The Future of Zero Trust and SASE is Now! Watch on-demand

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,000 customers worldwide including more than 25 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

Highest in Execution. Furthest in Vision.

Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.

Get the report
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
We help our customers to be Ready for Anything

See our customers
Woman smiling with glasses looking out window
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

How to Use a Magic Quadrant and Other Industry Research
In this episode Max Havey, Steve Riley and Mona Faulkner dissect the intricate process of creating a Magic Quadrant and why it's much more than just a chart.

Play the podcast
How to Use a Magic Quadrant and Other Industry Research podcast
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

Prepare yourself for an exploration into the ever-changing world of cookies and data privacy on the latest episode of the Security Visionaries Podcast! Join host Emily Wearmouth as she sits down with experts David Fairman and Zohar Hod to discuss the past, present, and future of internet cookies. From the rise of third-party cookies and their subsequent fall, to the role Google has played in these transformations, and beyond, this discussion promises to leave no stone unturned. Our guests delve into the responsibilities of data protection officers, the evolving future of personalization via AI, and the opportunities as well as challenges emerging from these shifts. Tune in to gain invaluable insights into data privacy’s evolving landscape!

Let’s talk about the percentages of people that are actually accepting third-party cookies. It used to be much higher, closer to 65 percent, but now it’s approximately 40 percent of individuals who say yes. So it is actually large, but what it means is there’s 60 percent who are either checking those functional cookies or just plainly rejecting them. And that’s an opportunity missed to personalize your customer’s experience.

—Zohar Hod, CEO & Founder at One Creation Corporation
Zohar Hod, CEO & Founder at One Creation

 

Timestamps

*(00:01): Introductions*(12:21): Role of AI and ML in personalization and transparency in AI models
*(02:36): The trust issues amplified by third-party cookies and tracking*(16:57): Importance of security features to avoiding saving sensitive data in cookies
*(04:55): First-party vs. third-party cookies and the impact of blocking the latter*(20:31): Changes in consent models and potential new business models
*(06:32): Compliance requirements around cookies & shift towards opt-in models*(24:40): Decreased cookie acceptance rates
*(08:19): The advent of zero-party data and the crucial role of trust and transparency*(25:11): Conclusion
*(10:39): Challenges for data protection officers in navigating privacy regulations

 

Other ways to listen:

green plus

On this episode

Zohar Hod
CEO & Founder at One Creation Corporation

chevron

Zohar Hod

Zohar Hod has a long and varied work experience. From 1993 to 2019, they have held various positions across different companies. In 1993, they were a Senior Military Defense Program Buyer at the Government of Israel – Ministry of Finance – Economic Mission to the U.S. In 1998, they were the CEO of ViewTrade Holding Corp. In 2004, they were Manager at BearingPoint, Global Advisor/Partner at Hedg-X Strategies N.V., and Head of the Trading Solutions Group at IBM. In 2008, they were the Global Head of Sales & Support ICE Data Services at Intercontinental Exchange. In 2016, they were the Chief Executive Officer at truePTS. In 2018, they were the Chief Strategy Officer at Digital Asset. Lastly, in 2019, they were the Founder & CEO at One Creation Corporation.

Zohar Hod obtained their MBA from NYU Stern School of Business in 2000, where they studied Finance & Computer Information Services. Zohar also obtained BBA from Baruch College in 1996, where they studied Finance and Investment.

LinkedIn logo

David Fairman
APAC CSO at Netskope

chevron

David Fairman

David is a highly experienced professional in the Security & Financial Crime disciplines covering Cyber Security, Fraud and Financial Crime, Intelligence, Business Continuity, Physical Security and Operational Risk. David has worked for, and consulted to, several large financial institutions and Fortune 500 companies, across the UK & EU, North America and APAC. David is a passionate leader in Cyber Security and Financial Crime and has been actively involved in founding several industry alliances and expert groups, holding Board positions, across multiple regions with the aim of making it safer to do business and transact in the digital world. David has been recognised as one of the Top CISOs to know, is a published author and adjunct professor. A core capability of David’s is his ability to understand the operational risks arising from digital commerce and translate these into strategic actions encompassing technological solutions and organisational capability maturity, in order to transform organisations abilities to mange all aspects of cyber and digital risk. David’s current focus is driving collaboration and innovation across the industry to address current and emerging threats prevalent with digital risk and improve the cyber resiliency and literacy in the community.

LinkedIn logo

Emily Wearmouth
Director of International Communications and Content at Netskope

chevron

Emily Wearmouth

Emily Wearmouth is a technology communicator who helps engineers, specialists and tech organisations to communicate more effectively. At Netskope, Emily runs the company’s international communications and content programmes, working with teams across EMEA, LATAM, and APJ. She spends her days unearthing stories and telling them in a way that helps a wide range of audiences to better understand technology options and benefits.

LinkedIn logo

Zohar Hod

Zohar Hod has a long and varied work experience. From 1993 to 2019, they have held various positions across different companies. In 1993, they were a Senior Military Defense Program Buyer at the Government of Israel – Ministry of Finance – Economic Mission to the U.S. In 1998, they were the CEO of ViewTrade Holding Corp. In 2004, they were Manager at BearingPoint, Global Advisor/Partner at Hedg-X Strategies N.V., and Head of the Trading Solutions Group at IBM. In 2008, they were the Global Head of Sales & Support ICE Data Services at Intercontinental Exchange. In 2016, they were the Chief Executive Officer at truePTS. In 2018, they were the Chief Strategy Officer at Digital Asset. Lastly, in 2019, they were the Founder & CEO at One Creation Corporation.

Zohar Hod obtained their MBA from NYU Stern School of Business in 2000, where they studied Finance & Computer Information Services. Zohar also obtained BBA from Baruch College in 1996, where they studied Finance and Investment.

LinkedIn logo

David Fairman

David is a highly experienced professional in the Security & Financial Crime disciplines covering Cyber Security, Fraud and Financial Crime, Intelligence, Business Continuity, Physical Security and Operational Risk. David has worked for, and consulted to, several large financial institutions and Fortune 500 companies, across the UK & EU, North America and APAC. David is a passionate leader in Cyber Security and Financial Crime and has been actively involved in founding several industry alliances and expert groups, holding Board positions, across multiple regions with the aim of making it safer to do business and transact in the digital world. David has been recognised as one of the Top CISOs to know, is a published author and adjunct professor. A core capability of David’s is his ability to understand the operational risks arising from digital commerce and translate these into strategic actions encompassing technological solutions and organisational capability maturity, in order to transform organisations abilities to mange all aspects of cyber and digital risk. David’s current focus is driving collaboration and innovation across the industry to address current and emerging threats prevalent with digital risk and improve the cyber resiliency and literacy in the community.

LinkedIn logo

Emily Wearmouth

Emily Wearmouth is a technology communicator who helps engineers, specialists and tech organisations to communicate more effectively. At Netskope, Emily runs the company’s international communications and content programmes, working with teams across EMEA, LATAM, and APJ. She spends her days unearthing stories and telling them in a way that helps a wide range of audiences to better understand technology options and benefits.

LinkedIn logo

Episode transcript

Open for transcript

Emily Wearmouth [00:00:02] Hello and welcome to another edition of the Security Visionaries Podcast, a place where we host experts discussing a wide range of topics that will be of interest to anyone in the cyber data or related industries. I'm your host, Emily Wearmouth, and today I have two expert guests who are going to join me talking about cookies. Cookies, not biscuits. I'm marginally disappointed to tell you. So let me set the scene. Back in the late 90s, a network engineer called Limor Tulley invented the internet cookie. The plan was to help websites remember users who they are, what their preferences are, and what they were up to the last time they came to the site, and cookies worked brilliantly. Our shopping cart stored our planned purchases, retailers held on to our delivery addresses, and web services remembered how we wanted our dashboards arranged. So, so far, so good. But then third parties muddied the waters and information about us was sold and traded. And suddenly we were getting skiing adverts eerily popping up on our web searches of our children did homework on the geology of the Alps, and it all got a bit creepy and uncomfortable, if we're honest. So the EU and other regulators stepped in. Cookie consent became a thing in the EU, endless pop up messages now require the user to proactively allow each website to collect information about us. But I'm an EU resident or I was until Brexit, and I can give firsthand testimony that many of us just hit the yes button so that we can get on with our lives. A few years ago. Google. Let's face it, the gatekeepers of the web for many users announced that it was going to start blocking cookies. And here's where I'm going to bring in our experts today. So first, we have a friend of the show returning because he did such a good job last time that we've invited him back on. David Fairman is Netscout CIO and CSO covering the Asia Pacific region, and through the course of his career, he's worked as a CSO for a number of the big global banks, including Royal Bank of Scotland, Royal Bank of Canada and National Australia Bank. Today, I'm going to be taking advantage of his experience helping organizations navigate privacy and risk. So welcome, David.

David Fairman [00:01:58] Emily, thanks again for having me. Yeah, always a pleasure.

Emily Wearmouth [00:02:01] And my second guest is new to this podcast, but no less expert Zohar Hod comes from the fintech world, and I plan to pick his brains today in the area of digital strategies. He's currently CEO of One Creation, and he's working hard to ensure that companies really understand the implications of the latest changes to cookies. So welcome to the podcast, Zohar.

Zohar Hod [00:02:20] Thank you. Emily. Thank you for having me.

Emily Wearmouth [00:02:22] So to start us off, I gave a whistle stop tour, possibly a slightly lengthy whistle stop tour of the cookie back story. Did I miss anything? Is there anything we need to set out on our stall before we dive into discussing the implications of these latest changes?

Zohar Hod [00:02:36] I think one thing that's missing is the amount of pervasive activity. If you ask the average person, what do they know about their data? A few years ago, I asked that question used to be 3% of people really knew what was happening with their data. So there's a mistrust that was created over the years for many, many reasons, some of them being the third-parties, as you mentioned. So the point is, how do we track your activity across the internet and across different websites? The problem is, and that's why the EU reacted and other places reacted, is because it creates an untrusting relationship between the brand and yourself.

David Fairman [00:03:16] One more thing. There is a distinction between first-party cookies and third-party cookies. I think that's an important distinction to make. And when we talk about the changes that we're seeing Google make now, and the reason that's getting a lot of attention is Google has, probably with Chrome, the largest share of the market of internet browsers and internet users. But if you have a look at Mozilla Firefox, Safari, they've been doing some work in blocking third-party cookies already. So now with, you know, the four major browsers, actually, even Microsoft Edge or playing a role and doing something similar, there's a you know, there's a big impact here for consumers. The first-party cookies piece still, you know, they're not being blocked. That that's not changing. And first-party cookies are important to ensure that a user's experience is still smooth and fruitful. And first-party cookies are often used for session management and storing information about how the end user interacts with the exact website that they're interacting with and communicating with, versus the third-party cookies, which is kind of like the other interval collecting information like their browsing history, etc., which is then unsolved. So I think that is really important because not all cookies are being blocked, which would obviously cause a massive disruption to how internet sites they interacted with or websites they interacted with by the end user. And we can talk to some of the security practices and some security implications of that later.

Emily Wearmouth [00:04:55] Brilliant. That's a very important thing. We're talking about changes to third-party cookies and not to first-party cookies. Is in these Google changes. Zohar are these changes coming from Google about helping get people privacy back, or is it about market competitiveness? Let's just throw that question out there to start us off.

Zohar Hod [00:05:13] If you go a few years even back, you see that Apple, unlike Google, has started creating all these different user-based customer privacy features. And the biggest question that was asked was exactly the question you just asked me. Is it for the purpose of protecting the customer or is it for gaining more market share? Well, I think it's a combination of both. I think that these companies realize that the legal and regulatory burden that's related to the current infrastructure and the way that we track our customers or try to personalize our customer's behavior is no longer going to be tolerated by regulators. So they've decided to take a proactive approach to try and get the regulators off their back. But at the same time, if you think about it, it looks like they're creating walled gardens.

Emily Wearmouth [00:06:02] Are of these changes are going to effectively remove some of the headaches of having to comply with cookie laws. I mean, David talked about all of the different tech companies that are bringing about changes and controls to third-party cookies. Does this mean when you add all of those changes together, that we're essentially looking at potentially killing off the third-party cookie and therefore maybe killing off some of the requirement to comply with regulations around those cookies? Is that a potential upside for organizations, or am I dreaming of too perfect a future?

Zohar Hod [00:06:32] Well, the way I look at it is that there's not going to be an absolute deprecation of all cookies. But if you are looking in the long view and if you looked at the regulatory curve, you could see that it's all moving towards an opt in model rather than an opt out model. So all of this activity is really several steps towards this opt in model. That said, as Google is basically, blocking IP tracking from at least 1% of its customers, it does represent approximately 300 million consumers. So it's a large amount of people that are going to be affected. And that means that the efficacy.

Emily Wearmouth [00:07:14] And it's just that 1% just to start with, isn't it? There going on, is that it is more than one. But that's just the trial.

Zohar Hod [00:07:20] Exactly. They're trying to see how it will work. And let's all remember Google is doing this because their ability to track what you're interested in is actually buried within the search and not within the cookie. We're talking about other brands that are attempting to basically be customers of Google, and therefore Google is concerned about cannibalization of their ad business. What I said at the beginning is that I believe that as we go across the regulatory curve towards a complete opt-in model, the efficacy of third-party cookies is diminishing. And actually the cost of collecting it is becoming more expensive. There are going to be other mechanisms of collecting more personalized data on you with something called zero party data, or being able to track your behavior rather than tracking cookies while you're on the website. These are other mechanisms to try and enhance personalization, but I just believe that the efficacy of cookies is going to diminish. And therefore, yes, I do think that they're going to be something of the past.

David Fairman [00:08:19] Zohar, great explanation on the impact on companies that are trying to reduce cookies. Also, think about the impact of the consumer, right? We've gotten very used to convenience. We've gotten very used to this almost personalized web browser experience using the internet services. With the deprecation of the third-party cookies, I think society or internet users as a whole are we going to start to lose an element of that personalization or customization. But I think what that starting to drive and as consumers, we like that sometimes. You spoke about zero party data. Also think about informed consent or progressive consent, which is another let's call it a business model. So I think there's an opportunity here for innovation in this space. I think there's an opportunity for organizations to think a little bit differently and maybe think a little bit more about privacy and consent, because I think privacy and consent, those two things go hand-in-hand. I might be okay with sharing certain information, so let me share that information. So I think those things are, you know, we'll start to see more of an emergence of that. And I think we'll need some helpful mechanisms for when we do hit a website. It's not just accept all cookies and we'll use imperative cookies only. Whatever the terminology is, I think there'll be a little bit more granularity and and user control, but on that. So I think it's a bit of a watch this space.

Emily Wearmouth [00:09:57] I've got a question then. So if we're talking about a potential change in the relationship between service provider and consumer. And some changes to existing models of consent and privacy. What are the implications that data protection officers need to consider about how this changes what they're tracking, how they're tracking it. And I guess as well how that ties in, how it might change the way they need to move to comply with other areas like GDPR. I mean, I don't know whether the cookie data came into the organization in a way that was easier to comply with GDPR, and maybe some of these new models create new complexities. What are your thoughts on what is the Data Protection Officer's challenge at this point?

David Fairman [00:10:39] Well, it's a really good question, and I think I want to be thoughtful about how I approach that question. I think for me, GDPR is a great example of a privacy legislation that is looked at globally as best practice. But I think a lot of other countries jurisdictions still have very specific privacy laws themselves. From a DPO perspective or a data privacy officer perspective, I think you need to have a look across multiple jurisdictions in which you operate and understand what some consent requirements are around that. And I know this is a little bit of a blanket statement, but I think it holds true for the most part. And I'm going to give myself a little bit of room in case it isn't necessarily appropriate across every jurisdiction. But consent is a way that organizations can ensure that they are meeting the customer's expectations around privacy and data collection. And I think what we'll start to see comes back to that progressive consent topic I sort of mentioned. And I think what we'll start to see is more progressive consent approaches like zero party data like Zohar called out. I think data protection officers need to understand how their organization is thinking about those two areas, so that they can make sure that they're complying to the needs of the pivacy legislation within the jurisdictions within reach.

Emily Wearmouth [00:12:13] So walk me through zero party consent. What is this?

Zohar Hod [00:12:17] Well, zero party data.

Emily Wearmouth [00:12:20] Zero party data.

Zohar Hod [00:12:21] Yes. Zero party data is is basically voluntary data. That's the easiest way to to explain zero party data. It's data that the customer understood that is volunteering to give you and the problem with consent, if you just left it at consent, is that once you've got this consent, you almost feel as a data protection officer or data privacy officer that you have, you know, leeway to do whatever you want once you've received the customer's consent. The question is, in what situation and what manner that you get the customer's consent. And this you know, there are many regulations that are passing in Europe, the Digital Markets Act in the UK, a new April regulation that's about the digital markets, a Consumer Collaboration Act or DMCC, all are basically trying to now go a little bit more granular than just getting your consent. Because if I clicked, as you said, yes, because I was bothered and I said yes all the time, then now you've got my consent. Does that mean still that I trust you to do the right thing with my data? And that's where usually the chief privacy officer stop and say, well, I've gotten your consent. The difference is to try and give you a more clear understanding of what's happening to your data. How long is it going to be used? And then give you the option to actually opt out if you wanted to at any time. That theoretically was already passed in GDPR, but never materially actually enforced. So today, if I asked you even under GDPR to go and delete me in Google or any other mechanism in Europe, I can bet you that that action would be very difficult to do. So there's a difference between getting legal consent and understanding as a consumer, and trusting that you're going to have the right interests, of me as a consumer in mind, and therefore that requires more transparency, more understanding from the customer, and more trust.

Emily Wearmouth [00:14:17] I'm almost kicking myself for bringing this topic in. It's impossible to have a conversation these days without talking about AI, and I wonder how you see, AI or machine learning growing in importance as as cookies are faded out.

Zohar Hod [00:14:31] Yeah, well, I have spoken about that a lot, but I think that the places that AI is going to be really powerful is in personalization. But the problem with AI is they're based on a lot of learning models and a lot of data behind it. And the question is, how does the AI personalize your experience? Even then, let's take the experience of a banking experience while you're asking for a loan. If the result is favorable, you're not going to ask a question. If the result is not favorable to your personalization, you might ask a question what went into that aI model in order to give me? And that lack of transparency is exactly what we're talking about. So if you do not change the mechanism of how do you explain to the customers what you do with their data, the mistrust is going to even be deeper and deeper as you try to apply AI. I think AI is actually a great catalyst for creating even more changes in business models related to how customers data is treated.

David Fairman [00:15:27] I think it's not only a catalyst, it's really the only way these new approaches to understanding consumer behavior can scale. We're not going to be able to do it by throwing people at that problem or having scripted questions, because the variables, in terms of people's behavior, is so broad. So we're going to need some sort of learning mechanism in the back that can be dynamic in that situation. So you're absolutely spot on in terms of transparency in decision making. I think we can talk about bias, fairness, transparency and explainability on AI, but that's a completely other session. So Emily write that down. We might want to do that. But I think you're spot on. I think you're absolutely spot on with some of those concerns. And I think it's the only way we're going to be able to scale.

Emily Wearmouth [00:16:16] We touched at the very beginning, and I just want to make sure I've got a clear answer and I've not left something hanging. We talked a little bit about how cookies are often used as part of the security functionality. And I think you put them all in the camp that they would be first party cookies so they wouldn't be affected by these changes. Is that right? And then my follow up question is, regardless of whether that's right, will they long term be impacted if there is a general move towards perhaps more advanced ways of personalizing approaches to services? Will those new methods be brought in to replace third party cookies? And should security professionals be keeping an eye on them for how they're delivering digital services?

David Fairman [00:16:57] Look, I'll give a two part question. Yeah, definitely. I'll give my piece. I think for me, the first party cookies are generally used for more session management type variables. I think it's broadly accepted that storing things like usernames and passwords, Social Security numbers in cookies is a bad security practice. Now, I would say a lot of websites don't do that today. But as a security practitioner, I've seen a lot of bad practices in my time, and I wouldn't be surprised if that still happens. Usernames, password, social security numbers, any sensitive type of information should not be stored in a cookie anyway. There should be a different approach to how you manage that. It could be, you know, referencing back to a table in the application that is referencing a unique session ID within the cookie, but the actual sensitive information stored back in the application, things like usernames, passwords, Social security numbers, credit card details that we see in browsers today, how they hook into secure storage, things like the iOS keychain and how that is used to store secure information. It's not actually stored in the cookie browser itself, so there's no sort of security best practices that, you know, we should be seeing. So I think the the security risk of this is low, but I'm sure there's tools and websites out there written with poor security practices.

Emily Wearmouth [00:18:29] So would your recommendation be that developers should be making use of the native security that is built into a lot of these browsers specifically designed to store this very sensitive information and definitely not be using cookies.

David Fairman [00:18:40] Yeah, absolutely. Absolutely. And I would go one step further. You know, application security application development, understanding security best practices for writing web applications. There's a lot of good reference material out there. And, you know, not storing sensitive information and cookies.

Zohar Hod [00:18:58] What I think about is always the future. And you know, there are big, big transformations right now happening in identity. And one of them, you know, let's let's talk about the web 3 and why am I talking about web 3? Because that's where potentially two is going to. So the web 3 is the internet to me. And the business model there is really transferred from I have all of your information, and now I'm going to verify you to make sure that that's who you are to actually something called zero knowledge proof. Or basically I don't want to go to too technical here, but basically the ability for two entities to exchange data without really needing to know each other, but still can have trust between themselves. David, I'm sure, is both investing time and effort in these type of solutions. But the point is that I see in the future just, you know, a situation where I'm a node on a chain and I'm coming into a brand and the brand does some sort of computation together with me. And there are many things like multiparty computation. There's key sharding. There's all these different mechanisms in order to make sure that we can exchange securely data and verify between us without the need to know who we are. And that really changes completely the whole cookie situation. So no, I don't believe that if you looked as far as that, that this current security environment is going to be the security environment of the future.

Emily Wearmouth [00:20:31] Cool. I like that I made you guys deep dive into the tech there. I was very impressed with that. I sprung that one on you as well. Okay. Crystal balls out. So we talked about you know, this isn't a set path even for the midterm. We know that Google suggested changes are currently being checked out very closely by the competitions authority in the UK. There's going to be a lot of iterations over the coming months and years, but are either of you prepared to make any predictions about where we're going in the long term for anything we've not touched on already? And if not a prediction, maybe you'll just offer us an opinion. Are these changes. More of an opportunity or more of a nuisance? So crystal gazing or two more opinions? Yeah, please do.

Zohar Hod [00:21:12] So I definitely think it's an opportunity. And the reason is because if you asked any customer types of research, you'll see the trust in organizations. It's probably at it's it's lowest. The more we know about our brands' activities with our data, the less we trust the brands. And this is not just because of breaches. And of course, you know, there's been many breaches. Take where where David lives in Australia four large breaches in the last year that have really moved the customer's trust down to such a level that the government needed to create new consent regulations, new pharmacy regulations, all related to these sort of the customers is becoming more aware of what's happening with them. And therefore, I think it creates an opportunity for brands that think differently and change into these business models that don't use this mechanism of collecting and personalizing your activity. Something that I'm willing to predict is that today's accept all cookies or reject all cookies is not going to exist in the very near future, in my opinion. And today, some of the regulations are trying to prevent what they call dark practices, where clicking accept is only one click and clicking reject is 4 or 5 different screens in order for you to reject. So if I was predicting something, I would predict that you're not going to see this cookie accept or reject in maybe 24 months.

Emily Wearmouth [00:22:34] Oh, you know, I'm really looking forward to your prediction coming true because I am so bad about being impatient and hitting accept, and I know I shouldn't. What about you, David?

David Fairman [00:22:42] was going to say something similar to Zohar. One I always think disruption in any environment is an opportunity. It all depends on how you can assure. Right. So now you have to think about the problem differently. I think it's an opportunity, I think, where we will start to start to see the emergence of new business models similar to what I spoke about we're starting to see that zero party data progressive consent model. But maybe there's more to it than that. Maybe there's a way for organizations that are collecting information. Maybe there's a way that they can monetize that for their consumer or for their customer to encourage them to share more data. I do think Zohar is spot on in terms of the user experience and what will happen? There won't be just the accept cookies and, you know, necessary cookies only, because I know I personally hate going in and going through those different levels. I think they should be much easier process for that. Consumers are asking for this experience to be much easier. Privacy regulators are really time to the to take a keen eye to this. So I think we will see changes in how this is implemented in practice in the coming. I don't want to say years. I hope it doesn't take that long. But, you know, in the coming, let's say, 12 to 24 months, I think we're going to see significant changes.

Zohar Hod [00:24:05] Can I add something? I'd like to add a couple of tidbits of information. First of all, let's talk about the percentages of people that are actually processing the cookies, the accept cookies. It used to be much higher. It used to be close to 65% of individuals. They would just say accept. Now it's approximately 40% of individuals that say yes. So it is actually large. But what it means is there's there's another 60% that are either checking those functional cookies or just plainly rejecting it. That means that that's an opportunity missed to personalize your customer's experience.

Emily Wearmouth [00:24:40] Staggering that it's gone from 60, 65, down to 40 that I wouldn't have imagined. That's now I feel really laggards that I'm still hitting accept because I'm too lazy to to stop and pause. I'm going to turn over a new leaf, and make a resolution. Today, I'm going to get a lot better at clicking through my cookie, permissions. But thank you both very much. I continue to be disappointed by. The lack of a chocolate hobnobs in particular featured on this episode, but it has been incredibly interesting. And I came in with some genuine questions and you've given me some answers, so I personally am walking away a lot better informed.

Zohar Hod [00:25:11] Thank you, Emily and David.

David Fairman [00:25:13] Emily, thanks again. Always good to be here. And, Zohar thank you so much for being a special guest. Great to see you.

Emily Wearmouthstrong> [00:25:18] Thanks for taking the time to educate me and hopefully our listeners to, around some of this evolving news, that's been going on for a couple of years, and I think we've just, agreed. I've got another at least 24 months to run for some changes. You've been listening to the Security Visionaries podcast, and I've been your host. Emily Wearmouth. If you enjoyed this episode, please share it. But also make sure to follow us on your favorite podcast platforms. Maybe even leave us a review there too. If you're new to the podcast, there's a great back catalog you can catch up on. Since September, we've published a new episode every two weeks, some hosted by me and some by the marvelous Max Havey. If you subscribe, I promise you'll never miss one. I'll catch you next time.

Subscribe to the future of security transformation

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.