Senior Analyst Carla Roncato covers identity management, access management, open identity standards, data security/content protection, and privacy and zero-trust initiatives at ESG. Carla has expertise in cloud, software, hardware, and services. She has worked with organizations such as Cognizant, Intel, McAfee, Microsoft, and the OpenID Foundation, where she is an evangelist for open identity standards.
Before ESG, Carla launched several funded SaaS startups as a part of Cognizant Accelerator Program and was responsible for M&A in Cognizant’s Data, Analytics, and AI practice. Previously, she was the VP of Product Strategy at an IDaaS startup backed by Goldman Sachs. She became the Microsoft Watcher and Chief Ecosystem Strategist within Intel Security after her role as Director of Customer Insights at McAfee. Among her various roles at Microsoft, including in the Identity & Security Division (ISD), Carla launched numerous products from Windows 7/Windows Server to Office 365/Azure.
Prior to working in the US, Carla held enhanced security clearance with the Government of Canada, where she deployed card access systems, and the British Columbia Ministry of Health, where she handled PHI of citizens. She holds a degree in Management with a minor in marketing and technology from Thompson Rivers University-Open College and British Columbia Institute Technology.
Data security is changing dramatically as organizations are rapidly expanding the use of SaaS-based applications, public cloud services (IaaS/PaaS), data analytics platforms, and artificial intelligence (AI)/machine learning (ML) workloads. The threat landscape saw a reemergence of ransomware attacks (and payouts) against every industry, and data breach disclosures are the highest recorded. Meanwhile, new consumer privacy protection acts are imposing stronger financial penalties, and the cybersecurity insurance/reinsurance marketplace is rethinking policies, premiums, and coverage limits.
Much of the data economy about individuals being amassed in our digital world is subject to consumer data privacy regulations and controls; yet on a near-daily basis, sensitive data is shared, lost, leaked, and breached in organizations. ESG recently completed research to uncover how organizations view the state of data privacy and compliance and how navigating these regulations affects their programs, teams, spending, and the maturity of privacy-enhancing and data security technologies.
Zero trust remains a broad initiative with a wide array of use cases, supporting technologies, and starting points. While it may seem that focus has shifted away from data security in recent years, many organizations consider it a critical component of their zero trust strategy. To address zero trust requirements, data classification and security solutions must support deployment flexibility, risk assessment, automation, and integrations with other solutions.