In this podcast, we talk with Mathieu Gorge, CEO of Vigitrust, about subjects discussed at the recent RSA 2023 event in San Francisco. These included the impact of artificial intelligence (AI) on storage, backup and compliance, as well as the uses of AI in areas such as data classification.
Gorge also talks about the resurgence of a focus on data classification and its usefulness for access management and keeping track of the data held by enterprises, which can be vital to compliance as well as storage management.
Antony Adshead: What were the key themes at RSA 2023?
Mathieu Gorge: RSA 2023 was probably one of the busiest ever. I’ve been attending for about 20 years, and I think everybody was very happy to come back to in-person meetings after Covid.
I had expected, like many others, that there would be 100% talk about AI. I would say there was about 50% talk about AI in terms of the risks for the industry, the risks for data protection, for storage, for backup.
But there was also a lot of talk about everything that’s powered by AI, and a good number of vendors are now claiming that their solutions are being powered by AI. The reality is that some are and some aren’t.
Other talks at RSA were around more fundamental issues like risk. There was a major shift from the previous five or six years. Everybody was going back to the basics and talking about the risks for the data, for the ecosystem, and for the users, as well as for the board. That was actually quite refreshing because, as opposed to being a vendor-fest, there was real talk about what are we trying to protect?
In that vein, we saw the comeback of data classification. That technology is not new – it has been around for a number of years, but it hasn’t had a lot of coverage at RSA in the past few years. Now we’re back talking about risks and we’re back to talking about how AI is potentially influencing how we collect and create new data or how data can be leaked out, data classification is now back firmly on the agenda, and in my view, that’s a very welcome thing.
Adshead: What are the key impacts on storage and backup that follow from these changes in focus?
Gorge: We often talk about how to manage the ecosystem and all the different silos you have. You can’t protect something you don’t know, so the advice is to make use of that new data classification technology – some powered by AI to pre-empt issues that might happen with data.
So, what is the data you want to keep? What is the data you acquire that you shouldn’t be acquiring (because now you’re custodian of that data under GDPR, CCPA or whatever)? And how can you protect that data?
We also saw at RSA a resurgence of privilege access management and access rights. So, who needs to have access to what data at what time?
I think we need to go back to basics on that one and have a look at, am I collecting too much data, do I really need that data, and if I do need it am I keeping it under the right framework for storage, for accuracy, for access, availability, typically under the likes of GDPR?
So, data classification is key. Data management, access to data and, of course, where the data is stored, and again one of the issues there is do you know what cloud providers you use, do you use the right cloud providers, the right providers for the right type of data? That’s also a new thing that came out of RSA 2023.