An average 58% increase in cyber incidents in New Zealand. Phishing attacks on the rise. Unauthorized access attempts becoming commonplace. It should be enough to make any business leader, any public servant, toss and turn at night. When Saviynt, a US-based identity and governance platform provider, announces its partnership with Chillisoft, it wants to “secure” the Land of the Long White Cloud. We would expect most people’s immediate response to be one of relief. Another defensive lineman on the field, another barrier against the cyber tempest, eh?

We’re led to believe that this is all in the name of smarter identity security, of securing organizations that are digital-first. We’ve been assured that Chillisoft’s extensive reseller network will enable Kiwi businesses of all sizes to harness the power of these cutting-edge solutions. Let’s cut through all the smoke and mirrors marketing buzzwords. What on earth are we agreeing to sleep with here.

Saviynt offers cloud-native identity security solutions. Cloud-native. That means data, potentially sensitive data about New Zealand citizens, businesses, and government operations, residing on servers likely housed… where? In the US.

Remember the Patriot Act? Remember the Cloud Act? These laws provide the US government with broad powers to access data that is stored within the US jurisdiction by US companies. It doesn’t matter where that data is stored. All of a sudden, that “smarter identity security” doesn’t sound so smart anymore.

It is no better than the fictitious Trojan Horse. The Greeks supposedly offered the Trojans a towering wooden horse as a symbol of peace. It was a brilliant ploy to take the city of Troy, concealing soldiers within.

I'm not suggesting Saviynt is intentionally malicious. However, good intentions pave the road to hell. And the road to hell is very often paved with rich government contracts and increased market share. We've seen this movie before. US tech giants continue to make vague and hollow promises around innovation and security. Instead, they’re usually the ones on the defensive when it comes to data breaches, privacy violations, and complicity in government surveillance.

We’re so excited to help you elevate your advocacy! Read up on the latest lawsuits, including one against Meta for breaching data privacy statutes. Were users warned? Was their data protected? What recourse did they have?

I'm not a Luddite. I appreciate that we live in an age of rapid technological advancement and gold-plated cybersecurity. Do we get lulled into such a haste to hand over our security to foreign actors that we shortchange our own development? It’s true, New Zealand has a rich sector of technical and creative professionals – makers that are building things and innovative thinking. Should we really not be investing in creating those local solutions, solutions that really reflect what we need and want and value?

There’s a seductive allure to these “convenient” cloud solutions. Just plug in, and poof, you're secure. But convenience often comes at a cost. In this instance, the cost might be our data sovereignty, our privacy, and our national security.

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. I’m sure she is an outstanding and highly competent person at the height of her power. In all the understandably deserved praise and applause, let’s not lose sight of the bigger picture here. This isn’t about one individual or one public-private partnership. This isn’t just a singular occurrence, it is rather a part of a larger, disturbing trend – the increased dependence on foreign actors for critical infrastructure and services.

I do want to strongly encourage New Zealanders, particularly enterprise and government folks, to be very cautious about this partnership. Ask the tough questions. Demand transparency. Explore local alternatives. Don’t get distracted by the pitch of “smarter identity security”—it’s not worth putting your data at risk. Remember the Trojan Horse. While it seemed magnificent from the exterior, in fact, it shielded a lethal mystery. Help prevent New Zealand from becoming the new Troy.

This isn't about fear-mongering. It's about being responsible stewards of our nation's security and independence. Let’s stop exchanging our sovereignty for the mirage of blissful convenience.

  • Dependence on foreign providers creates vulnerabilities.
  • Local solutions foster local expertise and economic growth.
  • Data sovereignty is non-negotiable.

The Cost of Convenience

There's a seductive allure to these "convenient" cloud solutions. Just plug in, and poof, you're secure. But convenience often comes at a cost. In this case, the cost could be our data sovereignty, our privacy, and our national security.

What About Suparna?

And Suparna, the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E, I'm sure is a very capable person. But let's not lose sight of the bigger picture here. This is not about one person or one partnership. This is about a trend, a worrying trend of increasing reliance on foreign entities for critical infrastructure and services.

A Call for Vigilance

I urge New Zealanders, especially those in the enterprise and government sectors, to approach this partnership with caution. Ask the tough questions. Demand transparency. Explore local alternatives. Don't let the promise of "smarter identity security" blind you to the potential risks. Remember the Trojan Horse. It looked beautiful from the outside, but it concealed a deadly secret. Don't let New Zealand become the next Troy.

Time to Act

Here are actionable steps to protect your data and sovereignty:

  1. Demand Transparency: Ask Saviynt and Chillisoft about their data storage policies and where your data will be held.
  2. Explore Local Alternatives: Research and support New Zealand-based cybersecurity companies.
  3. Lobby Your Representatives: Advocate for stronger data privacy laws and regulations.
  4. Educate Yourself: Stay informed about the risks of relying on foreign tech companies.

This isn't about fear-mongering. It's about being responsible stewards of our nation's security and independence. Let's not trade our sovereignty for the illusion of convenience.