AiThority Interview With Tony Pepper, CEO and Co-Founder, Egress
Know My Company
How did you start in this space? What inspired you to found Egress?
My co-founder Neil Larkins and I worked together in a previous business – Reflex Magnetics which eventually sold to Check Point in 2006. Our focus at that time had been protecting data on removable media (USBs and CDs), and after leaving Check Point, we looked at the market and saw that increasingly people were using email to share these types of data. We founded Egress in 2007 as an email encryption vendor and over the last 12 years, we’ve extended our product platform to cover other forms of data transfer, including online collaboration and the need to easily send very large files securely.
With the rise in recent years of data protection and data privacy regulations, we’ve also put a lot of R&D into helping organizations prove compliance and pinpoint any areas of weakness. For example, we provide compliance dashboards for an organization’s email network that can compare it to relevant requirements of the NY DFS Cybersecurity Regulation or GDPR.
Most recently, we’ve developed AI and Machine Learning technologies that help to determine the level of risk when someone is sharing data – looking at factors like whether they’re sending it to the right recipient, whether there’s a trusted relationship with every correct recipient, and whether the data is sensitive and requires encryption. We can then do several things at the point of sending to prevent a data breach, including alerting them to incorrect recipients or ensuring they use some form of security to protect data – including TLS, Egress encryption or other third-party security tools.
What is the most challenging threat to Enterprise Data currently? What immediate measures would you suggest to enterprises in order to protect data?
I think one of the most challenging threats is the fact that so much enterprise data is unstructured- the emails we send, the files we create and save to corporate networks and our own desktops (and then attach to emails!), and even multimedia audio and video files. Then we add people into the equation, who are interacting with this data on a daily basis and often in seemingly unpredictable ways, and the risk that an organization will suffer a data breach increases exponentially.
This insider threat to unstructured data is a massive risk. In fact, a recent Egress survey found that 95% of IT leaders (CISOs, CIOs, IT Directors, etc) acknowledge insider security threats are a concern to their organization. What’s more, 79% believe employees have put company data at risk accidentally in the last 12 months and 60% believe it’ll happen again within the next year.
Let’s face it, human error is here to stay, so organizations need to adopt tech that wraps users in data protection best practices and ultimately provides a safety net that allows them to do their jobs more effectively. For us, that focus is around making sure sensitive data is only shared with the correct recipients and is protected relative to the level of risk of a data breach.
What approach do you use for Egress’ technology to safeguard email?
Many email protection solutions still take a “one-size-fits-all” approach to protecting email, relying on static DLP rules or user actions (for example, encrypting emails at the desktop). This does two things. From a security perspective, it doesn’t take into account the real-world risks of a data breach at that particular point in time, for example, caused by human error or DLP rules not being updated frequently enough. Secondly, this approach often creates friction for the sender and the recipient, and with enough discomfort and pushback on either side, insecure workarounds are often used instead.
We recently released new product enhancements to Egress Risk-based Protection and Egress Email Encryption that use AI and Machine Learning to determine the actual risk of a data breach as information is sent and accessed via email, to ensure the right security is applied and, when appropriate, reduce friction as much as possible.
Risk-based Protection determines the actual risk of a data breach as people share data via email, recommending correct recipients if someone has been added by mistake, as well as ensuring the appropriate level of protection is applied including Egress Email Encryption, as well as TLS and other third-party solutions.
We’ve also added Egress Smart Authentication to our encryption solution to overcome one of the biggest challenges to all email encryption solutions: recipient adoption. Smart Authentication analyses the level of risk in real time when a recipient receives an Egress encrypted email, providing seamless access for trusted recipients (where the risk is low) and requiring more information or actions from the recipient when the risk is higher, for example, if the recipient is accessing the email from an unknown or untrusted location.
How do you differentiate Egress from other similar providers?
Unlike its competitors, Egress offers a unique combination of patented technology for threat protection (big data analytics and Machine Learning) and encryption (including policy and rights management technology that controls the release of information). We offer this through a data security platform that includes classification, secure transfer via email and our collaboration tool, and comprehensive analytics and reporting for compliance. As such, our customers don’t need to manage several different third-party tools to implement these types of security software.
Underpinning all this technology is the people-centric approach we look at the ways people interact with and share data, including the mistakes they’re likely to make, reducing friction where possible and adding value to their day-to-day lives.
How adaptable are Egress’ technologies in the U.S. considering the advent of regulations such as the GDPR?
We’ve designed and developed our technologies to be highly scalable and deployable across global markets. Prior to GDPR, Egress helped organizations comply with regulations like HIPAA and, in the UK, the Data Protection Act. GDPR has been a compliance gamechanger not just in Europe but globally. We work with US firms that need to comply with GDPR, directly transferring our expertise from EMEA markets to North America. Interestingly, though, GDPR has also paved the way for other security regulations – like the emerging California Consumer Privacy Act (AB375) – and will doubtlessly continue to do so. Our expertise with GDPR means we are exceptionally well-placed to help companies comply with these newer regulations.
What is the impact of the raging trend of ‘including AI in everything’ on businesses?
There’s a lot of noise about AI in the security industry in particular – so one of the challenges is to cut through this with technology that can actually add value for end-users. This is the best way for AI to make a lasting impact.
We need to use smart technology to address users’ pain points, for example, usability or disrupted workflows. At Egress, this involves reducing friction wherever possible such as preventing over-encryption of emails (where a user encrypts everything, including information that isn’t sensitive), which can cause recipients to push back. Or ensuring emails are sent to the right people to save the sender from an embarrassing and sometimes career-limiting mistake.
By doing this, we can make security technology something that is embraced by the user, and ultimately protect their organizations from data breaches.
Which industries can leverage from Egress’ product, services, and platform?
Originally our core customer base came from highly regulated industries – including State and Federal Government, finance, healthcare, and medical, justice and law enforcement, and legal. However, with increasingly expansive regulations coming into force, such as GDPR, we’re seeing more and more interest from other types of organizations as well even those who just a few years ago, would push back on security technology.
Could you tell us an instance when Egress’ solutions have benefitted an enterprise?
Epiphany Healthcare, an ECG systems provider to more than 950 hospitals, recently underwent a significant IT transformation with Egress, where we helped them secure and streamline the way they share high volumes of HIPAA and PHI regulated data.
For a quick overview, Epiphany needed a secure way to transfer regulated healthcare data (i.e. ECG studies containing PHI) with healthcare providers, partners, and internal users, while also enabling the secure ingestion of patient ECG information via an FTP site.
Egress worked with Epiphany to transform its communications by implementing Egress Email Encryption to protect message content and attachments for total control over shared information in real-time, with the ability to revoke access to sent items, audit user actions and add message restrictions to prevent mishandling of sensitive data. Where email isn’t suitable for external users to send information to Epiphany, they use Egress Secure Web form to securely and seamlessly submit ECG studies and sensitive patient scans and files all in compliance with HIPAA regulations.
Which events and webinars would you suggest to our readers as being the best to grasp information on emerging technologies?
With the incredible uptake in Office 365 services in recent years, I would recommend readers upskill as much as possible to know when they need to integrate additional layers of security into their environment to protect and regulate highly sensitive data. This on-demand webinar featuring Michael Osterman, President of Osterman Research, highlights specific O365 limitations in DLP, eDiscovery, anti-phishing and encryption capabilities that make third-party solutions integral to Office 365 deployments.
Where do you see AI/Machine Learning and other smart technologies heading beyond 2025?
We see AI and Machine Learning continue to be used to take the guesswork out of cybersecurity by being able to predict users’ behavior, which in turn, will enable them to work more productively and securely, as well as ensure organizations remain compliant with relevant legislation.
Thank you, Tony! That was fun and I hope to see you back on AiThority soon.
With over 10 years’ experience in taking high-tech data security products to market, Tony has a strong track record of successfully creating innovative technology solutions designed to meet the demands of modern business trends. Characterized as a highly confident leader and adaptable team player, Tony is a member of several industry focus groups, certified BCS Fellow, a frequent speaker at technology seminars, and trusted advisor to SME’s, Enterprise organizations, and UK Government.
Egress helps enterprises protect unstructured data to meet compliance requirements and drive business productivity. The company’s AI-powered platform enables users to control and secure the data they share.
The award-winning platform provides email and document classification, accidental send prevention, email and file protection, secure online collaboration and audit and compliance reporting.
Trusted by enterprise organizations and governments around the globe, Egress offers a seamless user experience, powerful real-time auditing and patented information rights management, all accessible via a single global identity.
Egress is headquartered in London, with other regional UK centers and North American offices in Boston and Toronto.