MetriSight Ep.61 – Realizing Collaboration ROI via Compliance; a Conversation with Theta Lake CEO Devin Redmond

May 07, 2024 00:28:15
MetriSight Ep.61 – Realizing Collaboration ROI via Compliance; a Conversation with Theta Lake CEO Devin Redmond
Metrigy MetriSight
MetriSight Ep.61 – Realizing Collaboration ROI via Compliance; a Conversation with Theta Lake CEO Devin Redmond

May 07 2024 | 00:28:15

/

Show Notes

New collaboration applications and features are rapidly transforming employee and customer engagement. But for regulated companies to achieve success, they must ensure that application adoption meets compliance requirements. Here from Theta Lake, a leader in compliance solutions for emerging collaboration applications, as we discuss what IT, business, and compliance leaders need to do to maximize ROI and productivity.

View Full Transcript

Episode Transcript

[00:00:22] Speaker A: Hi everyone, this is Erwin Lazar, president and principal analyst here at Metrugy, and welcome to this episode of the Metrogy Metrosite. I'm excited to be joined by Devin Redman, who is CEO of Theta Lake. And we're going to talk about how companies can realize a return on investment for their collaboration and communications investments and applications by ensuring compliance and meeting regulatory and compliance needs. I'm excited to get Devin's thoughts on a variety of topics as we go through the discussion, including how companies can safely deploy new collaboration capabilities. What are some of the risks of just trying to block application access for employees and how to organize effectively to support compliance? And we'll also, of course, touch on generative AI and how Theta Lakes platform provides a unified way for organizations to manage compliance across multiple applications. Devin, welcome to the show. [00:01:10] Speaker B: Hey, it's great to be here, Erwin, really happy to have the opportunity to speak with you. [00:01:13] Speaker A: Yeah, me too. I'm very much looking forward to this conversation. So I always like to start these off with tell us a little bit about you. How did you get involved in the communication collaboration compliance industry? [00:01:24] Speaker B: Yeah, it's a great question. It's a long, long story. Unfortunately. I wish it was a short story, and then I was a much younger person, but I started my career in security and compliance as a broader category back in 1997, and then for the past two decades, really centered in a thesis around communication, compliance and things like DLP as well. Right? How do you protect the sensitive data that people are creating and sharing? And that thesis really has centered around the reality that as we change the way we communicate from a tooling perspective and infrastructure perspective, and we change the way we create and share information and interact with each other, that evolution of tool sets and technologies always brings with it the need to have an evolution of the technology sets for communication, compliance and having perspective and kind of deep history in that space. It always feels to me as an entrepreneur, as a founder, as someone who cares a lot about technology, as a place where I can contribute, and I'm lucky enough to have a co founder and a leadership team that I've worked with for many decades that also had that same thesis. So that's kind of how we generally started in this space. And then specifically, we just saw the wave of new collaboration tools that were amassing prior to the pandemic and starting to pick up steam and then just completely transformed the way we work in the modern workplace during the pandemic and after. [00:02:56] Speaker A: Yeah, so the timing was definitely good in terms of, like, you said the transformative impact that the pandemic had on collaboration. [00:03:04] Speaker B: Yeah, for sure. For sure. [00:03:06] Speaker A: So tell us a little bit about Theta Lake. How did you come about starting it and give us, our audience a little bit of an overview of what you do? [00:03:13] Speaker C: Yeah. [00:03:14] Speaker B: My co founder and I, after exiting from our last security and compliance company, which we had built and then sold to a larger public company in the security and compliance space, after spending some time there, we both decided to take a little bit of time off and then really wanted to get back together and see if any of our premise or thesis or perception of the market had changed or what had happened during that timeframe. And really what we saw was more and more adoption of mesh communication tools. So not just video, not just video conferencing, but the fact that you could chat inside of a video meeting or inside of a chat, you could initiate a phone call, or you could share a file, or you could post a picture. And seeing that mesh and having been on the front lines of building technology that was in essence either designed for things like email and very textual based communications, or things designed purely for voice, that reality of everything meshing together kind of broke both of those individually, but also highlighted the disconnect between having those silos. And we thought, hey, we've been through this before and we kind of know what those pain points are going to be for customers. So we should be part of the solution to that. And really felt like Theta Lake should be the disruptive solution that is designed to help organizations modernize compliance for all of those new communication and collaboration tools. [00:04:46] Speaker C: Yeah. [00:04:46] Speaker A: The reality is, like you said, coming from an email voice world, we kind of layered in IM and then sort of stopped there for a little while. And now theres 16 different ways that people communicate and collaborate, right yeah, exactly, exactly. [00:04:57] Speaker B: And they all work seamlessly together. And the rest of the infrastructure thats designed to protect you and give you insight into it typically doesnt work that way. [00:05:06] Speaker C: Yeah. [00:05:07] Speaker A: So lets talk a little bit about some of the compliance challenges that companies are facing. And in our research, we go out and gather data from end user organizations and try and understand what problems they're dealing with and how they're trying to solve them. And one of the ways that we found the companies address compliance and security concerns is, well, they just turn features off. So we'll disable whiteboard, or we'll disable in meeting chat like you mentioned earlier, or we won't allow people to chat outside of company boundaries because we don't know how to protect it. So what, what do you see as some of the concerns or implications of. Called it in the webinar we recently did with some of your folks, the doctor. No approach. We're just going to ban collaboration applications and hope that people don't find a way around them. [00:05:51] Speaker B: Yeah, you know, I find. I find it very ironic in many ways because the intent behind that, from a organizational perspective, is to reduce the risk surface area. Right. So I completely understand the challenge of, you know, compatriots that have to deal with those compliance scenarios. What I find very ironic, though, is that very action is typically what increases the amount of off channel communications. And there are other implications for things like productivity and ROI. But if you just think purely about the ROI of trying to reduce the impact of compliance violations, regulatory missteps that can trigger fines for not record keeping the right things, right, having off channel communications or not being able to produce records or not being able to supervise, the impact of turning things off in your chosen communication tools where you can actually do monitoring because you're concerned that you may not have the time or the model. Actually, ultimately, in today's modern world with high accessibility, cloud native applications means that your users, when they face friction, will just go to those other tools, even if they're doing the wrong thing for the right reason, trying to get their job done. If you introduce that friction, you will drive them to off channel communications. You know, that is not a disputable scenario. That's just the fact of how people work today and the accessibility of the technology set. So I find that as one core thing, that's just very ironic, because the very act of trying to turn things off for compliance creates more and more off channel, non monitored, non compliant behavior by the end user population. So that's one big thing. And then there's a whole conversation about what that does to your productivity of the employees, what it does to your ROI, of what you're trying to do with the collaboration suites and the communication suites as well. [00:07:53] Speaker C: Yeah. [00:07:53] Speaker A: And we've certainly seen on the first point that you made a large number of fines here in the US from the securities Exchange Commission reaching into the billions of dollars now. Right. For companies that are having that off channel communications and not doing anything to police it. [00:08:09] Speaker C: Right? Yes. [00:08:10] Speaker B: Yeah, for sure. For sure. It's become, you know, it used to be leading headlines and now it's just kind of something that's rote, right? You just expect it to occur and if you haven't been fine, you know, you're probably going to have to either self report or work on that, because every organization through that process of trying to kind of tighten what their end users can use creates this scenario where you have more and more off channel, and it's very easy for the regulators to just ask very simple, probative questions around that and get the exact result that, you know, you kind of know. It's a foregone conclusion that people, when they don't get the tools they want, they will use the most convenient and easiest tools to communicate. Many times it's not necessarily a sign of malfeasance, it's just a sign of better communication. Infrastructure always wins. [00:09:01] Speaker C: Yeah. [00:09:01] Speaker A: And this isn't a new issue. I mean, I did a study for a company probably 15 years ago, where we went out to users and asked about what kind of tools they were using to collaborate, and we found while they were using Skype and they were using Google Drive to share documents outside because their company didn't have any of those capabilities in house. So it seems like what's old is new, right? [00:09:21] Speaker B: Yeah. It's always the same. The more friction you introduce in the end users, if they have easier alternatives that they can have ready access to, they will take it. And I think that the challenge for security and compliance professionals with that whole reality is not just that they need to get their arms around it, but that they think that they can't do those new things. And so they lock down further and further. And what it does is it creates more and more noise from the good users who do bad things for, you know, the right reason in those scenarios. But that means it's even harder to find the needle and the stack of needles underneath the stack of hay of people who are actually doing malfeasance. Right. They're actually creating a diminishing return on their capabilities by not solving for what they could monitor and capture and trying to engage users and keep them on channel instead of off channel. [00:10:24] Speaker A: So what do you see as best practices to bring the people who are driving the deployment of new collaboration capabilities because they see the ROI through improved productivity, customer service, sales, responsiveness, et cetera, versus the security compliance folks who may come at it with a more of a, you know, we want to minimize risk and not allow these kind of capabilities. So how do you build the communication infrastructure and the compliance infrastructure that allows companies to take advantage of these communication apps and make both groups happy? [00:10:57] Speaker B: Yeah, this is kind of a core tenet of our business, and I think you followed us for a while. For folks who haven't maybe been as familiar with Data Lake. We're very tightly embedded with the communication platforms themselves, the providers, from Zoom and Cisco to RingCentral to partnership with Microsoft and Salesforce and Slack, very, very tightly aligned. And we view that as a, not just a core capability of our technology in a way that we keep abreast of those. It's also a way to help educate folks who own UC infrastructure on how they can remove some of that friction, but really make their organizations more compliant and really help solve some of those problems for their compliance compatriots who frankly are overwhelmed. [00:11:48] Speaker C: Right. [00:11:48] Speaker B: If you think about the way we communicated just ten years ago and the volume of that which was ever increasing, and then you just layer on more and more stuff, right? It's not like we've abandoned email. Email is still ever present and ever growing. But now I have to think about all of the different chats. I have to think about my work, stream management, project management tools. I have to think about visual digital collaboration and whiteboarding. I have to think about in meeting chat and persistent chat. And that is just a mass of infrastructure. And so really helping the UC teams understand the pain points that their compliance compatriots have, giving them tools where they can take ownership of providing some of the solution right, making sure that they're getting the right things to the right places to their compatriots. Whether it's going to an existing email archive or voice recording infrastructure, whether it's providing reconciliation reporting, doing the types of things that are going to help empower them to turn on the suites of features that their end users demand that help the business really fight for the eyeball time as well. If you have a fully provisioned UC tool, the physics of time are really going to mean that your users are spending more of their work on channel and are less likely to abandon and go off channel. So you're really improving your compliance surface area by doing that. And UC has a primary role to play in that, to help their compatriots in compliance insecurity and insider risk with that. [00:13:19] Speaker A: Yeah, no, definitely agree. And that's one of the things we always see. The companies are challenged in building that right organization. But we have seen our research that security teams are more involved in communication, collaboration, discussions, decisions, product evaluations than ever before. So at least we're heading in the right direction, hopefully. [00:13:37] Speaker B: Yeah, I think so. I think so. [00:13:38] Speaker C: For sure. Yeah. [00:13:40] Speaker A: So what are you, where does Theta Lake come into play versus some of the native controls that might be available within. You mentioned some of your partners to support things like data loss prevention and so on. What do you see is the role of that third party platform? [00:13:58] Speaker B: Yeah, I think every vendor in the space from Microsoft and Zoom and Cisco all the way through, should always have a baseline expectation of controls that they can expose, of ways to retain data, of the ability to provide functionality, to block certain behaviors or types of data, that should always be a baseline. Beyond that, when you get into the world of how users end up interacting across a mesh of different tools and data types and modalities of communication, the reality is there needs to be something that is that next layer deeper that can give you more focused and purposeful insights into what's happening in the communications, that can do more sophisticated things based on what type of communication it is and the user population that's using it and the region that they are in, so that you can make sure that you segment those communications and treat them the right way, have speciality in terms of what you can retain. But then even beyond that, really taking advantage of the APIs that those very communication providers provide to us, to be able to do things around communications. For example, putting a disclaimer in a meeting to make sure that users know that there are regulated users in that conversation, and that any advice that they may provide is subject to terms and conditions, and putting a link to the terms and conditions, or seeing something that is unstructured, sensitive data. Right. So not a credit card, not a Social Security number. I think those are kind of table stakes. But seeing something in there that is material and non public information that is unique to the individual organization, and being able to remediate it out of a chat stream or a chat channel that's been ongoing for a year or 18 months, and that's been live, and that being able to do things like see those very nuanced scenarios and provide very fine grained ability to go in and remove the risk out of that, be able to report on it, and be able to do that across a myriad of tools at the same time as well. [00:16:05] Speaker A: Yeah, I had a chance to see a demo at Enterprise Connect in your booth. And to me, one of the most compelling use cases I saw was that ability to have that unified vision. So if there's a conversation between multiple people that was flagged for some reason, that you can look at all the different ways that people may have been involved in communicating above and beyond just email and being in those silos like you talked about earlier, and then also that ability to highlight things like emojis and gifs, and things that may be difficult to see in a text world, but might generate some concern. Right? [00:16:41] Speaker B: Yeah, yeah, exactly. Exactly. I think when we look at what we've been able to do by baking into the different communication tools and then providing that higher level visibility across, say, you and I have been working on a project for a year or, or longer, being able to look across all the places where we exchanged information on that project, whether it is a voice call and having the actual audio, not just a transcript, or we jump to a video meeting, but in that video meeting, we shared a whiteboard and there was content on that whiteboard. Being able to follow that flow, but then drill into at any point where there was a potential risk and really see, that is something that I'm very proud of. I think that's part of our intellectual property and is premised on our tight integration with all of those different platforms and our ability to kind of pull that into one view so you can see the way people work today. And, you know, I think you've seen some of our research that we've done with our customers and folks that we work with around how many tools they actually use, and it's a staggering number. And growing as new communication tools collaboration features evolve and become available to end users, you end up with 1012 different things that you're using to communicate, and increasingly they're interoperable. So the ease of navigating or moving across different mediums and different tools and modalities is intensive for most organizations. And so being able to follow a conversation as it traverses that mesh of communication modalities and tools is very important for security and risk. [00:18:25] Speaker C: Yeah. [00:18:25] Speaker A: And like you said, the number of applications and modalities, even within applications, continues to grow. You used the term overwhelming a few minutes ago. So we have to talk about generative AI. Right. How do you see generative AI both creating compliance concerns, but also maybe potentially something you could leverage to improve the ability to identify potential problems. [00:18:46] Speaker B: Yeah. And I think, you know, this is a, you can't have a conversation about communication and collaboration without using generative AI, generative AI or discussing generative AI. So it's something that we've been very deep on for a long time across the broader category of AI and machine learning. And then as generative AI has come on as a way really thinking about kind of two buckets. Right. How does it impact our customers? And what do they have to consider around generative AI? And then how do we really leverage this next wave of AI to improve the capabilities of our product, whether things that are very visible to end users or things that may not be as visible to end users in that first bucket of how it affects customers really thinking about what else do they now need to consider from a capture perspective? If you've got note takers in a meeting, how do you treat the notes that are generated out of that? If it's a third party note taker, how do you detect that it was present? And then after you detect that it was present, what do you do with the content that was in the meeting that maybe you don't have access to that note taker and how it was generated? How do you do things like put a disclaimer in there to let people know that maybe some of the content that's going to be exposed was generated from an AI based tool, et cetera. So there are a lot of things that end users have to think about from that perspective, and we think about how we can play with that. How do you capture a prompt? How do you capture the reply of a prompt? Because that in of itself is actually a conversation and you want to know what people are asking and what data is being used in the response. So all of those things kind of live on that side for us, providing functionality to capture those, providing functionality to give visibility and reporting on that and analyze any potential risks in those interactions. Key the other part is ourselves using generative AI, obviously in a very. [00:20:48] Speaker C: Tightly. [00:20:48] Speaker B: Contained way, so we're not looking at any sensitive data inappropriately. It's only accessing data that has been appropriate. But being able to do things like take that conversation summary. We were just talking about that visibility of maybe you and I collaborating on a project for 18 months and being able to see the whole flow, the conversation in the timeline and drilling however I want, but also have a summary next to it that takes that 18 months and says, here's the main thing they talked about, how many times they talked about it, what happened in that conversation? Is there something that summarized as a risk out of that that should be surfaced in? And that's something we actually introduced into the product, the ability to do summarization of a long timeline of conversation and provide that to an end user. And that's one example for us. Other examples are how you can really leverage generative AI to improve your training models for detections as well. And there's just endless number of use cases on that front. [00:21:50] Speaker A: And I assume that opens up the door to company specific or industry specific or even regional specific training. [00:21:58] Speaker C: Yes, for sure, for sure. [00:21:59] Speaker B: And something we really think about. [00:22:03] Speaker C: In. [00:22:04] Speaker B: Conjunction with kind of working with our customers or in partnership with them, and thinking about very specific things that we can do with them, whether it's letting them leverage data that we've collected and using their generative AI, whether it's creating very unique training models based on things that we'll see in a particular geo, et cetera. [00:22:25] Speaker C: Yeah. [00:22:26] Speaker A: So I know we're getting close to end of time, so a couple of questions I really want to drill down in, and one is, I think that productivity piece, you know, that really hasn't been a discussion point to date in a lot of what conversations I've had with organizations as they're thinking about security and compliance, is how do you safely take advantage of these applications so you realize the productivity benefits. So how do you see that discussion evolving with your customers versus, I guess, the fear and uncertainty and doubt argument, which is if you don't invest in protection, you're putting your company at tremendous risk. [00:22:59] Speaker B: Yeah, and I think it's key to unlocking the capabilities of the collaboration tools, but it's also key to changing that mindset. If you're focused on turning things off, you are not only going to have that irony of increasing volumes of off channel communications, unmonitored communications, what you're also doing is you're hurting the productivity of your organization. You can take very simple use cases like being religious about not having in meeting chat because it generates ecommerce, and thinking that that is an unsolvable problem versus realizing that when you do that, you are likely driving some percentage of those users to use SMS or WhatsApp or some other tool to communicate during a meeting because they can't communicate in the meeting. Other users, you're actually driving them to now not be focused in the meeting, they're not working in the meeting. They've shifted over to an entirely different chat stream, and they're working outside of that. And so by definition, they are not being as productive as they could. They are not focused in the meeting. The meeting probably drags, they're probably repetitive in their questions, or they're just not paying attention at all and they miss the context. And they waste their time and somebody else's time because they're doing something somewhere else, because they can't do what they need to do inside of that tool. And that's just one example. You can overlay that into any scenario in chat. If you turn off features inside of your chat platform, people have to go somewhere else to maybe share a file or work on something from a work stream perspective or a digital whiteboard digital collaboration space, that conversation of not only do you hurt the productivity of the employees, you probably hurt the ROI of what you've spent money on, right? If you're paying for those features, but you're not using them, you're not going to get good value for money on that. And then even beyond that, there's that argument of eyeball time. The more you keep people engaged, the more they really tap into the benefits of those platforms and the less time they have to do things that are off channel and unmonitored and introduce risk. [00:25:07] Speaker A: And definitely as people are moving into some of those channels, like we talked about earlier, some of the financial risk that that presents to the company. So what's your one takeaway? If people listening to this hear nothing else, what's the one action item that you recommend that they do as they go back to their organization? [00:25:26] Speaker B: Yeah, to me it is really trying to embrace the tool sets that you selected as fully as you possibly can. Leverage their feature sets, leverage the extended capabilities, really try to solve for capture requirements and record keeping, solve for your ability to supervise, because that will have an exponential benefit. Right. It will drive ROI in terms of what you're spending your money on. It will drive productivity, which will drive top line benefits for your organization. It will drive engagement of the employees on core platforms that you can manage, which will, by default, automatically reduce their off channel communications and reduce the amount of things that you don't know or the signal noise that you have and leverage technologies that can help you navigate that, that simplify it so that it's not so inefficient, because that's also one of the concerns that we see, like, how do I deal with all of these new communications in my old tool set that makes it very hard to navigate? Well, that's what you should solve for is find something that makes it easy to navigate so that you can realize all of those benefits. [00:26:35] Speaker A: Yeah, it definitely makes sense. So how can people get in touch with you if they'd like to follow up or learn a little bit more about Theta Lake? [00:26:40] Speaker C: Yeah. [00:26:41] Speaker B: The best way to reach us right on the website, thetalake.com, right in the upper right is a request a demo button. And I'm a big believer that seeing is believing, right? We can talk about all these capabilities and what we can do, but we back it up and we're happy to show anybody anytime. So go to the website, request, a demo. You might be unfortunate enough to maybe even have me participate in a demo, which I still like to do from time to time, but that's the best way to really see us in action and get the perspective on what we can really do to help. [00:27:14] Speaker A: I'll second that. Like I said, having a chance to sit on calls with a number of your folks and learn more about the product is great, but having that opportunity to go to the booth at Enterprise Connect and see a live demo of Theta Lake in action was really impressive. [00:27:28] Speaker C: Yeah. [00:27:28] Speaker B: Thank you. Thank you. Yeah, we're very proud, but we're always happy to get people's reactions and show them what we think makes us special. [00:27:38] Speaker C: Excellent. [00:27:39] Speaker A: So with that, I'll go ahead and wrap up this episode of the Metrogy Metro site again. Devin, I'd like to thank you for joining us. And as Devin said, please go ahead and check theta Lake [email protected] dot if you like this episode, please share it with your friends and colleagues. And remember that we publish metrosite on a bi weekly basis, so please be sure to check out our archives and keep your eye out for future episodes on our YouTube channel, our website, and your favorite podcasting app. Thank you so much and have a great day. [00:28:05] Speaker C: Thanks, everybody.

Other Episodes

Episode 0

January 30, 2023 00:22:59
Episode Cover

MetriSight Ep.28 - Inside Cisco's Strength-Based Culture

Roxanne Bisby Davis, senior director for people research and intelligence at Cisco, discusses the company's data-driven, research-based approach to keeping people in the spotlight...

Listen

Episode

August 05, 2024 00:22:27
Episode Cover

MetriSight Ep.66 - Chatting about Google Meet

In this episode we talk with Mark Ewing, Product Management Director for Google Meet, Rooms, and Voice about Google's vision and plans for hybrid...

Listen

Episode 0

January 04, 2023 00:22:04
Episode Cover

MetriSight Ep.24 - An Interview with Mike Frayne, CEO of VOSS Digital Workplace Management

The UC landscape continues to rapidly evolve as organizations embrace cloud, support the needs of a hybrid workforce, and seek to optimize OpEx during...

Listen