Evolving technology and growing digitization have made the world more connected than ever before, driving huge opportunities for innovation and progress. Remote and hybrid working is the current challenge for both employees and employers: remote working was a trend before Covid-19 but saw significant acceleration due to the need to maintain distance, and today working from home all or some of the time has become a norm for many people. Offering flexibility in where we can work has quickly become crucial to attracting and retaining the best people, which indicates that this cultural shift in how we work is here to stay.
Digital file-sharing has grown in popularity and frequency in recent years due to this shift towards remote working and cloud adoption. However, while digital file-sharing boosts the productivity of remote teams, it also introduces a vulnerability. Any time an employee shares files with a colleague or receives files from outside of the organization, there is a security risk involved: file-sharing can introduce malware into a system and allow opportunistic hackers to get their hands on sensitive information.
Votiro is a cybersecurity company specializing in file sanitization. Their solution works to protect organizations from file-borne threats including zero-day malware, ransomware, and undisclosed attacks. This is done through Votiro’s next-generation Content Disarm and Reconstruction technology, which singles out the safest elements of any files—both incoming and outgoing—to ensure files that reach users or applications are safe. This protects organizations and provides users with a secure, fully usable data flow across all file channels.
We spoke to Aviv Grafi, Founder and CTO of Votiro. Grafi has been serving in the security industry for almost two decades and provides valuable insight into the ongoing struggle between productivity and security that Votiro aims to bridge.
Who is Votiro and what sets you apart from your competitors?
At Votiro, we focus on zero-trust for content, which means that we are screening documents and content before they reach the organization.
We’re not saying, “Okay, I’m going to look specifically for the bad stuff.” Because we know that this doesn’t work; the bad guys are faster than us. We are actually turning the problem on its head and saying, “Instead of looking for bad stuff in a document, we look for the good stuff that we know. So, I’m interested in the text, the images, the tables, but I’m not really interested in those aspects that are the security vulnerabilities.”
Votiro’s approach is taking a document and creating a replica of it, that looks and feels exactly the same with the exact same content. It’s a bit like lifting the text from a piece of paper and pasting it on a fresh, clean sheet of paper. By delivering fresh content that looks and feels the same, we’re providing 100% productivity without blocking a thing.
Who are your typical customer base and what challenges are you helping them manage?
Our typical customer is mostly medium to large enterprises that are dealing with a lot of documents and have a lot to lose.
These organizations are mostly in financial services, but we also see some critical infrastructure and governments who are receiving a lot of documents from the public. Also, insurance companies, who have gone through a significant digitization process in the last few years and receive a high volume of documents from prospective clients.
Our customer base is basically anyone who deals with receiving documents from outside of their organization and needs a way to balance productivity and security.
What does this solution look like to the end-user?
Our main motivation is to be streamlined, so the user won’t even know that we’re there. Any safe document is being delivered in the exact same way. In fact, when I’m getting my email, I don’t even know that Votiro is there. The entire process is being kept as is, we’re not asking the users to change their behavior, of course. That’s the fundamental thing.
Votiro is vocal about the importance of being proactive about fixing security problems, rather than reactive. Why is this a problem?
Most of the security role is reacting to problems. For example, if you have an alert somewhere—say, a machine might be compromised—the process is to go, “I found something and now I need to make a decision.”
Now, there are some automation platforms out there that help to make human judgment easier, but it’s still reactive. And what we’re saying is, “Look, you want to get the content, you want to work with the data. So, let’s deliver safe content all the time, and not wait for something to happen before thinking, ‘Should I start this business process or not? What would be the impact? Is that too late? Who’s going to complain tomorrow, and how do we stop that?’”
How has the rapid adoption and continued use of remote and hybrid working environments had an impact on the threat landscape, and how do you expect these trends to progress?
You know, no one thought that remote working would be here to stay, but we’re seeing a lot of organizations allowing their employees to work from anywhere.
That means that they’re not always in the safe office, having discussions near the coffee machine, handing over documents in person so you know they are legit. And hackers are leveraging the fact that we’re not having those interactions in person. They know that we trust certain correspondents and wouldn’t think twice about receiving a text message from a boss. And what we’ve found is that a lot of scammers are leveraging that distance.
And on the other hand, we see a lot of companies opening their system for more online and digital processes with their employees and their clients. So, we’re seeing a lot of content actually going digital and getting more automated, which is another catalyst for hackers to find new ways to get in.
What would your advice be to organizations currently struggling to secure themselves against the ongoing email, web, and web application threats we are seeing today?
I don’t think there is one tip that could solve the world’s security problems, but I think that CISOs and security teams should be adopting a more enabling mindset and thinking, “How do I enable the business without being the bad cop?” Being the bad cop makes it hard for the business to remain business competitive.
There are solutions in the market today that provide proactive and prevention-based security, which I think are going to be the future.
Thank you to Aviv Grafi for taking part in this interview. You can find out more about Votiro and their file sanitation solution at their website.