AiThority Interview with Robert Cruz, Senior Director of Information Governance at Smarsh
Could you tell us about your journey in technology and how you started at Smarsh?
I’ve been a tech nerd for as long as I can remember, but grew up in a small town in the Central Valley where oil and ag are kings. Then in high school, while tending to a hot pizza oven, I had an epiphany – if I wanted make money in tech, I needed to be in the Bay Area. So, I loaded up the truck and I moved to S. Valley, first to San Jose State, then later onto Stanford, and have been in tech ever since. Along the way, I became interested in tech that addresses use cases of litigation, governance, and compliance, and have been in that space for the past 15 years. I came to Smarsh via our merger with Actiance, who I joined in 2015 to help them establish a market leadership position.
You have led product teams for various electronic information archiving platforms. How has eDiscovery technology evolved since the time you started in this industry?
eDiscovery has evolved tremendously since I started work in that space around 2007. There has been tremendous consolidation of providers as technology has matured and more corporations have sought to have gain control over the process from their outside law firms and litigation providers. Today, more corporations expect to have discovery data at their fingertips in order to reduce cost and find responsive data sooner, which has led many to expect more discovery utility to be included within archiving platforms, such as Smarsh.
How do you see global IT and ITSM scenarios evolving around Enterprise Information Archiving protocols? What kind of preparedness is required to adopt this technology in the current IT architecture?
We are now entering a second wave of Cloud adoption within the industry. The first generation saw the growth of vendor-operated, hosted archiving services that provided cost and management challenges over the earlier generation of on-premises solution. What is happening now is that more firms are beginning to realize the benefits of embracing Public Cloud options such as AWS and Azure, and are expecting that archiving services can leverage those infrastructures in order to deliver higher availability, scalability, as well as the flexibility to add new service features and take advantage of geographic expansion opportunities.
What is required to prepared for this second wave is to look for archiving services that are “Cloud-native”, meaning built and designed for the Public Cloud via the use of micro services, agile development methodologies, as well as leading open-source componentry in order to avoid the performance bottlenecks and single points of failure that can arise from simply adding redundancy to older technologies that are still being used by the first generation hosted providers.
Which Enterprise Information Archiving and/or eDiscovery technologies have been the biggest disruptors in this industry?
There are several to name. First, on the archiving side, one of the biggest disruptors has been the explosion of content sources, such as mobile, social, and collaborative content sources such as Microsoft Teams, Slack, Zoom, and others. Each of these content sources is unique, and each has its own set of metadata and XML formats that need to be preserved in order to understand what is happening as part of an interactive conversation, such as a persistent chat. In this area, firms that can capture and preserve the unique native attributes of each (versus simply flattening each into an email format, as first-generation hosted solutions do), is vital not only to enable legal and compliance teams to interact with that data, but also to ensure that you can be prepared for the next generation of content sources that will follow todays.
On the eDiscovery side, AI and ML technologies were embraced by firms that were initially focused on predictive coding and analytics. Those same underlying technologies are seeing a surge of interest in order to better understand today’s heterogenous content sources, and understand when content ‘needles’ might be moving amongst haystacks. Social network visualization, categorization, and clustering are all widely used within eDiscovery for firms today as part of early case assessment (ECA) activities.
You recently released your ninth annual Electronic Communications Compliance Survey Report. What are a few of the key takeaways that our readers should understand about this year’s survey?
As noted above, firms need to acknowledge the fundamental change that has happened in the ways that their organizations communicate and collaborate. The explosion of Teams, Slack and other sources is because firms are seeing a positive ROI, in the form of fewer meetings, less email, and improved productivity. More importantly, however, is that these changes reflect demographic changes and the ways that younger employees and clients want to interact. More firms are coming to the realization that you need to allow your organization to do business on the terms dictated by your customers, on tools that they prefer and are comfortable with. More compliance teams are coming to the realization that – if you don’t provide support for these new tools – your competitors likely will. The compliance gap here highlights the fact that adoption of these tools is currently leading the deployment of policies and enforcement technologies that ensure that new risks are not being introduced.
On the mobility front, a gap continues to exist for firms that do not yet have capture, archiving and supervisory controls that include mobile, text, and SMS messaging – even though many recognize that prohibition policies are proven not to work. This is more befuddling as technologies that allow for the capture and control of mobile content have been on the market for many years, but awareness continues to lag.
Would you agree that AI can successfully fill in for the “Information Forensic” gaps in the industry? How do you leverage AI/ML at Smarsh?
I would generally agree with respect to Machine Learning technologies but would describe it more as a complement than filling the gap. The reason is that ML does not understand specific SEC, FINRA and other compliance requirements, and firms need to create, follow, and report on their adherence to written supervisory procedures (WSPs). We talk to many firms that describe the complementary nature as follows: 1) use supervisory review tools to define policies for the known risks that can be expressed as lexicons for point-in-time conversational activity (e.g. message sent, persistent chat started and closed, etc.); 2) augment this with ML that can look for anomalies and patterns over time and potentially uncover risks or policy violations that may be hidden in the data, then 3) use those findings to refine the policies to spot them before they happen again.
At Smarsh, we see these ML or “surveillance” approaches as a very quickly evolving and specialized domain, where forensic teams are evaluating best-of-breed tools to be used for investigative and risk management activities. Our strategy is to provide open APIs to deliver data to those technologies, as well as the ability to “enrich” that data for policy refinement mentioned in step 3. This is a good example of the interoperability that large firms expect amongst their Cloud applications that was noted in the question above.
What are your predictions on the future of Enterprise Information Archiving in 2020-2024? How can business owners safeguard against growing cyber security incidents?
Top predictions: 1) leading firms will design their systems to capture and retain the native properties of any content source, 2) leading firms will be fully capable of addressing Multi-Cloud as well as Hybrid Cloud (i.e. combination of Cloud and On-premises) deployment scenarios), 3) archiving providers that have data privacy “by design and default” will be separated and differentiated from those that don’t, 4) the portion of the market that is satisfied solely by enabling end-user archiving (i.e. providing end users with access to their historical content) will be served almost exclusively by Microsoft Office365, and 5) cybersecurity will continue to be in the spot light, with regulated and highly litigated firms betting on the investments in Cloud infrastructure made by leaders such as AWS, Microsoft, and possibly Google. In other words, you don’t need to archive your information with an infosec company in order for your data to be secure.
What is your opinion on “Weaponization of AI, Machine Learning and Blockchain”? How do you promote your ideas in the modern Digital economy?
There are clearly many security, societal, and ethical implications of today’s technology advances, and the need to drive technology faster and farther often outpaces open, thoughtful, and rational discussions that look holistically at the potential risks – as well as the benefits – of innovation. At the micro-level, we do hear our customers wrestle with the implications of analytically-driven approaches in simply ensuring that they are delivering the right product or service to the customer, and are doing so in a way that allows them to audit and defend the actions they have taken. Financial services firms and others in the critical infrastructure protection industries have been conditioned for this for years, today we are simply enabling a much more powerful set of technologies that are in need of automated controls.
For us, we are simply attempting to enable agility and response to a changing client base and work force with automated back-stops to help mitigate the risks – in other words, leverage the advances in the digitization of their operations, but do so encouraging legal, compliance, security, and privacy to all be engaged in the assessment of the risks of those technologies>
What kind of skills/technical specializations is Smarsh currently hiring for to support Product and Marketing teams?
One of the key areas of investment across the company is ability to understand the intersection between underlying technology and how it is leveraged to achieve a specific business outcome. This means understanding the customer use cases, empathizing with the specific problem they are attempting to solve, and knowing how they define success. If we can build our bench strength to maintain that balance (as opposed to simply being “tech nerds”), we will be successful.
Thank you, Robert! That was fun and hope to see you back on AiThority soon.
Robert Cruz is Senior Director of Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.
Smarsh helps organizations get ahead – and stay ahead – of the risk within their electronic communications. With innovative capture, archiving and monitoring solutions that extend across the industry’s widest breadth of channels, customers can leverage the productivity benefits of email, social media, mobile/text messaging, instant messaging/collaboration, websites and voice while efficiently strengthening their compliance and e-discovery initiatives.
A global client base, including the top 10 banks in the United States and the largest banks in Europe, Canada and Asia, manages billions of conversations each month with the Smarsh Connected Suite. Government agencies in 40 of the 50 U.S. states also rely on Smarsh to help meet their recordkeeping and e-discovery requirements.