Re-envisioning Trust with Elena Kvochko

Alberto Yépez [AY]:

My name is Alberto Yépez and I’m going be your host today. I’m very pleased and honored to have Elena Kvochko, Chief Trust Officer of SAP with us today. Before I turn it over to Elena, I met her when she was part of the World Economic Forum and she was helping a lot of the growth companies. I remember being in a lot of different forums discussing big problems to solve and then coalescing towards her current role and also what we decided to do here at Forgepoint. So Elena, welcome and thank you for taking the time.

Elena Kvochko [EK]: 

Thank you so much, Alberto, for having me and for the longstanding friendship and partnership.

AY

For the people in the Forgecast, can you give a brief overview of your background and how do you get into cyber?

EK

Absolutely, Alberto. So I started in cybersecurity, actually, I started on the technology side. I started as an IT specialist working at an large international organization and I saw that many times when large technical projects were implemented, security was not really at the forefront of considerations of any RFPs or requests. It was always almost like a one -liner request somewhere at the end. Oh, and by the way, technology has to be secure. So I saw a big opportunity. I saw an unaddressed challenge that the world was facing and this is how I switched to cybersecurity. And since I have been working in the industry, I also saw so many inspiring factors that attract people to cybersecurity and why it’s still such an amazing and growing field for anyone who wants to join this.

I think that one of the most inspiring or one of the most factors that I’m noticing still is that the idea of being the defender. I always try to emphasize that a career in cybersecurity is very rewarding. You got to be involved in securing a company, personal data, learn about new technology, understand the threat landscape, and it’s also beneficial for personal and professional growth. As you know, and as you are contributing to it so much, our industry is in high demand. So there’s a lot of opportunities for growth and there are many different fields that are still worth exploring within security. I also want to highlight for anyone who is still considering our industry that it doesn’t have to be intimidating, that we do need a wide range of skills that can help us achieve our goals. And it’s an exciting growing community and with love for more people with diverse background to be part of that.

AY

I can sense your excitement about the industry and how you also feel privileged in the roles that you play like we do. We’re enabling, looking at security, cyber, trust, and privacy. I said enabling technology to achieve business objectives. But you had an interesting career because you initially started in financial services. At Barclays, you went to Bank of America, took very different roles, and now you’re at SAP as Chief Trust Officer.

AY

So what does a Chief Trust Risk Officer do? It’s a new title so what is this scope? When people think about SAP, they think about the software company that delivers great products to keep companies running efficiently and has gone and expanded its reach. At the same time, I’m sure you have to keep all that infrastructure secure and have that trust in it. So we start with the beginning and say, what does a Chief Trust Officer do? And maybe speak to the broader landscape of the different responsibilities and things you got to do within SAP.

EK

Yes, absolutely. Well, Alberto, as you alluded, cybersecurity is a very dynamic and evolving field and it does attract individuals with a variety of skill sets. It’s evolving because we have constantly evolving threat landscapes and cyber threats are changing. So you have to stay ahead of the criminals. And one way to stay ahead of that is, of course, by fortifying your defenses and being trusted relationship with your customers and stakeholders. And of course, for anyone who works in my organization and the trust office as well as similar organization, we see that working in this field provides the sense of purpose. Because we are also on the front lines of defending organizations and individuals against cyber threats and educating our customers on how to use the products securely.

So as the Chief Trust Officer, and I’m very proud to be, by the way, the first Chief Trust Officer of the company, I’ve had the opportunity to build the organization to really set a lot of policies and frameworks that really now guide us. So in my current role, I guide my managers and my global teams in our journey to building back building stronger trust, embed trust into different aspects and products of SAP put the feedback of our customers back into our technology and processes. I have a team in 40 different countries and we definitely see the global impact that we’re producing. I also learned that there were multiple surveys done and almost 80% of Americans reported that they were still very concerned about how companies use their data that they collect. Most of them feel that they don’t have the control or even the knowledge of what data is being collected and how it’s being used. Many users of technology still report not understanding the underlying processes and not being sure that their data that they provide to organizations can be saved. And I think those types of concerns were really the driving force for us to establish the trust office within SAP, and they now have become our mission to address. For us, it’s really important to be transparent about our security practices, and as a global software provider, we have the responsibility, and we feel this responsibility, to set the trend in increasing transparency and security.

When I started, as you said, there were fewer companies that had trust office and a trust officer role, and mainly they were within financial services and technology industry. Now, this year, we have done a joint study with MIT and Deloitte, and MIT has found that almost 19 % of Fortune 500 companies now have a trust officer and equivalent. So that just for us speaks to the growing importance of those types of roles and the types of resources that our organizations can provide back to our global customers.

And just to elaborate on some of the specific things that trust offices within our company or within comparable companies do, there are several main areas that we focus on. To list a few:it’s establishing the trust policies and frameworks. For us, we’re supporting the entire sales cycles of the organization from pre -sale side to sale side to post -sale side, where we ensure that our customers have the information that they need to make informed decisions. We guide the sales processes, provide approvals when necessary, explain to our customers how their data and privacy are protected, and we have a team of subject matter experts that is located across the world that is really able to guide across the SAP products and platforms. We also provide oversight and compliance. We help manage relationships and involve in potential questions or even escalations when necessary. We act as a liaison between our organization external stakeholders when needed and really plays a great emphasis in all areas related to cybersecurity, privacy, compliance, and that really important notion of transparency.

AY

Wow. Just to get an idea for the audience, SAP does business in how many countries and how many compliance frameworks do you need to adapt? Because it’s constantly involving– everybody knows that Europe and the EU has been ahead of the market in defining privacy with GDPR and everything else. But Japan has their own. Even the US, a lot of the states are coming up with that. So how do you bring all these together and how do you drive for that compliance that may lead to trust?

EY

Yes. So I think, Alberto, we operate in over 200 countries. And that’s definitely dozens and dozens of frameworks that companies like ours have to comply with and have to serve. So I think leading the efforts in such areas is really important, coordinating the efforts, mitigating and remediating the impact when necessary. And of course, developing and maintaining plans and processes is something that we have to do. It’s a large effort and staying informed about the evolving legal and regulatory landscapes becomes really important because it does change. As you see, we see more sophisticated regulations coming out, which is great. We’re definitely looking forward to supporting that and making sure that organizations and our customers and clients can stay compliant with the relevant laws and rules.

AY

We’re going to ask you later to give us the link to the study that you guys did with MIT and Deloitte because I think many people can benefit from the research done. There’s a lot of stuff in the news about distrust in the digital age and with the advent of AI, genitive AI, we’re beginning to see a lot of geopolitical influences, social media and so on. How do you feel now is more at the macro level rather just as SAP, this is evolving and how can a lot of those can be prevented? I think there’s a lot around education and everything else but how are you guys thinking about how to approach that?

EK

As you said, the effect that trust can have on a business can be all encompassing and can be very broad. It can impact growth, it can impact workforce engagement, partner relations and really all other aspects that can even make or break a company. Some of the numbers that we saw were that almost 88% of consumers believe that they will buy again from a trusted brand. On average, also the same data shows that trusted companies are 2.5 times more profitable than non -trusted companies or companies that have experienced some kind of trust breach. So we do see that that has a direct link to growth. We also know that employees that work for a trusted company, they provide more creative solutions, they report less stress, more energy, higher productivity and more satisfaction. Actually a lot of them, the numbers that we saw that employees report 74% less stress and almost double the amount of energy when they work for the company that they trust and where their values align with the values of the company. So definitely it also is great for more life satisfaction for your workforce if you’re building a trusted company.

AY

Even with recruiting, my goodness, it has a lot of impact.

EK

What we also see in business trust is no longer, it can no longer be taken by granted or it’s no longer given by default, it needs to be earned. We believe that trust is earned when actions meet the words. As you mentioned in the beginning, in the world that we live in, trust is right now at the deficit. So companies that can exhibit trust and build trust from design really can win. And that also, of course, it’s really important and the important factors here are all the employees and people that work with clients, but also trust starts with the leadership. It can be and should be fostered from top down and really promoted in all of the values and areas that are important to the company.

Just to give you an example from my experience, something that was very important to me is to build a diverse and equal organization. So I’m very happy to have set the bar high and keep up the 50 /50 gender equal team across my teams. So there is something that we can all do to promote trust within and outside the company.

AY

The topic of diversity and inclusion is the diverse perspectives that make much richer discussion and outcomes. So what specifically you’re doing to engage the community and the groups you’re supporting and perhaps you could ask the audience to actually perhaps think about it because a lot of us intuitively wanna do it. Sometimes we don’t know. In our case, we’re also trying to contribute towards diversity in the venture capital and private equity communities, which is huge differences, right? When you look at the different underrepresented groups being included in this part, but what are the things you’re doing in SAP overall to promote these, in addition to just hiring? Are there any specific groups that you think would be worth highlighting for the audience?

EK

Well, like I said, we’re very proud to have reached this gender equal team, both on the manager level and the individual contributor level globally. I don’t think it would have been possible without the support and the commitment of the leadership. So that’s something that we actively tracked and monitored and set as a goal. And now we’re very happy to continue that and set as an example. To continue this effort, we’ve also been investing more in early talent through our partnerships with colleges and universities. We have launched the partnership with HBCU as well, where we really focus on other aspects of diversity, such as the racial diversity and making sure that we can also support employees and we can also support individuals from diverse backgrounds. Just as you said, focusing on hiring, focusing on making sure that employees have high satisfaction rate at work, making sure that the education and the support system is in place is very important. We were very fortunate to have an amazing team with our diverse efforts and we really look forward to continuing and building on this effort.

I do agree with you that organizations do need to take a hard look at their hiring practices and understand the experience of their current workforce. Very often, your current employees are some of the best promoters of your business. So if you are looking to increase diversity, definitely leverage that resource. If you have a good gender distribution in your leadership position, make sure that you share that. If you have a really high representation of young talent, or high job satisfaction, make sure that you share that, and your employees can help you achieve those goals. Using some of the studies that we’ve seen, and we really try to implement that as well, show that, for instance, using neutral language and job description, that can invite more people to apply, and they can invite more diverse individuals to apply to the job postings. So maybe if you’re considering hiring for a highly sought after cybersecurity role, but some of the skills that you’re listing could easily be learned or trained or taught on the job, maybe consider using more generic language that can help you find a motivated individual, and you can train them on the job, versus really adding that as a hardcore requirement, right in the job description.

Addressing those disparities in cybersecurity workforce, and I think a lot of this would translate to venture capital or other industries, it’s still a complex challenge, but having this multifaceted approach and making sure that you work with different stakeholders, educate the institution, and the industry and really work with your employees, HR, and your leaders, can really help you set the effective strategies for it.

AY

What we do at Forgepoint is, we look at not only make sure that for whatever role we do, that the candidate pool is diverse, because a lot of people say, “Oh, it’s not possible.” No, let’s have the diverse candidate pool and select the best people. You don’t hire people just because they’re diverse- it is because they’re good and have the potential to fulfill the role, and then we have more of an apprenticeship role. So having the ability to mentor, sponsor, be advocates for them to succeed is something that we take very, very seriously, because it’s always this excuse, oh, there’s not enough candidates. No, the reality is, to your point, it comes, it has to come from the top and it has to be something that you are very intentional to be able to do that.

So that’s great. A lot of it is also setting up role models, right? You’re a role model, you’re a women and executive in cybersecurity with very important roles and being out there, not only showing that it is possible, but engaging in the community. Any organizations, I think you’re part of some of the groups that are, it may be just New York, I don’t know what areas, but that you think would be worth for some of our audience and listeners to consider.

EK

I’m particularly passionate about supporting women’s groups and groups that give women the tools that they need to succeed in the workplace and really achieve their dreams. What I would recommend for others is to look at your own life and maybe think where you have really benefit from a support group. They work really early in your career or as a manager, then try to find groups and organizations that support the causes that resonate with you. That’s also a great opportunity to give back and something that you can, as an individual, continue supporting, maybe continue supporting within your own company. By looking at your own experience, you can be very thoughtful and have this personal decision making process about what’s important to you. And there are probably some really great steps that we can discuss on how to, how to decide what to support. And I’m definitely looking forward to continuing on my mission as well.

AY

Great! Let’s get back to the industry for a moment. What do you think about the advent of generative AI? It’s touching the consumer now, right? AI has been around for quite a long time, automation and everything else. But how do you think the balance of generative AI and the adoption of that will impact companies in general, their productivity, their efficiencies, but also trust, the two sides of the coin.

EK

As Chief Trust Officer, I’m keenly focused on working with like-minded colleagues and organizations to create almost the trust framework for the responsible use of generative AI. We have launched multiple efforts internally and we are looking at a lot of use cases. We have launched products and partnerships with some other companies, tech companies, Gen AI companies who are very happy for that and we’re very happy to continue making this emerging technology more trusted, as you said. And you can also take it to the extreme and say that, you know, how we implement guardrails and how we deal with this technology can also break or challenge the bonds of trust throughout the society. But there are many ways in which we can mitigate the risks that originate from those anxieties and fears of the unknown and the impact and the societal impact of disruption and displacement that a lot of individuals and companies are being afraid of. Historically, if we look back, we see that many times and every time a new technology was introduced, there were fears, there were cautionary tales about how the technology could just upend the life. But as you see now, you know, fast forward from the first car that was introduced through the first printing press or any of the transformative technologies, as the world we actually benefited from it. So as we think about and incorporate and approach a trust framework towards generative AI, we think they’re probably fast – maybe five or more areas that need to be managed in this fast developing world. Specifically, I would list here, bias in data, deep fakes, errors, data poisoning and AI hallucination. And there are many more efforts that could be done, that could be put in place but I think that while addressing those legitimate concerns and making sure that technology has the right guard rails, it’s also crucial to promote trust, ethical guidance and responsible development and deployment of such technologies. By doing so, we believe that we can harness the transformative potential that AI technologies have already opened to the world, and also be able to mitigate the potential risks. Otherwise, many of us might actually get burned.

AY

Yes. We‘re always thinking what this is going to enable and think through a way to, to your point, what are the sufficient guard rails for the adoption, not for stopping them from doing it. Therefore, we focus on a couple of different areas. Like you were saying, a lot of what is all about data and how you mine and derive insights by applying models that basically help you come up with certain conclusions, but the ability for the data not to be contaminated, so putting guard rails or wall gardens to make sure the data has not been compromised, but then the LLMs and the different models, language models to make sure that they don’t get poisoned or they get weaponized, right? We’ve seen a lot of history within open source and to this day, some of the biggest breaches in the world have come through back doors or open source vulnerabilities that perhaps have have not had any bad intentions, but they get exploited by the bad guys. So I think the history repeats itself. On the other hand, it’s going to be a huge enabling technology for areas that can impact the business and so on. So it’s fascinating.

EK

Yes it is. Internally, we count that hundreds of use cases and submissions that were presented to us for consideration. So we’re definitely seeing a lot of traction on our site as well. Some of it is already available through some of the products that SAP offers, particularly on the hiring side, tar management, procurement management sites so we’re very happy to have been able to offer that. And as you said, understanding the capabilities and limitations is very important using the ethical frameworks. Risk assessment and mitigation is also another step. It’s amazing to see how many companies still may not even have the awareness of where AI is being used within the organization. So taking stock, taking inventory of what’s happening in the company is really, really important. Something that I know you’re also placing great emphasis on is working collaboratively with governments and regulatory bodies to establish that clear legal frameworks that govern the use of generative AI. I know a lot of the effort’s already happening, so I think helping balance those innovations with protecting privacy, security, and societal well -being is something that needs to be at the forefront as well.

AY

Is there anything you’d like to highlight? You know, we cover a fair amount of information on trust and AI and DEI. Anything you believe is going to be next in our industry or any new challenges and opportunities that we have as IT in security and trust professionals? This is more blue sky, you know, thinking broadly, what do you see that the next five years looking for and businesses as individuals that we’re going to have to deal with?

EK

Well, I think I would like to see just from my standpoint, I’d like to see more organizations embracing the concept of trust, really being more open and transparent about how they handle data. We can also see more and more efforts of companies operationalizing trust. One of the research points that I really love is that there’s a connection between trust and even GDP. That was measured by Transparency International Index, because the companies and organizations that are trusted and have strong governance mechanisms, see a 10 percentage point increase in the share of trusting people within a country. That also has a spillover effect on GDP per capita by about 0.5 percentage point. So we do see that trust and civic norms are stronger in nations with higher and more equal opportunities. This is something that’s just fascinating for us as well that also has not just the impact on one company or one industry, but really a more global impact. I do want to see the world where we see more and more companies embrace this, be more transparent, embrace trust as their concept, and really show that it’s possible to achieve and not just possible, but really a necessary aspect of the business.

AY

You’ve been a member of our advisory council. You’ve been an advisor in general for a lot of ideas, and we call you with a lot of relevant topics. So what is the role of innovation that you see moving forward? Because as you know, there’s all these white spaces and addressed potential issues that come up. I know that you’re a big champion of innovation as well. Any few thoughts on that?

EK

Absolutely. Alberto, I think innovation is core. Innovation is core for us all to move forward. And trust, of course, is also essential for fostering innovation and entrepreneurship. Because when you have a climate of trust within the company within the organization, it encourages your employees and stakeholders to do more risk taking, collaboration, investments in their own professional growth and development, but also research and opportunity. So this innovation and this environment in turn leads to creation of more new products, technologies and industries driving economic growth and enhancing GDP and enhancing the overall prosperity for everyone. So I think, you know, innovation is core and something that we really cannot do without.