The Center for Data Innovation spoke with Raj Ananthanpillai, Chairman and CEO of Endera, a Virginia-based software company that focuses on workforce analytics for security professionals. Ananthanpillai discussed how trust scores can give consumers greater control over their sensitive data and help businesses navigate state privacy laws.
The interview has been edited.
Gillian Diebold: What is workforce risk, and what are the different contributing factors?
Raj Ananthanpillai: Workforce risk involves employees, contractors, and supply chain issues that can do damage to your brand, company, customers, or other employees. It can include fraud, IP theft, workplace violence, and more. Exacerbated by various factors such as legal troubles and financial hardship, workforce risk is one of the most severe and stubborn drivers of security threats facing businesses today. It can pose serious threats to operations, finance, compliance, and brand reputation.
Employees are the most valuable asset for any company. If companies fail to identify and manage workforce risk on an ongoing basis, their efforts to recruit, train, and retain their workforce will be severely affected. The reality of today’s job market, especially during our current labor shortage, requires a proactive, effective, and scalable approach to protecting against these threats.
Diebold: How does Endera’s continuous evaluation platform assist security professionals?
Ananthanpillai: Throughout my career, I have witnessed firsthand the efforts of security professionals to keep up with post-hire risks. While many companies utilize governance policies like self-reporting or cyber tools such as data loss prevention, they can miss the external events that may increase the likelihood of insider threats. Others may conduct periodic background screenings. Unfortunately, those point-in-time reports are expensive, labor-intensive to review, and tend to provide irrelevant information on a large group of employees.
Endera’s Continuous Evaluation picks up where internal policies and activities end. A purpose-built, highly secure, cloud-based SaaS platform, Continuous Evaluation automatically delivers continuous analytics through notifications and risk alerts. We pull people-based risk indicators from more than 25,000 data sources and public records. After receiving these role-specific, risk alerts, enterprises can conduct further investigation to inform the next steps. When combined with a company’s existing internal security safeguards, our continuous evaluation of workforce risk for external issues completes the full security picture for an enterprise.
For continuous risk evaluation to succeed for a large organization, the system has to be scalable. Our platform can easily enroll hundreds of thousands of personnel, with no IT integration required. These procedures help enterprises safeguard their customers and employees, protect shareholder value, and comply with various regulatory and industry-specific reporting requirements.
Diebold: Part of the platform is identity-focused evaluation. Can you explain what that means, and how it relates to privacy?
Ananthanpillai: Continuous Evaluation’s identity-focused evaluation is exception-based alerting based on a pre-configured workforce risk policy. As an example, for an organization with over 70,000 identities, as risk indicators surface in public records, Continuous Evaluationscanned nearly 18 million possible risk events over a period of time but isolated only 0.2 percent of those as indicators relevant to their business, including incarcerations, convictions, financial distress, registry, and watchlist status. Companies receive these alerts and can investigate further to proactively prioritize investigations. We are proud of the advanced selectivity of our exception-based alerts. Our customers never again have to dig through mountains of false positives or business-irrelevant data points that tend to compromise employee privacy.
In addition to exception-based alerts, we designed Continuous Evaluation with security in mind. Our platform uses a highly secure cloud infrastructure, is ISO 27001 certified, ensuring maximum information security. We are confident that our proactive and continuous approach to workforce risk evaluation will improve our customers’ regulatory compliance, organizational culture, and many other factors essential to their overall security and privacy posture.
Diebold: Endera also started Trua, the first trust exchange network, where users are given a score to present to employers in lieu of a background check. Why is a trust score more optimal than a traditional background check?
Ananthanpillai: Traditional background checks involve employers gathering personally-identifiable information (PII) from an individual, which is then passed on to third-party companies to perform a background check. After reports are provided to the employer, the employer may notify applicants that there is something on the background check that may be of concern, and then the applicant deals with the third-party company directly. The problem here is that the applicant is brought in at the end of the process, only seeing their data retroactively and with limited control. Some of the data that the background check company provided could be irrelevant and may inadvertently introduce bias in adjudicating the applicant for hire.
Endera’s Trua solution makes consumers the driver of their own data, enabling authenticated individuals to initiate the creation of their TruaScore. Trua’s platform verifies and validates applicant-provided data for education and professional licenses as well as publicly available criminal and civil court records, sanctions and watchlists. Once applicants obtain their TruaScore and a summary report, they verify and consent to every share of it moving forward. With TruaScore, neither employers nor applicants need to repeatedly exchange personally-identifiable information, such as Social Security number, date of birth, etc. Instead of being in the middle of the process, employers can turn to Trua for credible and relevant information to make quick and informed hiring decisions. Trua is an easy-to-understand score that allows for unbiased hiring decisions, as there is no need for in depth review of lengthy background check reports. Businesses that adopt Trua will not only fulfill their commitment to consumer privacy, but also have a leg up in today’s competitive job market. As the consumer data control and privacy requirement becomes mainstream, TruaScore owners can re-use their portable score for any purpose beyond employment screening.
Diebold: How could TruaScore technology help with navigating a patchwork of state privacy laws?
Ananthanpillai: Data privacy laws are complicated. Currently, there is a growing patchwork of state-level privacy laws that creates confusion for businesses and consumers alike. For example, companies operating in more than one jurisdiction have to tailor their background screens geographically. While these state privacy laws intend to enhance data protection, businesses and consumers cannot afford to adopt different systems that only subject them to higher compliance costs and data privacy risks. Besides, these privacy laws are being imposed on an outdated and broken screening process.
Instead of trying to create legislation to retrofit legacy background check processes and methods, companies should embrace innovative, self-sovereign screening solutions that put the individual in control of the process with transparency for all. Trua fulfills these requirements by enabling consumers to validate their TruaScore and only providing information vital to the hiring outcome, such as identity verification, education, court records, and professional credentials. TruaScore is easy to understand and can be applied without biases in the hiring process. Standard background checks, which can also deliver irrelevant information, require significant training and are open to individual interpretation and bias.
Current privacy legislation at every level is attempting to fix a broken system, where consumers are fighting for control of their own data. With Trua, authenticated consumers build their own TruaScore, verify, and consent to every share, ensuring the accuracy of information when their livelihood is at stake. The goal of future privacy legislation should be to respect individuals’ privacy, while ensuring businesses can receive the information needed to manage risk and succeed. Policymakers can accomplish this by embracing new technology innovations that aim to shift the paradigm: putting consumers in control.