Mario Duarte, VP of Security at Snowflake, joins BigIDeas on the Go to discuss the evolution and implications of cloud data security, the rise of global privacy regulations, the intersection of privacy and security, and more.
Duarte was inspired to work in the security industry as a kid in the 80’s and early 90’s after he saw the film ‘War Games’. His first opportunity came in the shape of a security engineer for EY, where former NSA employees trained him on how to break into companies— he wasn’t great at first but he really enjoyed it.
When asked about the evolution of data security Duarte said, “ I think most organizations have been living in an imaginary world where we thought that with our data we can rely on our on-prem protection, having firewalls and statistical security to protect that data but that’s always been a fantasy, in my opinion.”
The growing complexity of cloud systems has had an immense effect on how businesses store their enterprise data and operate virtually.
“These cloud environments that we use are complex quite honestly, and there’s a lot of opportunity for human error, and when human errors are introduced into this— and we’re never going to get rid of human errors— but if you think about the cloud, and you think about data residing in the cloud, a misconfiguration that you don’t keep an eye on and alert it on, can allow an intruder from outside or internally to gain access to that important data.”
Importance of privacy regulations
Prior to the passing and enforcement of data privacy laws like GDPR and CCPA, businesses were much more hesitant to expose new security incidents or breaches within their companies. Duarte stressed the importance and rise of new legislation that has prompted a greater responsibility from organizations.
“I think it’s important to have these regulations. For many years organizations have kept quiet about their own security breaches. You can go look at the public Internet and you hear about these security incidents that happen, publicly announced years after it happened. And that’s because a lot of companies just didn’t have a reason to announce that unfortunately. So I do think that regulations like GDPR have helped [them] be more transparent about these events to allow their customers, their employees, other folks who they work with to be notified when a security security incident has occurred and to do it on a timely basis.”