In our interview with Guy Bavly, CEO and co-founder of Actifile, Aviva Zacks of Safety Detective found out how his company is helping MSPs find a solution to their data privacy problems.
Safety Detective: What drew you to cybersecurity?
Guy Bavly: I’ve been working in the broader IT world for almost 30 years. As a graduate of Mamram (Center of Computing and Information Systems) in Israel, the first part of my career was running IT management systems and it was always about cybersecurity. Back then it was a simpler world than it is today, and we implemented AV and firewalls early on before they became mainstream technologies.
When I left my position as VP Product Management at SAP Labs here in Israel, I wanted to get into the cybersecurity world because there is so much interesting, world-leading activity going on in Israel. Though it seems that many of the cybersecurity challenges have been resolved, there are still so many unresolved challenges, with brand innovation aiming to answer these challenges.
SD: What does Actifile do for MSPs?
GB: We provide MSPs (Managed Security Provider) with a solution for their customers’ data security and compliance problems. MSPs serve about 60% or even more of the mid-sized organizations in the US and all over the world. MSPs are taking more and more responsibility, not only for running a file or print systems operations or for making sure their laptops and desktops are working properly—they are taking more and more responsibility cybersecurity-wise. MSPs oversee web vulnerability assessments, antivirus deployment, and network protection. But data security is more complicated because it involves understanding which data is sensitive and which business processes are involved.
We help MSPs by providing them with a data security and compliance product suite, which is simple to deploy and manage products and that require no integrations into the cloud or on-premises systems. The first product is the Actifile Risk Assessment, which measures the risk related to sensitive data. Every organization has sensitive data, mainly privacy-related: credit card numbers, email IDs, and health records. Many times, it is also business-sensitive data they get from other organizations. We help MSPs evaluate the risk not just by calculating just the number of data records or files but by showing that in dollar value. This product provides all the necessary reports and body of evidence in case of an audit or potential breach.
The second product is Actifile Risk Reduction, which works on top of the basic product. By leveraging the encryption as the best safe harbor mechanism, Actifile reduces the risk by means of automatic encryption. It encrypts the data in the background and is transparent for the users. Every country these days have privacy regulations. In the US, there are at least 15 state, federal, and even global ones. So, in all of them, encryption is the right tool to get you into a safe harbor. Once they find the risk, assess the risk, and audit it, they have an option also to reduce the risk by 80% or 90% on average.
To summarize, we provide MSPs with a software solution to assess, audit, and reduce the data-related risk to their customers.
SD: What do you feel are some of the worse cyber threats today?
GB: Organizations are not just rapidly adopting cloud applications and technologies, but are also moving to work from home, especially in the last few months after the COVID19 pandemic. These changes are putting the entire topic of remote work at high risk for organizations. The cloud is much safer than the on-premises environment, but once the data leaves the cloud for business purposes—auditing, record merging, handing over data to other parties—organizations are at high risk. Organizations can go out of business because of that.
This is where Actifile comes to solve that problem.
SD: How do you think the cybersecurity landscape is going to change over the next five years or so?
GB: There is a very big trend in the cybersecurity world where you trust nobody, but you need to give people access to applications from everywhere in the world and from every device. Once there are privileged users who can access the data and manipulate it, the next big threat is what happens with the data. So, you give access rights to users while monitoring the user’s credentials. But now your data is not being governed and managed, and it travels to places through users’ endpoints, away from the organizational safe repositories.
I think the trend in three to five years is that once more and more people start working everywhere on any device—and I see that accelerating because of COVID-19—then the next wave will be how to protect the data in a perimeter-less world with zero-trust environments.