Frankly Speaking, 8/20/19, Private Thoughts on Privacy
A weekly(-ish) newsletter on random thoughts in tech and research. I am an investor at Dell Technologies Capital and a recovering academic. I am interested in security, blockchain, and cloud.
If you were forwarded this newsletter, you can subscribe here, and view old newsletters here.
I'm back from my "Summer/August VC Vacation" where I traveled every other week to conferences and had 12-14 hour days of work. Even on the week that I had "off," I was on the phone for 3-4 hours every morning.
Anyway, I'm back, and things are returning to a stable point despite the indigestion that the stock market has given me recently. Blackhat was again crazy, but it's good to catch up with people and see what the new security "theme" is. With that said, I'm surprised by the lack of funding announcements before Blackhat. Is it because there were many announcements throughout the year? or do companies not want to get stuck in the noise of other announcements? Maybe the pace of funding in security has slowed? More stealth companies?
It's nice not to have too many companies announce, and I know some are announcing after Blackhat (mine inclusive, so be on a look out!). I like Blackhat more than RSA because I feel like it's back to the fundamentals of security, i.e. focus on keeping the world secure with cool tech rather than vendor selling.
LET'S BE FRANK
I tried to be a bit punny in my subject title, and I'm not sure how effective it is. In the past few months, I've been thinking a lot about privacy and what it means. Going to Blackhat made me think more about it.
tl;dr: it's different for everyone because we really have defined what privacy means.
Privacy is kind of a loaded term, and there are many ways to look at it. Very broadly, I think of it as protecting private or sensitive information. Of course, that's vague, and it's no wonder why different companies perceive it in different ways. For example, some companies view privacy as a legal issue where they have to abide by certain laws, such as GDPR and California's Consumer Privacy Act. Others view it as a risk management issue in the sense that private information represents a risk because if it leaks, it poses a reputational threat to the company. Some other companies see it as a security problem in the sense that the private information is similar to IP and critical to their business, so protecting this data is like protecting infrastructure.
This is exactly the problem. Different groups own this topic at different organizations, and they all have different mentalities toward it. It's very different when legal vs. risk vs. security owns it. Some companies think about it in a more sophisticated manner than others. That's why I think it's hard to build a privacy company despite it being very necessary. The buying motion and solution are complicated. Of course, this never stopped anyone from building a company :). I do think there's a strong need, but I think privacy companies will continue to struggle on the exact buying motion. The smart thing to do is to focus on one use case or one buyer who has a specific privacy issue. For example, there's sensitive data that needs to comply with GDPR, and we need to find it. That's why BigID is so successful because they have identified a clean use case that transcends the "politics" of the organization and who owns privacy. I'm not saying anything definitive, but I know CISOs are thinking more about it, which means there seems to be some movement of organizational ownership.
However, I still believe privacy is a security issue because honestly, a very large majority of data is now digital, so most sensitive data sits in the IT infrastructure of a company, making it a data management issue. Privacy is about managing private data, so it should be an IT/security problem. I think until organizations realize this, the ownership will be unclear.
TWEET OF THE WEEK
Sweet! I forgot that the last two weeks of August are the best times to try out every restaurant with a long line. Thank you Burning Man for making SF liveable once a year!
CURRENTLY READING
TBD. Suggestions are appreciated!