 So, hello, and welcome to this webinar, the ticking time bomb of Shadow IT. I'm going to start out with a few housekeeping rules. The webinar is structured in such a way that we will run through the presentation and take questions and answers at the end, so if you could please enter your questions in the messenger function, you're all going to be kept on mute for the duration of the webinar. There will be a set of poll questions throughout the presentation that we will also reflect on at the end of the presentation. And now I'm going to hand over today's presenter, Rasmus Holtz, the Chief Revenue Officer at Wire, and yeah, this will take about 20 to 30 minutes of presentation with 15 minutes of questions and answers at the end. The slides will be shared after the webinar. Thank you, Rasmus. Thank you so much. So welcome to this webinar, the ticking time bomb of Shadow IT. And while we always, when we talk about IT and risk and compliance risk and sensitive data, which was also part of the headline for what this webinar was about, we would also like to take the moment to talk about the future and talk about controller sensitive data, talk about control of the data you actually have in the organization. Because if we only talk about the risks, we can spend a lot of time contemplating why everything will go wrong. And there's no business and sensitive in that collaboration and production of information and exchanging information shall be secure and shall be a help to the organization, not an inhibitor. And so always focus on the positive that can get out of collaboration and overcoming the problems of shadow IT. I don't think is a problem of control and risk avoidance. It is actually providing the right tools for the employees to work with. So let's get started. One of the first things that we looked at when we were preparing this was what actually happens in the world today. And I am the happy father of a 16 year old and a 13 year old and they certainly don't share my ways of working or communicating. If you look at that generation, basically they communicate at a pace which most of my generation cannot keep up with 46% are on Snapchat every day, 32% are on Facebook every day, 38% are on Instagram, 93% are mobile. Everything is centered around a fast messaging, a fast paced culture of moving back and forth messages. You create a closed circle communication tool. What do I mean with closed circles? These are our friends and we can relate that to our business community, our internal work. We already know the people we're used to communicating with them and we can quickly add people on to the circle if we want to. And if you think about that, email and PCs are not even on the radar. I put out an article prior that said my son actually has 15,000 emails on red. But what are those 15,000 emails? Most of them are stuff that comes from advertising or other information sources that he actually does not consider his closed circle. And if we then think about ourselves in a business sense, isn't that also our world? We do receive these advertisements. We do receive these requests for do this or could you help me with this that are maybe not part of our everyday life. Yet we want to communicate with the external world in a way that we control, not just the 70% of the world's communication on email that currently is spam. So with this, the intro is there is actually something to be gained from this. There's a lot of pace to be gained from working in this way, but none of this spells security to anyone. However, if you look at organizations, they've not been blind to this. They actually look at that way of working and pull it into the organization. Why? Because it engages a lot of the employees. It motivates people to have a fast reply. It motivates them to be able to communicate with their colleagues in a fast and interactive way rather than waiting for the two page long email response that comes at the end of the week when you send the request at the beginning of the week. So 90% according to no general research of organization actually have invested in some level of collaboration tool. Collaboration tool and their research is a very broad term. There could be anything from file sharing, video conferencing, messenger tools, anything to that notion. And many of the organizations actually deploy more than one collaboration tool. So what you really see here is that enterprises are embracing this solution, but this to a large extent does not mean that people move off the tools that were always intended for personal use, the Instagrams, the Snapchats, the WhatsApp, because if you think about it, even the CEO will invite his friends to a golf tournament using WhatsApp. So what we really have here is that people gravitate to the tools that are easy to use, fast to communicate with, and we've understood that as a business challenge. And we're embracing those back into our businesses as it stands today. So why would it actually make economic sense to start moving and gravitating towards tools that have these characteristics of being fast paced, of being communications that deliver faster responses to the questions we actually send out? I'll give you a quite quick overview of that. And the first one, which is a research by productivity expert Michael Hire actually says that implementing messenger solutions will reduce your email by 83%. And actually by every time you respond to something, you will use 73% less words to describe the similar problem. There will be more messages, so there is a little counterbalance in this. But think about this. This is a massive reduction in a workload that is present in every single company. It is how we communicate with our partners, suppliers, our new hires, and our internal colleagues. So messenger style collaboration tools like we just saw also improves the productivity internally to the business. Internally and externally, I actually should say, because the one thing about the collaboration tool is how do we extend that to not only be an internal tool where we put our head in the sand and only work with the people just around us, but how can we actually also embrace the external world. So let's look at that problem from a little bit of an economic sense. 83% reduction in email sounds nice, and we would all like to have emails, 73% faster or fewer response per message would also indicate that you have a productivity gain. But I think this next one actually illustrates what the problem is, or the opportunity. If you look at an article published in the Washington Post last year, research says that 4.1 hours of every single day by knowledge workers is used to create or respond to emails. At 220 workdays a year, so we allow people to have their vacations and their weekends free. This actually amounts to 90,000 hours in a 100 people company. 43% of the workforce is employed to only create emails. And as large portions of these, 80% plus are actually internal. This is one of the biggest productivity inhibitors, and also one of the most time consuming tasks that any enterprise undertakes on a general basis. It is 43% of the work done in a knowledge business on an everyday basis. Think about that, so it says a lot about how we actually communicate, but it also says a lot about what is the information when we talk about security risk, compliance risk and sensitive data that we need to protect. A large portion of that data is produced here. It is files that are shared, it is information that is written, it is intellectual property that is shared, it is contracts that are shared, reviewed, sent back, it is documentation, it is everything. So this is actually where most businesses put the largest portion of their productivity. And that's why this is important to protect because and optimize because essentially what you see is that this is the vast majority of the work that's being done in any business today. So how do we actually marry those up and how do we get it right? No general research, the one where we looked at the productivity to begin with. What did CEOs respond when we said, hey, are we actually ready to take the step and say this is the way we do it? Messenger style communication with everyone, internal as external, limit the amount of emails to get the productivity gains. And most of those who respond with a concern, they say we are concerned with security. The other part is that a lot of these Messenger tools are actually on the cloud. And truthfully, you can see that the tools I mentioned on the first page, the Snapchat, the Instagram, and especially WhatsApp, that is being frequently used in businesses, actually also uses the data to have a monetization, which is not based on people paying for the tool, but yet being a tool that generates revenue from advertising, which means that the messages will be data mined for profit. So right now we've looked at what the world actually does over and above what we do internally in our businesses. We've also looked at the fact that there's a massive productivity gain from optimizing the way we communicate. And now, if we can get to that, we should be concerned with the security because none of the external tools are secure, yet that is the number one reason why we wouldn't move. And if you marry that up with the cloud avoidance and the organizational readiness, which I will also talk about, i.e., are my employees really ready to move to this? Can they understand the tools? Do they understand what happens when you send a message back and forth instead of a longer email and when it doesn't say, dear Mr. Walters, but just says, hey, remember to do this. And the other one answers, yes, and you're done. So the trick to get this right as a CEO is to marry this speed of the social work with a secure fabric that underpins this, because this would mean that in one go, you would start to secure almost 43% of all products that are all productivity that is created within your business. So lastly, when we know about this, one of the key reasons, one of the questions we will always get from a CEO is, how do you actually finance this project? And let's examine one thing. Most people right now start to put in place cyberinsurances. If you watched my last webinar, 63% of CEOs were concerned with cyber risk. It was actually the number one concern, more than economic growth, ability to grow, scale the business, all of those. Yet, a large portion of companies still have no cyber insurance. Cyber insurance is growing at over 20% year over year. So more and more people are buying this. But the question really is, do you need to invest in the security and the cyber insurance or can you actually get the secure fabric right from the beginning and protect the vast majority of the information you actually share? The cost of this, if we stay in the risk and avoidance and setting up the worst case scenario is that currently this cost European companies 400 billion British pounds every year. So the problem is serious and it's growing. So how do we actually get to a point where the CSO can come and say to the CEO, I know you said that this measure just out of the communication makes sense, but I can also answer the question of, will this actually be safe when we implement it? So let's actually examine now the challenge of the CSO. Because he would always be asked, tell me how this is secure. Tell me how this helps our business be secure, how we protect our information. Because right now we gave the CEO a reason to increase his productivity of his organization by implementing these, but now we want the CSO to respond, is this actually secure? So when security is a concern, one of the things you can always go back to is where does things, where does things get stored? And when we think about where does it get stored, a lot of us naturally gravitate towards the fact that we would like this to be stored on our own servers internally or in the cloud, but then we need to know where it is on the cloud. But what if you could actually store things end to end encrypted on the devices at the edge? So none of this huge breach things that we hear with email where a hundred thousand files actually get leaked in one go, if that we can actually overcome that problem. Just think of this, if someone wanted to hack into your email server, it is one hack and you get access to everything. It is one left key for the encryption at rest and everything is gone. But what if you could encrypt it in such a way that all of this productivity, 43 man years for the 100 people company is encrypted separately and every message is encrypted separately. Think about that from a perspective of a cyber criminal who wants to break in. This is now 43 man years of work encrypted in separate little packages that will take a long time. And think about the other thing that over 60 percent of breaches often come from within the organization. So when we talk about storage in the cloud and that is dangerous, we should remember to think about the fact that internal breaches are as risky as external breaches. And possibly the way to go about it is to start finding a solution which does not store anything in the center of the cloud. The next challenge for the CISO is how do you avoid selecting a solution where you don't know where your data go? First and foremost, of course, steer clear of the many of the tools that we started out by mentioning. But the other part is are we sure there are no backdoors? If you really look up stories on the web, you will find that both Gmail or Yahoo have had situations where they've actually data mined emails for profit. How do you know that your vendor does not provide backdoors to anything that will monetize your data on the back end of it? One of the ways to do that is to actually go for open source. This does not mean open for break in, which a lot of people will say, oh, open source then everything is public and it's easier to break. No, it means a transparency around how you write your code. And that means that you start to rely on the encryption algorithm, the security architecture, all of those types of things instead of relying on a black box of code where you don't know where your data is going. In this day and age, you're actually better off knowing where your data goes because that is a higher risk than actually the risk of breaking in. And just look up the web. I gave you some of the names here. There's some of the biggest in the business. And yet they still monetize your data that you use for work for profit. And that is by no means the answer that a CISO can give to a CEO who says, I want to improve productivity. How do I know that the data doesn't go anywhere else? Open source might be an answer to that question. The other part is, if you look to how you store your data, end to an encryption actually offers one key advantage over everything else in the way we distribute information. The fact that every message is its own fortress. And if you make sure that there's a double ratchet algorithm that actually also exchanges the encryption key for every single message, you're back to the point that I made initially in this section of the presentation that you now have full 43 people's work encrypted in separate little packages. So now try and be the cyber criminal. If you know that that's the case, you have to break into 90,000 man hours of work one by one. And like you put a little sticker on your front door saying, here's neighbor surveillance or I have an alarm system from some recognized alarm provider. Just that alone is prevention from people actually even trying because the level of work to complete the break in is so big that it's not even worth trying. And the risk that the message you actually break into is valuable or the likelihood is very low. So you create a much higher bar of risk or of effort to actually break into your system. So now we start to build up a system where you transparently can see where your data is going. You're not storing anything in the central store on the cloud where your entire infrastructure can and information can be broken. But you have now split it up in little packages and you've ensured that you don't share your data with any parties that will use it for profit. And all vendors will state that, hey, we're secure. Secure is now becoming just a part of how you sell. You can't really sell a software solution without saying you're secure. But how do I audit that? Try and have a look at most of the vendor you use in your current IT infrastructure and count how many actually publicly release a statement of their security policies or an audit of how they actually function. This is one of the ways that you can test whether people are certain about the way their security function actually worked. Because now, in addition to just doing the open source where you can see how they wrote the code, the encryption, so you make the barrier for break in very high, you also have a way to audit these on a yearly basis and have the vendor pay for that audit so that when your compliance team come and say, are you sure this is secure? The CSO can absolutely say, yes, it is. And if the vendor in addition makes them public and not hidden away, you know that they trust in the security. If they're hidden away, again, you should be concerned. So this is a way of establishing a system where you securely can know my data is safe. I've encrypted every single message, so it's a hard thing to break into. And I can ensure that my compliance is there. And actually, that leads me to the last part of the CSO because modern CSO put out a survey of what is the hardest way or the hardest question for any CSO to answer today. Are we secure? And how do we know? 61% of CSO says this is the most difficult question. And mostly it's because none of these things are known. You don't know how they use your data. You've stored it on a central store where one encryption key can basically make or break whether or not you still have your data or not, or can hold your entire information and production ransom. And finally, there's no public view of how secure this is by an independent third party. Actually, if you stack those four on top of each other, the open source, the enter and encryption, the message fortress, and the final public audit, you can actually go back and say to your CEO when he says, I would like these productivity gains. I would like my organization to be faster. I would like to implement these social tools in order to make it fast. The CSO can actually come back and say, yes, absolutely 100%. We are secure. And they are able to answer the most difficult question that modern CSO agreed was the most difficult question. So here's the last thing I saw from the poll that most of you actually answered 75% of you answered that we have shadow IT in our organization. And for most people, that means that you actually have and you will be no different to most of the organizations we speak to on a general basis. Here's my thesis for that. And it actually comes with this teenager that we put on the separation slide page here. Answer the question. You told me how to be secure. Now I want the speed and mobile at work. And it is not to make all of us teenagers, but we all naturally gravitate to tools that are easy to use, that are always with us, where we can respond, whether we are in the office or not. And that has a user interface that we like and where we can quickly access our conversations with our colleagues, but also partners. Make a phone call, make a video call, share a file, without having to change a massive number of things on your device, log in with a VPN or anything like that. Because number one is that most C shows and when we try to implement security, we think of a process or control. I think the VPN is one of the best examples running around with a dongle and things like that. It's not, it's in the interest of security. Instead of providing people something they want, that is then inherently secure. Because then you gravitate all of your traffic towards the tool that is secure because it's a tool that people actually want to use. So let's try and examine what this actually is and why these tools are so popular and why businesses are actually moving to this. What is it these tools deliver? First and foremost, they're mobile. We have a whole generation of mobile natives and even people like me will be constantly mobile. Businesses are mobile. It needs to be secure whether it's on the desktop device or on the mobile. And you need to make sure that the information stored on the device that could be lost can be wiped separately from the other devices that you're actually using. Create the engagement. Learn from the social media. Make sure that something is happening all the time. Email is one of those places where you go, you spend a lot of time writing a longer one, but you don't stay engaged. The pace is not fast. And think about the most annoying thing for most business people, that is, you have a customer. You want to be in dialogue with them. You want to have that fast ping pong. Is the contract okay? No, I need to change to section 7.1. Fine, what's the required changes back and forth quickly? But don't let that move out of your security perimeter because most of what we do, we make one tool for the emails that's one security perimeter, one for another for a call, a third for the way we would do video calls, a fourth for how we share a file. And by the time we've navigated all of those systems, we've lost the engagement. So assemble the engagement in one place. Keep them engaged. Include things that emotions, reactions so people can clearly say, I like this without having to write a longer essay about how and why they like it. And then here's one of my key things. Open up because internal communication is often non-revenue generating. And we examined how much of businesses communication is actually internal. And the majority of the risk actually exists when you are not opening that tool up. Create a situation where the same tool you use internally can be used by your partners, your customers, the people who apply for jobs at your company. Only when you can do that, you get rid of these things like WhatsApp and shadow IT because now you have a platform which is as easy as WhatsApp to communicate with. Just think of the use case of private bankers who are quite often very close friends with high net worth individuals. And the conversation goes over WhatsApp. And all of a sudden the bank doesn't know what's really happening and then you're violating compliance rules and regulations and everything like that. Why? Because it was easier. So find a tool that actually delivers the usability and extend it to the people you work with and do business with on a daily basis. And then finally try and learn from the social generation. They actually understand ephemeral, meaning that not all information is made to be stored. Some things can run in a channel that's maybe the club channel of the company and can be deleted. It doesn't need to be stored forever. Meanwhile, the situation before that we had with the private banker, that does need to be stored. So have this thing about what is actually ephemeral and can be disappearing like passwords or internal conversations that are not regulated. This can be another part to minimize the amount of data you actually have in your organization. And if you look at the user habits from the tools I showed you at the beginning, Snapchat, for instance, is well understood that all of that is ephemeral. And then lastly, make it fast paced. The short burst of messages, that is your actual productivity gain. And that is why people are addicted to the social tools. And also, you can get a clear advantage if your customers and partners respond the same way. Think about the company that takes a week to get back to you. And then there's a company where it easily, quickly, securely goes back and forth with quick messages. You are much more likely to pick that as a vendor or you as a business is much more likely to win that customer. So those are the lessons from the actual usability. And this is what create the gravitas towards an actual secure solution. So when we sum all of that up, anything that you want to implement in your business should have an economic component illustrated by the CEO, a security component illustrated by the CISO, and then the user component illustrated by the team on the right. So what we just went through here from a productivity gain from an economic sense, it makes sense to implement things like a messenger tool. And actually, the other part and the counterbalance to that is that insurance policies that are becoming more and more and increasingly more popular and increasingly more expensive are based on a model where you pay based on the files that you can actually lose. So if you've encrypted everything one by one, you can at maximum lose one file at a time. And you can save the money on cyber insurance and use it to build a secure fabric of your organization. The CISO can also be happy because he's created a risk to effort equation that is now in the organization's favor. It is no longer one break in and 100,000 files out. It is a million break ins and one file at a time. So the barrier he's created for a security breach is now so high that it's impossible or the stakes are not in the favor of the cyber criminal. And he is delivering instead of an awkward cumbersome solution, he's delivering a privacy and security framework that engages the organization. It is a positive delivery from the CISO. Not another 100 page policy, not another 200 page risk and risk description of what will possibly go wrong, but a tool that engages. And then your users will actually help you drive all of your traffic and all of your information into this secure place. They will help you transform the workplace. They will drive 43% of all of the production we make in a year, in a day, in a minute, into a secure environment rather than distributing that across multiple systems with multiple separate security perimeters and with an unknown structure of where that data actually goes. So now, between the business owner, the CISO, and the user, we can all answer the question why we're secure. And we can all answer the question of why it makes sense to implement anything through the tune of a secure, end-to-end, open source encrypted messenger in your organization as it will protect you and will create a barrier that is so high that the likelihood your business will be hit by a cyber crime is significantly reduced. And here ends the actual presentation. I will leave it here at the last slide. And I'll then just have a quick view at the questions that have come in from the Q&A. And one of the questions that has come in is that how do you actually think about the world of private and personal in this context? Because a lot of the things that happen with WhatsApp is that it's used privately. And then you quote unquote, accidentally use it for business as it uploads all of your contacts anyway. So the CEO of the other company that you need to go play golf with or the customer or candidate that you're just communicated with anyway, they were just on Skype or something like that, which uploaded all the data. So it actually comes with a bit of the bring-your-own-device type of thing. So how do we think about that? I think it's a key question. And it begs the answer that how do you deal with something and compete with something that is free? I think you need to think about, and how do you deal with something that people use and like anyway from the private sphere? You can think about it in two ways. A, provide something which is equally free to your partners and that they can use, which still has the same functionality and usability. And they can quickly learn that because one of the main barriers to taking up like client intranets or anything like that or actually the reason why email is so popular is that it's easy to learn. So have an offer which basically has a free component that you can give to your partners and say, we value your information, use this, and your communication will be secure with us. It can even be a business part or a business proposition for the other party. And then the other thing is to think about, could you have multiple profiles in the messenger? One which is private and one which is completely separated from the business one. So that the business controls the information that actually sits on the business side but does not have to delete and invade the private sphere of the person's working for them. So I think that's at least the answer to that question. And I will just have a quick look again and see what else is there. Then there's a quick question on whether or not it's possible to have this for private use as well and how you could combine those two. And again, I think that goes back to the same answer. I just gave, make sure that it actually has a component which can be private and can be separate from the the corporate perspective. And those were the two questions that were actually part of the chat as it stands. If there are no further questions and I'll just leave it a small pause here if there are any other questions. Otherwise I will thank everyone for their participation. I will make the slides available. You will receive that as an email if we've registered for the webinar. You will receive that as an email and I will also make them available online along with the entire recording should you have missed portions of the presentation. Thank you everyone. Have a good day or evening or morning wherever you are in the world. Thank you very much for spending time with wire on this webinar. Thank you.