For Qualtrics security chief, it’s all about safeguarding the data
Share!
Data has always had an enormous amount of importance in business, but with the rise of large language models, it’s become more valuable than ever. For a company like Qualtrics, which lives and dies by the data it collects on behalf of customers, keeping that data safe is the primary focus for chief security officer Assaf Keren.
Qualtrics’ mission involves helping organizations understand and improve employee, customer and product experiences by collecting data from various sources about those experiences. As Brian Solis, head of global innovation at ServiceNow and recognized expert on customer experience, recently noted, this kind of data is essential for companies seeking to truly understand their customers.
“Customer experience is the sum of all of the experiences that they have when they engage with your company: your website, your app, your toll free customer service number. All of these things add up to how that customer feels. And how that customer feels is how that customer spends or doesn't spend,” Solis said.
That’s why protecting this data isn’t just a technical necessity—it’s fundamental to the business itself.
Back to basics
Keren came on board last year after a decade at PayPal, and while the two organizations have very different businesses, he says that it always starts with making sure you are keeping up with basic security hygiene. “In the end, a successful security program does the same things across the board,” he told FastForward.
For him, the fundamentals include knowing your assets and software versions, maintaining disciplined code deployment processes, ensuring visibility into your environment and managing vulnerabilities quickly, among other things. He believes that applying these basics allows most organizations to address the vast majority of security needs, regardless of industry or size.
This philosophy aligns with that of BILL’s Rinki Sethi, who has also worked across various industries. “When you look at a company's priorities, the priorities have been very similar. You focus on identity and access management, and you focus on data security, and so the main things that you're focused on remain the same, and what you're primarily protecting is the ‘crown jewels,’ whether that’s customer data or your code or whatever that is. And so it remains similar,” she said in an interview last year with FastForward.
Each company, however, faces unique challenges. At PayPal, the key thing to protect was the integrity of the online payment system. Once you got beyond the basics, the security posture wasn’t the same as at Qualtrics, where the crown jewels involve customer data across multiple industries. This can get even trickier because each industry has its own regulatory and governance framework.
“The interesting thing about Qualtrics is, how do you build a strong SaaS security benchmarking baseline for the company, and then how do you tailor it to the needs of each industry that you're serving,” Keren said.
Keeping the security focus on the customer
Unlike many SaaS companies, Qualtrics’ customers retain full ownership of their data. "One of the baseline things that we talk about when we talk about security is that we don't own that data. We are custodians of our customers’ data," Keren emphasized.
This custodial responsibility creates unique security challenges. Qualtrics must not only keep customer data safe, but also navigate a complex web of regulatory requirements governing data collection, storage and processing across industries and regions.
As an example, Keren points to the automotive industry where regulatory expectations differ significantly between the US and Europe. "The automotive industry in the US does not equal the automotive industry in Europe because they have different regulators and different expectations," Keren explained.
Helping employees understand AI’s risks
Like many security leaders, Keren sees AI as both a strategic imperative for the company, as well as a substantial risk. AI gives the company the tools to potentially help root out security issues faster. But it also puts powerful tools in the hands of the people trying to breach the company. “We're already using AI technology in security at Qualtrics to make sure that our people are focusing on thinking about and solving problems and not doing manual work.” He says they’re not fully there yet, but they are working on it.
He also believes that employees need to embrace AI operationally, and it’s up to him and his team to make sure they are using AI tools in as safe and responsible a way as possible because attackers surely are using it now or will be soon. “When we say, ‘hey, thou shall not access AI technology because we're afraid of the risk,’ we're basically impacting the security of the entire organization because we're creating employees that are not as knowledgeable,” he said. And he believes that uninformed employees pose a significant risk.
One of the baseline things that we talk about when we talk about security is that we don't own that data. We are custodians of our customers’ data.
One way to help solve new problems related to AI and other enterprise issues is connecting with startups. Keren’s interested in talking to startups that are solving hard problems in a unique way. In fact, he’s an active angel investor himself with three of his four investments involving agentic AI. But when it comes to Qualtrics, Keren looks for companies doing something special.
“The magic happens in the context where we have a problem that we need to solve, and there is some early stage startup with a solution in that area,” he said. The startup may not be there yet, but if it’s a creative product, they will work with them as design partners. Right now they have two such partnerships in progress and several others in the pipeline.
Keren may no longer be protecting a payment platform, as he did during his decade at PayPal, but now he’s responsible for something arguably even more valuable: customer data. With Qualtrics serving a range of industries, and AI complicating matters, the challenge is bigger than ever.
Featured photo courtesy of Qualtrics.
