Safety Detective’s Aviva Zacks had the privilege of sitting down with Mark Wellins, chief customer officer of 1TOUCH.io. She asked him about how his company has combined data interrogation techniques with network monitoring techniques for better accuracy.
Safety Detective: How did you get into cybersecurity?
Mark Wellins: In the late 80s, I joined a small company in Scotland that worked with IBM systems. I was involved with the networking side and helped bring the company, which was focused on software services, into the networking world that was just finding its feet, before the Internet was recognized as anything substantial.
Back then, we understood that the first thing that you have to think about when you’re connected is to worry about what hackers can do. It wasn’t that we were all geniuses back then; it was just that we realized that now that everything was connected, we’ve opened the door to other issues. The company I worked for acquired a small company where we started doing security-focused connectivity. We explained to the boss that in the next year or so, anyone who doesn’t have an internet presence, will not be able to conduct business properly. He almost did not believe us.
I then moved to Israel, which is the epicenter of cybersecurity and technology. As we’re all aware, necessity is the mother of all invention and lots of good technology comes out of Israel.
I was fortunate enough to work in cybersecurity at Check Point in the early days. It was at the cutting edge of security, with some amazing technologies that were ahead of their time, some of which we had to ditch because people couldn’t really understand it. We had technology that would let you know who was connecting from where, from what device, which type of encryption that they had on that device. With that information, we were able to see when this person was connecting from their phone which doesn’t have strong encryption. Today, we see the significance of this solution, which the market was simply not ready for 15 years ago.
Then I joined Tufin Software Technology, which offers an automation platform for security solutions that tries to remove the human element from security devices. Today, when you hear about breaches, they tend to occur because of human error. When I was at Tufin, we tried to remove the human error aspects as much as we could by letting the customer define the corporate policy in a very simple, straightforward manner. And then, the systems would implement the security policy.
SD: What do you love about cybersecurity?
MW: What makes security so interesting is the way different people see and use the products. It’s good to be around people who are creating technology and trying to respond to everyone’s needs.
SD: Tell me about 1TOUCH.io.
MW: It all about keeping your personal data private. This software goes inside the network and finds locations where personal data has been stored.
Until very recently, we were quite free to share information internally, with little thought to the consequences of the proliferation of data. Today with regulations like GDPR and CCPA, companies are being held accountable for their use of personal data. 1TOUCH.io comes in and looks at the network and connected systems in the organization to discover all the personal data and any copies of such data over all the different systems that are in use.
We help solve the problem of where the data and what is being done with it so that you can be compliant with all these new regulations.
SD: What makes 1TOUCH.io unique?
MW: 1TOUCH.io is unique in the space of data privacy. We’ve taken data interrogation techniques and network monitoring techniques and combined the two. This enables us to give an almost 100% accurate picture of all the data in the network. By combining those two techniques, we have the context between data in the database tables, unstructured data in network servers, and the visibility over how that data is copied, shared, and processed.
We may find partial information about a person in one database—first name, last name, and zip code—but that’s not quite unique enough to identify an individual. In another one of the databases, we’ll find an entry about that person, and 1TOUCH.io will then be able to fill in the missing details: home address, phone number, credit card number, passport ID number. 1TOUCH.io knows the information because we have found all the data relating to this person in possibly 50 to 100 different places. This person may invoke his “right to be forgotten” or his “right to erasure.” The organization must now remove all the information about that person if he’s legally entitled to that service.
SD: How do you see cybersecurity developing in the next few years?
MW: It’s always going to be reactive. There are people who find vulnerabilities and report them to the manufacturer (“gray hat hackers”), and there are also people who will exploit them for gain. For example, organized crime is so well-versed nowadays in technology they find new and innovative ways to use that technology for their gain. People who are looking for easy ways to take advantage will always stay one step ahead of the technology and because of that, it’s always going to be a reactive game.
Governments need to step up and educate us, the citizens, a lot more on security and online safety. If you think about five or ten years ago and even 20 years back, if we wanted to do something online, we would probably click the end-user license agreement. We would probably happily divulge our email address, home address, and phone number, without really giving it much thought. We didn’t really read terms and conditions because we didn’t care. We just wanted whatever it is that we signed up for, whether it was to shop online or to read some interesting article.
We gave information freely and today we’re paying the price.