Interview Conducted by Christy Smith
Doug Bleszinski brings a deep background in as-a-service solution to his role at Ionic. I caught up with him to understand how this expertise translates into how he views modern security challenges like cloud migration, app modernization, and evolving privacy regulations. Doug also shared his passions for hockey and being a #dancedad.
Christy: As a sales executive with a broad technology background, what attracted you to Ionic?
Doug: I’ve had the good fortune of being a contributor to a number of innovative and high-growth companies. Ionic is well-positioned for explosive growth, and here’s my take on the top four reasons why.
First, Ionic uniquely solves a very challenging modern-day problem of securing all your organization’s sensitive data from unauthorized access and data breaches, wherever it lives or travels. Rethinking the problem, Ionic created breakthrough technology that allows data protection to be managed simply, independent of applications and data stores.
Next, Ionic has demonstrated success with customers and partners at massive scale. Current clients include Global 100 and public sector organizations with some of the most complex and challenging data environments globally.
Strategic partnerships with the top three CSPs (Amazon, Google, Microsoft) help their customers embrace the cloud with strong data protection to achieve their digital transformation goals.
Finally, an organization is only as good as its people. Ionic provides an open, transparent, and collaborative environment that helps foster innovative ideas across different teams and functions.
Christy: The ways in which we protect data have changed dramatically over the last decade. How would you characterize the shift? What problems are today’s savvy security leaders trying to solve for?
Doug: Security for decades has been about securing the perimeter around data. The fundamental issue is that data security is siloed, but sensitive data is not. Until this problem is solved with consistency, apps and data are at risk, and innovation is stalled. This is data security gridlock, and it becomes even more challenging when organizations have to stay compliant with ever-evolving and new regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA).
Today’s savvy security leaders take a data-centric approach to protecting information, which is the hallmark of a Zero Trust security strategy. These leaders need dynamic and contextual policy that follows the data wherever it might travel, continuously evaluating and auditing appropriate access. Why risk granting access based solely on membership to a group when you can consider the full context of the request? Why define the same policy around the same type of data in hundreds or even thousands of locations? This doesn’t scale across an enterprise in the long term, which is exactly what today’s leaders are trying to solve for.
Christy: When it comes to solutions in today’s world, why are as-a-service offerings so important? How do you measure the impact of the cloud on how companies do business?
Doug: Most leading organizations today, regardless of their industry, view themselves as a technology company or differentiate themselves by leveraging technology to modernize their applications. While I was at Salesforce, Beqom, Elastic, and Salsify, I saw first-hand how organizations adopted the cloud and open-source tools to deliver more functionality at lower costs. Service-based offerings enable organizations to prove out business value at their own speed; they can grow incrementally and scale usage to match their business needs.
Trust and transparency are also key when leveraging as-a-service offering. Moving storage and applications to the cloud does not make them inherently more secure. While the leading cloud providers invest heavily in infrastructure security, customers must ensure that they address all their shared responsibility security risks: data breaches, misconfigured buckets, human errors, malicious insiders, and many more.
But considering the growing complexities of today’s data, use cases, regulations, and compliance mandates, organizations often struggle to understand how they can protect and secure their data. Especially because they don’t just use one cloud service. Implementing consistent data security across clouds is complex because each proprietary set of tools has different capabilities. Organizations must depend on humans for consistency instead of technology, making them prone to breaches through human errors such as misconfigured buckets. In my experience, this is a growing concern for organizations who need to scale but do so with consistency across all their environments.
Christy: You’ve spoken about the need for companies to “modernize their applications.” What does that mean to you and why is it so necessary?
Doug: Leveraging data and enabling your business to pivot in your marketplace is a competitive differentiator. To accomplish this, your applications need to be flexible and integrate with other technologies. Today’s modern applications enable API access and allow developers to innovate with your data.
In Stephen O’Grady’s book The New Kingmakers – How Developers Conquered the World, he discusses how developers are the most important constituency in technology and have the power to make or break businesses. Whether you’re a software developer for an insurance company assigned to redact personally identifiable information (PII) before releasing the new mobile application, or part of a development shop that needs to comply with privacy regulations that keep on changing, you’re being asked to obfuscate sensitive data.
Developers are concerned with improving their productivity, reducing errors and rework, needing to acquire massive amounts of knowledge in domains outside of their core skill sets, and implementing complex rules and logic changes across their application portfolios. Let’s face it, building data protection and access controls is challenging, and it can take away from the time developers get to spend building what’s really innovative for your customers.
Implementing Machina modernizes your applications by abstracting complex data handling logic from the business logic implemented in application code, allowing developers to focus on the unique functionality you need to stand out in the marketplace. The more you can enable them, the more you are investing in what makes your business. I can’t think of anything more necessary for an organization.
Christy: What’s it like to be in sales during the rise of privacy? What sort of challenges and opportunities do regulations like GDPR and CCPA present?
Doug: I’ll admit to having several social media accounts! But I must also confess that data protection is both professional and personal for me. My wife is a former security product manager, and I now have three daughters.
So much has changed in the last 20 years on the sales side with security and privacy. I remember when just securing either Windows or OS2 meant you had a leading edge, but today, the discussion around security sounds like a roar of white noise punctuated by acronyms: encryption, key management, IAM, data security, CASB, policy management, CIA, log management, APT, cyber security, DLP, governance…
But the rubber meets the road when it comes to privacy. As the amount of data that organizations collect grows exponentially, so does the need for the enforcement of privacy. Companies are being held accountable for how they collect, process, store, and use data that is classified as sensitive. Companies are now requiring data security conversations up front in the sales process. Emerging privacy regulations like GDPR and CCPA (to toss out a few acronyms) require organizations to implement and enforce access controls and security protection for personal data. Failure to comply can result in material fines, class action lawsuits, brand damage from bad press, or a furious call from me as a husband and father.
When responding to these regulations, companies have the opportunity to do the right thing. Security and privacy go hand-in-hand. Not only can you modernize how you move to the cloud or build your applications as we’ve discussed, but consumers are more aware of how you protect their information. Taking a data-centric approach as Ionic does provides a privacy-by-design approach that protects businesses and individuals like me and my family alike.
Christy: You’re a hockey fan and recalled for me a perfect moment on the ice in your neighbor’s backyard. What made that experience so memorable? What attracts you to the game?
Doug: I’ve been playing hockey since I was 5 years old, and I’m a big fan of the sport. I enjoy how fast-paced the game is and the wonderful people I’ve met that share the passion for the game.
Six years ago, my neighbor and I built a homemade, outdoor skating rink in Southern CT. Some years we have had a few months to use the rink; other years we may only get a few days. My most memorable moment is when my youngest daughter and I were skating at night and it started to snow. I asked her if she wanted to go inside to get warm, and she replied “No. I’m having fun skating in the snow with my dad!”
Christy: You’re also a self-described “dance dad” for your three daughters. What do you find fascinating about their journey? How do you reconcile hockey and ballet?
Doug: All three of my daughters have been dancing since they were little kids, and they are now teenagers. There are a lot of similarities between dance and hockey when it comes to what it takes to be successful. Each requires commitment, teamwork, and a passion for the sport. Both dancers and hockey players move with enviable speed and grace. But when you deconstruct what it took to achieve that, you’ll find countless hours of hard work: stretching, memorization, learning to skate or dance in a team, overcoming injuries, etc… It’s great being a #dancedad and a #girldad!