore important to use solutions that identify and classify all data owned by an organization, as not all data are created equal and some categories warrant heightened protection. Data classification will help reduce the level of complexity for protecting data either at rest or in transit. Data protection is a market differentiator, because consumers care about their data and how it is being handled by companies… and they are taking action to protect it.
In addition, data protection, security-by-design, transparency, accountability, and responsible development policies and practices should be at the heart of deploying emerging technologies to reduce their impact in marginalization and discrimination of social groups.
If you would like to delve into how recent developments affect data beyond borders, listen to our Security Session podcast, Episode 6: Data Beyond Borders: The Schrems II Aftermath.
Security Sessions Podcast
For the latest on cloud & data security
This podcast series explores the technologies, people, and processes behind information security. We’ll delve into topics like data security, remote access and digital transformation, as well as the people and technology that make it all work behind the scenes. We’ll speak to Thales and industry experts to bring you fresh perspectives on how to navigate the world of cloud security.
We invite you to subscribe to Security Sessions, a podcast bringing you insights from industry experts on the latest cloud & data security news and trends.
Listen to Previous Podcasts
Series 3 Podcasts
Episode 1: The Rise of the Sovereign Cloud
An increasing number of countries are adopting laws and regulations designed to protect the privacy of citizens by defining how data can be securely collected, stored, and used. As a result, many businesses and organizations are evaluating how to comply with the changing geo-political landscape, including the increased concern about the sovereignty of data, workloads and infrastructure in the cloud. This rise of “digital sovereignty” is the result of governments becoming concerned about their dependence (and the dependence of national businesses) on foreign cloud infrastructure providers.
In this episode, host Steve Prentice is joined by Nelly Porter, Head of Product, Google Cloud Confidential Computing, and Todd Moore, Vice President of Encryption Products at Thales, to discuss the forces driving Digital Sovereignty, and to discuss how Data Sovereignty, Operational Sovereignty and Software Sovereignty are the key foundational elements for building security frameworks that can achieve Digital Sovereignty.
Episode 2: The Eternal Sunshine of the Criminal Mind
When you are a hammer, everything looks like a nail. Cybercriminals continue to succeed in discovering flaws and weaknesses in every connected technology. From zero days to SQL injection, what most people see as technology designed to perform a specific task, they see as a door, a window, or even a simple crack through which they can gain access.
On this episode, host Steve Prentice talks with Amanda Widdowson, Head of Human Factors Capability at Thales UK, and Freaky Clown, the co-CEO and Co-Founder, Head of Ethical Hacking at Cygenta about what makes the criminal mind so good at thinking outside the box, and more importantly, how we can develop those skills inside security professionals, senior managers, and everyday people.
Episode 3: The Vendor of My Vendor: The Importance of Finding the Right Relationships for Cloud
Cloud continues to evolve, but so too do the human organizations that depend on it. Companies expand into new territories, they buy other companies, or get bought, and the vendors with whom they drew up contracts also change, evolve, and farm out work. It’s a landscape of shifting sands where you can never be quite sure of who you’re really dealing with. Host Steve Prentice invites Sean Heide from Cloud Security Alliance and Chris Holland, VP Cloud Services Thales, to weigh in.
Episode 4: The Quantum Computing Cryptopocalypse
Is there such a thing as a quantum computing cryptopocalypse? Will we see the end of current security practices within the next few years, and what does this mean for the data that organizations would like to keep safe for longer than that? Nemertes CEO Johna Till Johnson and Bob Burns, Chief Product Security Officer at Thales, join host Steve Prentice to explain it all, and – of course – what you should do about it.
Episode 5: Diversity, Equity and Inclusion
The concepts behind Diversity, Equity and Inclusion (DEI) have been practiced by some organizations in the past, but in this new era where the border lines between work and life are becoming increasingly blurred, and where technologies are helping people contribute in ways never seen before, it’s a good time to reassess what DEI is and how central it is to an organization. Dwan Jones of ISC2 brings her wisdom, some actionable tips, and a great role model organization to follow.
Episode 6: A Thousand Things About Yourself
A discussion about what people and organizations don’t know – and should know about data brokers, with Justin Sherman of Global Cyber Strategies. The data about ourselves is willingly submitted to organizations every time we make a purchase, open an account, or simply move around, online and in-person. Where does it go? Who owns it? What do they do with it? Steve Prentice talks with Justin Sherman, who thinks we should be more proactive about understanding the roles data brokers play in our lives and our futures.
Episode 7: Self-Sovereign Identities - Whose Life is it Anyway?
The practice of using different passwords for the hundreds or thousands of online locations we visit has grown quite out of control and long ago fell short of being a practical or secure process. In this episode, we discuss the practicality of Self-Sovereign Identities, in which a person’s individual, identifiable self is based on attributes and behaviours rather than centrally stored data. Is this the future of secure identity online? And if so, who gets to run it?
Episode 8: The Predictions Episode 2024
Thoughts and observations on the new year from some of last year’s podcast guests. We had a great year talking with experts on a range of security topics, so who better to turn to for prognostications for the new year? Join our host Steve Prentice for a collection of predictions from some of our guests.
Series 2 Podcasts
Episode 1: The 2021 Thales Access Management Index
The shift to remote working and the acceleration of cloud-based services have put a strain on identity and access management infrastructure. As remote access becomes the norm rather than the exception, many organisations need to evolve their security approaches in a world where there is no longer a defined perimeter, according to the 2021 Thales Access Management Index.
In this first Thales Security Sessions episode of series 2, François Lasnier, VP Authentication and Access Management Products at Thales, joins regular host, Neira Jones, to talk through the key findings of the report. They will discuss how COVID has introduced new security concerns around remote working, and explore some of the key challenges of trusted access in a cloud-first world.
Episode 2: Evolution of Cloud Security: From Shared Responsibility to Shared Fate
The rapid adoption of digital technologies and remote or hybrid working is now an accepted part of society. The pandemic forced companies to adapt swiftly and many have turned to the cloud to help their digital acceleration. According to McKinsey cloud adoption has been accelerated by three years compared to pre-pandemic adoption rates. Gartner is also estimating that spending on public cloud services will exceed $480 billion next year.
Bonus Episode: Optimizing Data Process with a Security Management Platform
Mapping data flow is a fundamental part of the enterprise data process. There's no way an organization can understand their data cycle without knowing where their data is located. Despite this, findings from the 2021 Data Threat Report by Thales reveals that only 24% of companies have complete knowledge of where their data is stored. With such strong ties between the two data operations, the numbers just aren't adding up - why?
Episode 3: The 2021 Thales Cloud Security Study
The COVID-19 pandemic has accelerated what has been a long-term broad adoption of cloud environments, including multicloud and hybrid deployments. Organizations need to extend and adapt their capabilities to take more control of their security efficiently and effectively in these new, dispersed environments, according to the 2021 Thales Cloud Security Study. The study is comprised of analysis from 451 Research, part of S&P Global Market Intelligence, and based on a survey commissioned by Thales of more than 2,600 security professionals worldwide. In this episode, Sol Cates, Principal Technologist at Thales, and regular host Neira Jones break down some of the key findings and statistics in the report.
Episode 4: The Future of Payments
The payments ecosystem has evolved tremendously over the past few years, raising the question: where will digital payment technologies take us in the future, and how does this affect retailers and financial services organizations? In this episode, Neira Jones is joined by Scott Abrahams, Senior Vice President Business Development & FinTech, United Kingdom and Ireland, International Markets at Mastercard and Simon Keates, Head of Strategy and Payment Security at Thales to discuss the major challenges retailers and other financial services organizations are facing.
Episode 5: Trends & Predictions for 2022 – More of the Same?
For two years now, organizations have been trying to adapt to pandemic driven change. So what can we expect to see in 2022 and how have the many aspects of this change impacted the security landscape? For this episode, Neira Jones is joined by Ashvin Kamaraju, CTO and Vice President Engineering at Thales Cloud Protection & Licensing and Andy Green, CISO at Gemserv.
Episode 6: Digital Identities and Digital Security - Is the Future of Digital Identity Safe?
As we continue to live our lives remotely, never has the importance of being able to distinguish between genuine and fraudulent interactions been more felt. Digital identities, how we create them and how we protect them is at the epicenter of this change. In this episode, Asaf Lerner, Director, Product Management at Thales Cloud Protection & Licensing and Uri Rivner, Founder & CEO, at Regutize join our host Neira Jones to answer the question – are our digital identities really safe?
Bonus Episode: The Rise of the Sovereign Cloud
There are now more than 1,800 data compliance laws companies must comply with on a global scale. This surge in regulation is creating a shift towards the containment and localization of data and we will continue to see this more and more in the years to come. The public will become increasingly aware of these challenges too, with individual data sovereignty on the horizon. This will allow individuals to control where their data is and how it is used, strengthening the correlation between identity and data protection. In this bonus podcast episode, Rob Elliss, Vice President of Sales, EMEA at Thales Cloud Security joins Neil Hughes to discuss the rise of the sovereign cloud. They discuss how data sovereignty is not just about localization; it is ensuring that nation-states can store their data in their own country and control access to it.
Episode 7: The Convergence of IT/OT
In today’s world, highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are becoming blurred. Attacking OT systems presents a major threat not only to business disruption, but also to national economy and security. So how can we strengthen the security posture of critical infrastructure? Joining our regular host, Neira Jones, for this episode are François Lasnier, VP Authentication and Access Management Products at Thales and Sid Shaffer, VP and Chief Delivery Officer at ITEGRITI.
Episode 8: Ransomware – To Pay, or Not to Pay?
Over the past few years, there has been an increasing number of ransomware attacks, often targeted towards critical infrastructure with the potential to create a national emergency. The extent and impact of these attacks has turned ransomware into a global problem, affecting both public and private organizations. In this episode we explore the typical style of ransomware attacks, look at who is carrying them out, and discuss some best practice protective strategies. Joining our regular host, Neira Jones, for this episode are Paul Chichester, Director of Operations of the UK National Cyber Security Centre, and Bob Burns, Chief Product Security Officer at Thales.
Episode 9: The Rise of Cyber Insurance
As more businesses are becoming more digital, the number and type of cyber risks they are exposed to increases. As it becomes more a matter of when and not if an attack occurs, cyber insurance becomes crucial for ensuring business continuity and mitigating the business impact of attacks. In this episode, we discuss what we mean by cyber insurance, and why we are seeing more companies take out policies. We will also look at what types of threats are covered and how cyber insurance jurisdiction works across different regions. The experts joining Neira Jones for this episode are Danna Bethlehem, Product Marketing Director at Thales and Anthony Dagostino, CEO and Co-Founder, Converge.
Episode 10: Can a federal data privacy bill save the day?
The rapid adoption of emerging technologies, the shift to hybrid working and the move to the cloud is greatly increasing efficiency while adding dynamic cybersecurity challenges for organizations. In the Americas, the introduction of various new legislations and regulations has added another layer of complexity for businesses trying to manage the cybersecurity landscape. For this episode, Kevin Williams, VP Americas Sales at Thales Cloud Protection and Licensing and Michael Bahar, Partner and Co-Lead of Global Cybersecurity and Data Privacy at Eversheds Sutherland, join Neira Jones to discuss the current cybersecurity, privacy and regulatory landscape in the Americas.
Episode 11: Exploring Consumer Trust in a Digital World
Our insatiable appetite for digital services has no sign of slowing down. But as we consume more and our digital footprints grows, we are presented with a mounting challenge – cyber security. In fact, today data breaches are so endemic that it could be argued that consumers are becoming numb to the effects – they change their passwords, get a few reassuring emails from the company and more often than not nothing comes of it. Of course, businesses will feel the impact, and perhaps after repeated breaches consumers might start getting worried, but is the idea that a large data breach could seal an organizations fate too far fetched? Joining Neira Jones to discuss the Thales Consumer Trust Index in this episode are Philippe Vallée, Executive Vice-President, Digital Identity and Security at Thales and Professor Carsten Maple, Professor of Cyber Systems Engineering and Director for Cyber Security Research, at the University of Warwick.
Episode 12: The Human Element of Cybersecurity
Over the past few years, the definition of the Chief Information Security Officer (CISO) has changed as business environments have evolved. With digital transformation, cloud and hybrid working taking an increasingly dominant role in the day-to-day operations of the typical organization, the CISO has a unique and highly valuable role to play. However, a shortage of qualified IT workers at a time of high demand has put many leaders in a difficult situation – is there a so called “skills gap”? Or does the industry have an “attitude gap”? In this episode, regular host Neira Jones is joined by Ashvin Kamaraju, Vice President Engineering at Thales and Thom Langford, CISO at DXC Technology.
Series 1 Podcasts
Episode 1: Real Threats for Real People – What has the pandemic taught us?
Are businesses being forced into digital transformation too quickly and therefore cutting corners? How to businesses adapt to the changing threat vectors as more valuable data gets pushed further out into the infrastructure due to remote working? These are some of the questions we are exploring with guests Rick Robinson and Todd Moore.
Episode 2: More digital, more risk: where is the trust?
More digital, means more ecommerce, more digital payments, more financial fraud and cybercrime and ultimately more risk. Many organisations within the payment sector are being pushed into digitisation more quickly as they move to operate online to keep cash flow – without doing necessary due diligence on the best solution or vendor and with security not really on their agenda. These are some of the issues we are exploring with guests Arthur van der Merwe and Simon Keates.
Episode 3: Do you know who I am? The digital identity challenge
More digital also means more interactions where the various parties are interacting without knowing each other. This is linked to the much needed focus on digital identity, IAM, CIAM, authentication, behavioural analytics. Has the pandemic forced people’s perception of digital identity to change as they have been forced to accept the digital transformation in their own lives? Our host Neira Jones discussed this topic with guests Sundaram Lakshmanan and Francois Lasnier.
Episode 4: Time for the crystal ball – What to expect in 2021
In this episode we are looking ahead at what we can expect in 2021 and reviewing how 2020’s remote working, separation from family and teams have changed us. Have a listen to some of the interesting insights from Neira’s guests, Troels Oerting, Chairman of the Board of the World Economic Forum’s Centre for Cybersecurity (C4C) and Ashvin Kamaraju, CTO and Vice President Engineering at Thales Cloud Protection & Licensing.
Episode 5: The Challenges of Digital Transformation
Many businesses have been forced to accelerate their digital transformation strategies due to the pandemic and doing it successfully has become a major challenge. What do organisations do to transform their infrastructure to where it needs to be from a technology standpoint? The new threats are here to stay – so what is the best DX practice from a technology point of view? How do you focus on the technology process and preservation of your infrastructure?
Episode 6: Data Beyond Borders: The Schrems II Aftermath
Are the current rules and regulations for securing information and maintaining privacy fit for purpose when you think about the future? Do you think work and lifestyle changes brought about by Covid-19 will have a regulatory impact that we need to plan for? Neira discusses these questions with Enza Iannopollo, Senior Analyst at Forrester and Thales’ own Mukesh Chandak, Business Development Director.
Episode 7: Cloud Now - Mitigating the Risks of Operating in the Cloud
More digital has meant more cloud. The pandemic and the shift to hybrid working has prompted an acceleration in the adoption of cloud technologies by IT leaders worldwide, which looks set to continue for the foreseeable future. Previously organizations have primarily looked at new application development and deployment for cloud, taking a ‘cloud first’ approach. However many have now pivoted towards a ‘cloud now’ approach. In this episode, Neira talks to Chris Harris, EMEA Technical Director at Thales and Vaughn Stewart, VP of Technology Alliance Partners, Pure Storage.
Episode 8: 5G – With Great Power, Comes Great Responsibility
5G is poised to change how digital technology-based solutions are delivered and consumed across different industry verticals by connecting people and devices using high quality services whenever wherever. In this episode Neira is joined by Prashant Deo, Senior Information Security Consultant at Tata Consultancy Services and Chen Arbel, Vice President Business Development, 5G & Cloud Security and Thales.
Bonus Episode: The Shift to Passwordless Authentication
Passwordless and FIDO authentication is one of the hottest topics on the radar of identity and access management professionals. While passwordless authentication offers convenience for end users, not all methods offer the same level of protection. In this special bonus edition podcast, Garrett Bekker, principal cybersecurity analyst at from 451 Research and Asaf Lerner, Director of Product Management at Thales discuss the merits and various angles of moving to passwordless.
Episode 9: The 2021 Thales Data Threat Report
The shift to remote work and the acceleration of the shift to cloud-based infrastructure have profoundly impacted security teams. With the security risks and threats that these changes pose, most organizations have some work to do to improve their security posture, according to the new 2021 Thales Data Threat Report. In this episode, Neira Jones is joined by Todd Moore, VP Encryption Products at Thales, to talk through the key findings of the report. They’ll take a look back at the key trends seen in 2020 and the impacts of the pandemic that have carried over into 2021.
Episode 10: IoT Security Trends
Organizations have only just begun discovering and benefiting from the opportunities provided by the Internet of Things. The ability to capture and analyze data from distributed connected devices offers the potential to optimize processes, create new revenue streams, and improve customer service. However, the IoT also exposes organizations to new security vulnerabilities introduced by increased network connectivity and devices that are not secured by design. And advanced attackers have demonstrated the ability to pivot to other systems by leveraging vulnerabilities in IoT devices. For this episode, host Neira Jones is joined by Ellen Boehm, VP, IoT Strategy and Operations at Keyfactor, and Paul Hampton, Senior Product Manager at Thales.
Episode 11: Quantum Computing
The threat and arrival of quantum computers is ever-present with physics breakthroughs, more Qubits, quantum “supremacy”, and cloud service providers designing quantum computers, but what does it really mean to data protection? Is it really the end of encryption as we know it? In Episode 11 of the Thales Security Sessions, host Neira Jones is joined by Mike Brown, CTO at Isara, and Michael Gardiner, Solution Architect at Thales, to discuss the ways in which quantum computing will change the technology landscape, and how organizations can deal with the potential security threats that quantum brings.
Bonus Episode: Encryption in Quantum Resistant Networks
Network security encompasses the security tools, policies, and techniques used to monitor, prevent, and respond to unauthorized network access. Having such a broad definition and, therefore, challenging approach, it is important that businesses know what key areas to focus on and what enterprise tech solutions they should look to ensure appropriate, airtight protection. Dr. Eric Cole, Founder and CEO of Secure Anchor Consulting, speaks with Julian Fay, CTO at Senetas, a global partner of Thales. The pair explore the primary concerns of network security within the realm of data in motion with the help of key findings from our latest global survey on the encryption of public/private networks.
Bonus Episode: Adopting the Shared Security Management Model
Shared security, also known as shared responsibility, is a cloud security management model that describes the distribution of enterprise data security management and accountability between a company and its cloud service provider(s). The framework essentially enables improved productivity and unparalleled agility, so why isn't every organization adopting it? Dr. Eric continues with Chris Martin at Thales, delving into the main areas of organizational risk concerning cloud migration and vendor native decisions before shedding light on the limitations of a single service provider. The guests then discuss the shared security model - its benefits and the implementation process. Final thoughts centre on what organizations need to understand about control over all users and effectively build a best practice shared security strategy.
Episode 12: Building a Trusted World for Crypto Payments
Bitcoin and other cryptocurrencies have exploded in value—making them an ever-more attractive target for scammers and hackers. So is cryptocurrency secure? How can businesses and individuals make sure they protect their digital investments? And what are the key security measures that should be implemented to secure the cryptocurrency backend? In this episode, we’ll be exploring the current cryptocurrency landscape, and how we can make a trusted world for crypto payments. Joining our regular host Neira Jones for this episode, we have Nitin Gaur, Director, IBM Financial Sciences and Digital Assets and Krishna Ksheerabdhi, VP Product Marketing, Thales.