Physical and digital security for high-end clients – a conversation with Maria Olshanskaya
Have you ever wondered how interlinked physical security and cybersecurity are? Luckily, many industries have recognized that these two are mutually reinforcing; and have put them at the core of their business concept. In the next episode of our privacy podcast “under CTRL”, we talk about a positive example of this in our interview with Maria Olshanskaya, Managing Partner of Aera Global Corp. She introduces us into the exclusive world of VIPs and reveals some challenges of providing services to them, with privacy and security in mind.
Aera Global Corp. provides premium services such as renting luxury cars, private jets, yachts, villas, as well as physical and cybersecurity to their global customer base. Due to the nature of their services, they work for people who put special emphasis on quality, privacy and security. And this involves providing a range of cherry-picked services in an exclusive manner that protects both the private and cyberspace of their clients.
As privacy is increasingly moving into the focus of public awareness, the privacy of prominent people is becoming an even more attractive target market. We can all recall some stereotypical scenes of paparazzi chasing celebrities, or some sharp-eyed bodyguards and discrete drivers embodying trustworthiness. And cybercriminals are also interested in this world.
Even if the reality is more nuanced, offering exclusive services to well-known people calls for high confidentiality and professionalism, not tolerating any mistakes. We were curious to find out more about how Aera Global’s core values can be put into practice, with special attention to the service ethics they created with focus on discretion and privacy.
Apart from educating their staff in the ins and outs of protecting their customers’ privacy, there is sophisticated operational system in place centering on security. Protecting the identities of clients resembles some methods applied by the intelligence services: using numbers and codes instead of names and restricting access to information are among the few details Maria discloses about their multi-layer protection.
As we discuss their challenges in more detail, the human and technical factors resurface again. While many influential people are aware of their vulnerability, changing habits and giving up convenience is a horse of another colour. On the one hand, educating them on the often intangible benefits of cybersecurity may be causing Aera Global some hassle. On the other hand, seeking out and testing the most secure solutions for their service package is another though process.
On the overcrowded market of file sync and share solutions, there are big players spreading even bigger security claims - without security proofs and fully encrypted products. Finding the right cloud vendor who offers true end-to-end-encryption and an even balance between security and ease of use is paramount for Aera Global, since everything comes down to trust: trust in the vendor and the client’s trust in their services.
Touching on the trend topic of the invalidated Privacy Shield, Maria agrees that your finger has to always be on the pulse of change. Navigating through the ever-changing landscape of data regulations and understanding what consequences these can have on their client data is something which also keeps them busy.
Even though cybersecurity is still an often neglected field, Maria is confident that cybersecurity is truly important for the digital future, and therefore they are purposefully taking this into their package.
Listen to the episode on Spotify or Apple Podcasts to learn more and let us know what you think. Scroll down to read the transcript of the recording.
Paul: Hey Maria, thank you for joining today!
Maria: Thank you for inviting me for the podcast, first of all. It’s a pleasure for me. My name is Maria Olshanskaya. I am an active partner at Area Global corporation, a company that provides premium services such as rent of luxury cars, private jets, yachts, villas, apartments, and of course physical security. We have been working for more than 6 years, and I am with this company for 2 years. And I am kind of a public person, public representative for this very, very confidential, let’s say closed community of the company itself and of our clients.
Paul: And... obviously, you're working on a global basis, so you are dealing with the customers all around the world?
Maria: Yes, sure. I am dealing with the customers all around the world. And we have a network of suppliers of our primary services globally. And if there is a point on the world that we are not working, but the customer wants to have services provided there, we can do that, too.
Paul: Good. And so... just out of curiosity. How did you get started? How does people get... or companies decide they're going to spin up and get started in this kind of business?
Maria: It was for the founders... it was a really natural business project, because this is something they truly needed the services that the company provides, and they could not find the level of quality and confidentiality and security and privacy as they wanted, and all in one place. It was just, like, you know, they say that entrepreneurs just take a problem and turn it into opportunity, so that's how it happened.
Paul: Wow. And how many of you - now, I mean, just on the headcount. How many people are working in the organization?
Maria: We have hundreds of suppliers that work with us on a regular basis, and of course we have a managing team, which is about a hundred people. I mean all the team that organizes the services. Actually, I wanted to say that every day we are growing, but it is not exactly true, because to become, for example, a driver that works with us, it takes quite a lot of time, and we don’t accept any single person that just bought a Maybach or BMW and wants to work with us as a driver. This will get... country or city doesn't matter. And that’s where our, what I said, our values of privacy and security and quality come into play. It's not... it doesn’t happen that we have a rotation or like an everyday growth of personnel or partners.
Paul: Understood. And I take it there was also... you got your own training programs around that as well? Around physical security, offline, online security, whatever the type of problem that’s being presented or challenge, you have to give plenty of in-house training?
Maria: I wouldn’t call it training, because we will not work with somebody who comes from a, let’s say, clean background and have an experience. So it's more like alignment with our values and with the way we work. For example, let's say drivers, yes? When they work for us, they don’t take their personal cell phones with them on the road like all the days when they work with the client. And they have to understand that they cannot just turn and take pictures of the client and share it with all his friends, because the celebrity's in town, or something like that. So I wouldn’t call it training, as I said. But yes, we do spend time checking errands, doing the penetration test, as you said, talking about cybersecurity. But for the real life, we do check like how do our drivers, our... we have people who come with our clients to those villas, or to those apartments and help them kind of check in, so yes.
Paul: And just adding onto the point of security, cause that's what they do: the two lines you mentioned is offline, physical security, and online, what you are doing with something more recent with cybersecurity. What's the biggest challenges that you face with physical security of these VIP people?
Maria: With the physical security, I would call the biggest problem privacy, as I told you, and confidentiality. Because our clients, when they're going on their trips, either it's a business trip or a vacation, they are searching for confidentiality and silence. We call it silence, you know? With no distraction or with not having to deal with the things they deal with in their everyday life. So, this is the biggest challenge that we face. Because in there, at the end of the day, everybody who provides the services, they are just human beings, so that's about physical security. Talking about cybersecurity, there are really quite a few, if you want I can start naming them, start talking about them, or if you have other questions about like the basis of the company, then I can answer those questions too.
Paul: I am just thinking, because, you know, when I was sitting here, I think about like: okay, what does it actually take to get somebody who is famous from A to B under the radar, okay? Without being noticed. I mean, there's so much social media out there. And as you just mentioned earlier, everyone's got a camera on their mobile phones, everyone likes to brag, because we're only human. So, I can imagine inside of that, there are lot of challenges that you need to be aware of.
Maria: Yes, but it's the responsibility of bodyguards and of drivers, not like personally me. That’s why we have very high-level professionals working for us. And for us as a company the main thing, how we can help that physical privacy happen, is to do the cyber, digital privacy happen. On the end... on the end where the other is placed and the end where staff that works for our company organize that order, brings that order to life, and that’s our biggest responsibility in this cyberspace.
Paul: So in fact, the two go hand-in-hand now. Because...
Maria: Of course.
Paul: Yeah. And so what did it look like before that? Before... I mean, when I say the era of technology, it's been around for a long time. But, I mean, in a day where there wasn't encrypted email and vice versa, how was it possible to exchange information confidentially? Was it a struggle or there was another method that you were using?
Maria: I think just that, that situation, when nothing was encrypted and people did not talk about cybersecurity, it was quite a long ago. And I think that those days, when people did not think about that that much and did not talk about that that much, there were not so many threats in that area. I mean, I think they grow together and they go hand-in-hand. The more cyberattacks we have, the more damage they bring; the more people start to think about that. And actually, from what we see even with our clients who are super protected on a physical security level and on a business cybersecurity level, they are still really quite far behind the cybersecurity of their personal space.
Maria: And that’s why we as a company, we face that so many times, the person having cameras all over his... all over the house where he or she lives, and renting bulletproof cars, and hiring bodyguards. And then just, you know, using the phone without let’s say camera guard or microphone guard, or just sending his credit card picture in WhatsApp to his spouse or her spouse. And that was for us, so... I don't know, a good example of the new area we should step into, and help that... help those people. Also it’s hard to make different in the cyberspace, also in the physical security space, but in the cyberspace, it's even harder to put the highest level of security together with convenience. Because you don’t want to have, you know... you don't want to have to use one hundred passwords just to unlock your phone when it's ringing, but at the same time, you want to make sure that in case it gets in the wrong hands, nobody can break into it.
Paul: Yeah. And to that point, I mean, obviously at Tresorit, I talk to a lot of customers about their own security, and the one thing that fascinates me a little bit about having this part is always on the human element. So trying to educate the users to think and work in a different way. Yeah? So we can take email attachments, for example. Everyone is just used to be using an attachment in email, which can be intercepted. So is that also going to be the challenge that you see for you, changing the mindset of your customer base?
Maria: In some way yes, but because they are, how do I say? They understand that the more influential people they are, the more vulnerable they are to those cyberthreats. Because we have seen the most... the richest people in the world being attacked successfully, and we know the consequences of that. So I think, for them, hardest thing in their mindset is to make it all convenient and as less time-consuming for them as possible. Because these people, they just don’t want to dive into all the details of the solutions that we offer them, or the market offers them. It takes really even our team, and we have people who are really professionals in the IT sphere high-tech, and it still takes weeks to find the best solutions in this area, and even to understand... because when you open, let’s say, a webpage of a company that provides a cybersecurity solution, it doesn’t matter in which area exactly, sometimes it takes a lot of time, even for professionals, to understand what exactly... what level of security they are offering exactly. Take the example of a very famous let’s say free mail and cloud storage provider, that in their official commercial on YouTube, they say that the level of security they have is 128 or 256 bit. So 128 or 256, like... Haven't you decided yet? You know what I mean? And from this point of view, our main challenge in the sphere of the mindset is to explain that, yes they will have to sacrifice a little bit of the convenience, the level of the convenience, but the benefits that they can get from that are just, you know, they was literally brilliant.
Paul: Yeah. And that's the thing, isn’t it? Because with security, it's not always that you see the benefits, they are not tangible, where the convenience is. When, you know, you only have to log in once and you got access to multiple applications, it’s at your fingertips. If you have to log in to each application with a password every time, that, as you say, is an inconvenience. So...
Paul: Yeah. I'm just thinking about... Where is it that you found a situation where there's an even balance in that? Because from what I see, that you are not only dealing with, as you say, your client, you are also dealing with many staff that are working with your client as well. And they can have a media... social media application switched on with their location services, which might also give the game away, I assume. So you must have to have some protocols in place, right? To... work with this.Maira: You mean company-wise? Or the protocols that we are offering? Yes, of course, we have a lot of protocols. I will not talk about all of them, but in general, I can tell you that we as a company, we understand that we don’t have a chance for a mistake at all with our customers. We cannot tomorrow come to the television and say, "oh sorry, it was a huge hacker attack and we just lost your data." So therefore it took us quite a lot of time to build a system behind how the company operates, and for example I can tell you that a person who is the secretary, let's say, who is preparing all the... who is organizing what the client needs, she or he doesn't know the names. And then the... the names are stored locally in a different place, and then, between the... in place we are using numbers, like client numbers. And then the person who has access, who has passwords to enter that local storage of, let's say, names and numbers, doesn't have the 2-factor-access to the second factor authentification, which has a separate person. So this is some of the insights about how we are keeping the... apart from, of course, using the best cybersolution for ourselves, we don’t use any free, you know, email providers or hostings, none of our employees. But also, there are some other protocols, as I described to you, that stand behind the security.
Paul: Yeah, so it seems like you just put in different layers between of who's got access to the different information, and you are using the numbers to cover up the identities of your customers. So...Maira: Yes, these are just some of them. But really important.
Paul: Interesting. And where do you see it going in the future? I mean, is there anything exciting out there technology-wise that you are thinking that’s going to benefit your line of business?
Maria: I think everything that makes our life, us as partners of the company, or founders of the partners, easier and better and safer, and something that makes the life of our clients easier and better, is exciting already. And I think this is kind of... on one hand something, this area, cybersecurity, is something people are talking every day. But on the other hand, it's not something that we are still applying every day. So I would say that this total personal, not corporate, but even personal cybersecurity is kind of our future. Not to say, of course, not a far one, a very close future. But still, I feel that, actually, the services we got the request from our clients to do that, because we sometimes consulted, "Oh, how... why would you use this app or why would you use this solution for a sale, if it is not safe?" And then it grew into the situation where our clients told us, "Okay, but we don’t know how to choose the best software, we don’t know how to set it up, we don’t have time for this, for that, for that." And remember, it's personal data, it is not something that you... it's not always something can trust to even to your personal assistant. From there, all the interest and excitement came, and the further we go – I could tell you that in this month, for example, while we're still preparing the final packages for our clients, we personally changed the email provider. We already had a very safe encrypted email hosting, but the service, the technical support, was so bad that we just for a second thought that if our client will have to wait for so much time, to get a solution for his problem, and the responsibility will be on us, of course, then we'll just... you know, we'll just die from the embarrassment. So I think this is quite a challenge, why it's interesting. It's quite a challenge to find the best solution, to make the best package, to test... We test every piece... Every software, we test ourselves. And we literally press on every button that every software has, to know exactly what it's doing, what is working, what is not working. And before it is fully tested, we will not even start selling it.
Paul: Yeah. Understood. And I'm thinking now... just about regulation, because in some countries, for example in Australia, law enforcement, various other parties, government organizations can extract information from service providers. Is that something that you have to work and manage with, because you're dealing with global clients, or, you know, you pick certain service providers that kind of navigate that for you, on your behalf?
Maria: The challenge is to find, yes, the provider, that has... the solution provider, the software provider, that has, let's say, servers located in the countries that do protect personal data. And yes, when it comes to a choice of one or another solution for us - so we face that problem already, that question, let's say, already - is it better to choose a huge company, which is, let's say, super professional and protected and provides a service, or a small company, which we know can have a maybe even better level of security? But then, we think that it might be more vulnerable in a situation that you said, when somebody would want to have access to that data. So this is a question that I cannot give you a final answer yet to, but yes, we face already some of the things that we are in the process of making the right decisions for them.
Paul: Yeah, and I think that is important, because as we see now, or I certainly see, that there is more data protection laws or regulations coming in, on national level, on country-level. I mean, we've got...
Paul: ... unfortunately the UK leaving the European Union, but I can see already that people are starting to talk about data residency options there, removing their data out of a European country and relocating that into the UK.
Paul: And I think affects the industry across the board. So, just interested to get your perspective on that.
Maria: And just some companies won’t work with some of the countries. So for example, as I said, the email hosting provider that we had before, they just don’t work with Russia. It's not that they don’t want to work with Russia. Russia does not allow them to work with it. So we face a situation that if our client has Russian partners, and they have emailed and the Russian hosting companies, they just... their emails are just not delivered. So, yes... I think that would be another challenge, how to balance between all these new regulations that come into play. And then they first come into play and only then, governments start to test them and to see if it’s the right thing that they brought into play, you know. This also happens because the regulations go back and forth all the time. So yeah, this is something we'll have to find a good balance and a good solution for.
Paul: Yeah. And I think, just to finish off on... about the cybersecurity, is: I take it your clients were also holding you accountable for the choices that you're making on their behalf, right?
Maria: Of course.
Paul: So this is why it's absolutely important for you to find the right vendors, as you mentioned, with the service level, which is important as well, so that you can manage or deal with situations where they might be a crisis case.
Maria: Yes. And no, it's one of the most difficult things in this area, maybe in a lot of other areas, too, is trust. Because at the end of the day, every client understands that they trust us, and we trust to our providers something very, very, very important. And this is... And we cannot just, you know... we cannot disappoint them.
Paul: Yeah, I can understand. So Maria, when it comes to cloud services and moving from on-premise, so traditionally, there has always been a case for storing documents, different files locally. Is there trust in cloud providers now? Do you trust to put that information into a cloud service, to collaborate on things?
Maria, when it comes to cloud services and moving from on-premise, so traditionally, there has always been a case for storing documents, different files locally. Is there trust in cloud providers now? Do you trust to put that information into a cloud service, to collaborate on things?
Maria: My answer would be yes. Though, I think that local encrypted storages are really the best solutions, because that something that is out in network becomes a little bit more vulnerable. But the level of convenience, as we said, of, let's say, using an encrypted cloud storage is so big, and we are now so used to having this opportunity to share files, to access them from any place of the world, that I think the solution, for example, Tresorit provide is a great combination of security and convenience for most of our clients.
Paul: Fantastic! Okay, Maria, thank you very much today for joining us. It's been a pleasure having you on the show, and I wish you all the best.
Maria, thank you very much today for joining us. It's been a pleasure having you on the show, and I wish you all the best.
Maria: Thank you very much.
Paul: And hopefully, we'll have a chance to speak again in the near future.
Maria: Thank you very much.
Paul: Okay, Maria. Thanks a lot! Bye bye!
Maria. Thanks a lot! Bye bye!