Protecting your Data in the Digital Age of Events | Featuring: Sean McGuire, SVP of Technology, Cramer 

Transcript:

Elise Orlowski:

I’m Elise Orlowski, a senior video director here at Cramer.

Tripp Underwood:

And I’m Tripp Underwood, a creative director at Cramer.

Elise Orlowski:

And at Cramer, we work with so many incredibly fascinating people from all over multiple industries.

Tripp Underwood:

We have so many great conversations, many that are just too good to keep to ourselves. So now we’re sharing them with the world.

Elise Orlowski:

Right here from Cramer studios.

Tripp Underwood:

This is Pivot Points.

Elise Orlowski:

Cut.

Tripp Underwood:

Welcome to another episode of Pivot Points. Elise, nice to see you back in the studio.

Elise Orlowski:

Good to see you.

Tripp Underwood:

And doing things a little bit differently today. In the events world traditionally, we work with a lot of people on the client side and there are two people that can really make or break an event. And those two people tend to live in the CSuite and those are the CMOs and the CEOs. But recently, in the past, I’d say, year or so, there’s been another player in that space that has a very, very important voice these days, and that is the CIO. Traditionally, somewhat more of a minor player now and has really lately become a major, major player. So to shine a little light on why that is and what it means for both us and our clients, we have Sean McGuire, Cramer’s SVP of technology.

Elise Orlowski:

And the person who I’m most excited to get emails from.

Sean McGuire:

Yeah, isn’t everybody? I think people run and hide when they see a, “please read, everyone” email from me.

Tripp Underwood:

IT emails is like Christmas morning, you just wake up…

Sean McGuire:

Yeah. You like to think, well, that’s just not pertinent into me, I’m not even going to open that one. But thankfully people do.

Tripp Underwood:

And that is the point of today’s conversation is, traditionally, IT was this realm of only a few people really cared about it, everyone else was moderately aware of it. And now, as we move to virtual things, get a little bit more digital, IT is now becoming, I’m not going to say everybody’s problem, but definitely becoming everybody’s responsibility.

Sean McGuire:

Absolutely.

Tripp Underwood:

Which is a little bit what I’d like to talk about. Let’s just break down the landscape a little bit. When did this kind of shift happen most recently and how did that unfold on the corporate end? And why does it matter to us as event professionals?

Sean McGuire:

Well, definitely over the last 10 years, for sure. There’s been a massive change in how we think about data and how data is accessed, shared, collected, distributed. A lot of changes in the regulatory climate. There’s a GDPR regulation that passed in Europe, that was a big influence as far as what all businesses do, because most of our clients are multinational organizations. So they have to comply with EU legislation, even if it’s not the law of the land here, in the United States.

Elise Orlowski:

That’s interesting.

Sean McGuire:

The real change and think has really been, at one point you thought of data as this ancillary thing, it was just part of the process off to the side.

Tripp Underwood:

In the cloud.

Elise Orlowski:

But now, data is king, as they say.

Sean McGuire:

It really is. Data has quickly become the prime commodity in the world, so data’s the new gold. So I think when we think about data as gold and we look through that prism, it definitely informs us, as far as how we should be handling it. I think in any conversation you have about cybersecurity. If you simply just subtracted the word data and inserted the word gold, I think everyone could suddenly wrap their heads around, how are we going to secure the gold? How are we going to control access to the gold? So that’s really the thing that has changed the most.

Tripp Underwood:

Right, because it’s value as a commodity really has shifted. Like you said, it’s always been there, but now everyone’s looking at it as this incredibly valuable commodity, which means the security of therefore, is much more important. So that said, you have this big mind shift within the industry of how we view data, which means we have to change how we protect data.

Sean McGuire:

Exactly. Yeah.

Tripp Underwood:

And that comes with-

Elise Orlowski:

Protect the gold.

Tripp Underwood:

Protect the gold. Growing pains. Change involves growing pains.

Sean McGuire:

Yeah, there’ve been a few here, there, everywhere. Definitely here. I think every organization, I think anyone who works for any kind of business can certainly attest to all the changes that have had to happen. And to be honest, they’re not read as positive changes, at least not from a user experience perspective. If anything, these security measures introduce a lot more friction between people and the technology. So these are always very unpopular policies. And I’ve joked before, I’m definitely not at the top of anyone’s Christmas card list here. And that’s because a lot of times, if you’re seeing a communication for me about security change, the initial read is going to be, okay, things are going to be a little bit more difficult, there’s a new step.

Sean McGuire:

And to be honest, that’s not popular. And to be honest, I have to conform to exact same policies and standards we have to impose on the rest of our population here. I can definitely empathize with how difficult it can make things. But there are a lot of particular security measures. Used to be, you needed a login and a password and you were in. And now we have this thing called multifactor authentication, which means that it’s not just enough to be in possession of your login or username and password. You now have to have your identity verified by an alternate factor, which is typically an application running on your phone or a text message or something like that. That really ensures that it is you, and not some hacker who has simply come across your username and password and is trying to use them.

Tripp Underwood:

And where does a company like Cramer, who is this kind of third-party vendor for our clients, they have their protocols and security measures. And then we’re this outside party, and yet all their very valuable gold is now going through us. And as far as their IT teams are concerned, we’re just some strangers out in Boston. How does that relationship work?

Elise Orlowski:

Yeah, do you find the security almost to be like we’re more vulnerable than even the big large companies because we’re a third-party vendor?

Sean McGuire:

Right. Well, if you think about some of the more notable, I should say, more heavily publicized hacks that have been out there, things like Edward Snowden and Hillary Clinton’s emails and WikiLeaks and all of this stuff. And you think about, how did this really happen? Edward Snowden, he didn’t work for the government, he worked for a contractor that the government has hired. So I think with a lot of these larger organizations, they are of course, very buttoned down when it comes to how they’re handling their data and access to their environment. But they need to make sure that all the vendors that they’re partnering with who have selective access to some of this data and selectively to their environment, that we, to the degree we can, mirror their policies and standards.

Tripp Underwood:

And what does that mean for someone like you and your team, considering we have multiple clients? So that means you’re adhering to multiple different, very stringent standards that I’m assuming…

Elise Orlowski:

Sure, yeah. There’s not just one way to keep everyone secure.

Tripp Underwood:

Elise and I deal with different brand guidelines.

Elise Orlowski:

Yes.

Tripp Underwood:

And it’s a lot more fluid and easy to keep straight. And also, God forbid if we get a color palette wrong, or I use the passive voice instead of the active voice.

Sean McGuire:

Right.

Tripp Underwood:

It doesn’t result in a meltdown of epic proportions. However, on your side, there is no wiggle room. So what’s that like keeping all that straight?

Sean McGuire:

Yeah, and a lot of the people you interact with don’t really have awesome senses of humor either. They just want to make sure that we’re doing what’s necessary to secure our organization, which subsequently helps to ensure the interaction between our organization and theirs. So in many ways, I’ve become the security and compliance officer representative of our clients, internally here at Cramer. So in many ways, we’re literally doing their bidding.

Tripp Underwood:

Mm-hmm (affirmative).

Sean McGuire:

So there are multiple layers of the business, both from the account manager management side, and definitely from the creative side, and producers, and things of that. That it’s really just another layer on the onion there, where I have to get involved and make sure that we’re doing all of the things that we need to do to secure our clients data.

Elise Orlowski:

In terms of security, I’m curious, because I feel like now because data is king and you see all these different hacking stories, do you think there’s ever going to be a landscape where it’s going to get better or more streamlined for us?

Sean McGuire:

Oh, I wish.

Elise Orlowski:

Or do think it’s just going to get more and more complicated as things go forth?

Tripp Underwood:

Security evolves, so hacking evolves. It’s a give and take symbiotic relationship.

Sean McGuire:

I’d love to say that we turn a corner or that there’s a finish line, but the reality is, we’re just engaged in a race for which there is no finish line.

Elise Orlowski:

Which means we need to take it more and more seriously as it continues.

Sean McGuire:

Exactly. It’s not a really great story, a lot of times I feel like I’m the Care Bear with the clouds and the rain, and everyone else is the rainbow and the sunshine.

Tripp Underwood:

Grumpy Bear was his name, if memory serves correct.

Sean McGuire:

Yeah. But to be honest, it’s a war that never ends.

Tripp Underwood:

Okay.

Sean McGuire:

There’s just a lot more innovation on the bad actor side. That it’s a perpetual problem, as soon as you feel that you’ve solved for all the common vectors that one would use to access information unlawfully. As soon as you plug those holes, some new ones pop up and you have to come innovate new solutions to answer for those potential attack vectors as well.

Tripp Underwood:

Staying vigilant. As the data and IT becomes a more prominent member in decision making, on the client side, some of the clients that I work directly with, they haven’t been consulting with IT as much as they should have because to be honest, they just didn’t know. And I’ve run into some situations where we’ve been pretty far along in a program and someone says, “Did you check this with IT?” And someone will say, “No, do I need to?” And they’ll say, “Yeah.” And then all of a sudden everything changes. So I’m curious if you can maybe give some tips for our viewers in-

Elise Orlowski:

Being proactive, not reactive.

Tripp Underwood:

My clients. What’s some things that they can do early in the planning stage to avoid these IT dust ups or changes later on in the road?

Sean McGuire:

Well, I think when you’re planning for a program and if you’re on the client side, definitely engage your security and compliance organization just to make sure that they know, “Hey, we’re doing this thing. We’re engaging these vendors. We’re going to be using these platforms. What do we need to do?” And I think that that will certainly help keep us from that situation where you’re halfway down on the road to the event, and then all of a sudden there’s a potential derailment. Because to be honest, the security compliance people have quite a voice and if whatever reason they’re not satisfied that this is going to be a safe endeavor for their organization, they can absolutely put the kibosh on the process, and rightfully so.

Sean McGuire:

So I think the best advice I would have for our client contacts is just, make sure that their internal security and compliance organizations understand what they’re doing. And I spend a lot of my time participating in security reviews and answering specific questions, or in many cases, whole questionnaires, or full blown audits. Whatever the case may be, because we’re always very above board, here’s who we are, here’s what we’re doing, here are all the steps that we’re taking. If they have specific recommendations, we implement them as quickly as we can, definitely before their event were to occur.

Tripp Underwood:

And then Elise, on your I side, we have to start being more vigilant ourselves to just ask our clients, “This is great. Just out of curiosity, have you guys already gone through your security and compliance team? Do you have one?” And sometimes they might not even know and be like, “Oh, that’s…” Just by mentioning it in a meeting and they send an email and all a sudden, oh, thank goodness you did that. I didn’t even know. And I would do that. We kind of talked to about this, takes a village mentality of, everyone needs to be aware of it. Even if someone like me who doesn’t get any of it, all I have to do is say, “Have you talked to the right people?” Like on my team, “Did you talk to Sean about this?” Or to my client, “Did you talk to your IT people, so I can connect them with my IT people and they can exactly do their IT thing?” But just being proactive.

Sean McGuire:

And nobody likes to get involved in the details either, just do the IT thing, that thing over there. Just keep us happening.

Elise Orlowski:

No, it’s helpful because I think we use a lot of tools creatively. But video directors, we use different video editing platforms or review processes and stuff like that. And when you’re in the nitty gritty of everything, you don’t think, oh, if someone gets this link, or if someone else views this, or I send this to the wrong email it’s going to be detrimental to that company. You never think that in the heat of battle, because you’re like, “I just got to get this done. We’re working towards this.” And so, no, it’s helpful to know that it is a really serious issue and ultimately, it could… I never thought, until you said about Snowden, we are the most vulnerable area in which…

Sean McGuire:

Or we could be, it’s my job to make sure that we’re not.

Elise Orlowski:

Yeah.

Tripp Underwood:

And I think also, that idea of, at least for me, like you said, protecting more than just the front door. So if we go back to protect the gold analogy, you have a vault, you have a big iron gate, and you got a bunch of guards and dogs at the front, but then you leave the back window open. You know what I mean? You have to, from the Cramer perspective, is making sure our video [inaudible 00:13:24] is compliant, making sure that any of our cloud migration that we’ve done with editing software goes back and checks all those boxes and just start to finish, making our nose is clean, I think is super important.

Elise Orlowski:

Yeah, 100%.

Sean McGuire:

Yeah. And as soon as we feel like we haven’t liked the… We’ll find that something has changed, either in the regulatory environment, or in the ways that platforms work, or with client expectations. Because Cramer, we’re client driven to the bone. If we think about this IT security stuff, where does it come from? It comes from our clients. We didn’t necessarily-

Tripp Underwood:

This isn’t something you want to do on a daily basis?

Sean McGuire:

I don’t sit around at home and dream up and be like, “How am I going to make things worse for the average Cramer employee tomorrow, and how am I going to implement that?” Always client driven. And that’s really one of the greatest strengths of our organization is, if our clients suddenly have a different expectation of us, that we’re very fast and agile, and we can definitely adapt to meet those challenges.

Tripp Underwood:

Yep. We’re a very nimble building, which is something we always pride on, and this is an extension of that.

Sean McGuire:

Exactly.

Tripp Underwood:

Awesome. Well, super helpful. I learned stuff, which honestly, when I looked at my schedule today and it says, we’re doing the compliance and security stuff, I was like, oh, great.

Elise Orlowski:

I was like, yay.

Sean McGuire:

Even I was like, wow, that is a dry topic. You sure?

Tripp Underwood:

We’ve done a masterful job making it work and explaining it and just helping people out, which was-

Elise Orlowski:

And seeing why we need to take it seriously.

Tripp Underwood:

It’s all we can hope to do.

Sean McGuire:

So you’re going to open emails now, is that what’s going to happen?

Elise Orlowski:

I’m going to read them now.

Sean McGuire:

Okay.

Tripp Underwood:

As long as it’s not a phishing scam.

Sean McGuire:

That’s important.

Tripp Underwood:

Exactly.

Sean McGuire:

Whether or not you open the emails, things will change, just so you know.

Elise Orlowski:

Buckle up.

Sean McGuire:

Keep you from opening an IT ticket later and saying, “Why doesn’t this thing work anymore?” Well, did you check the email-

Tripp Underwood:

You scratch my back, I’ll scratch yours.

Elise Orlowski:

Exactly.

Tripp Underwood:

That’s how it works. All right. Well again, Sean, thanks for joining us.

Sean McGuire:

Thank you.

Tripp Underwood:

And to everyone watching and listening, thanks so much to you as well. It’s another episode of Pivot Points.