‘Data protection and security need to be baked into strategy from the start’


12 Jun 2020

Paul Ryan. Image: OpenX

Paul Ryan of OpenX talks about the adtech industry and the importance of incorporating data protection into product development.

Paul Ryan is the CTO of adtech firm OpenX, where he oversees a global team of more than 150 engineers and data scientists to develop new programmatic advertising technology.

He was previously CTO and co-founder of mobile search company Zowdow, and has held senior technology roles at Yellow Pages Group, Leads360 and Overture. Here, he discusses how the adtech industry is evolving and why data protection should be proactive rather than reactive.

‘Security needs a seat at the table in terms of corporate strategy’
– PAUL RYAN

Describe your role and your responsibilities in driving tech strategy.

Our products and our core technology platforms require tight strategic as well as tactical integration, so my role encompasses both tech and product strategy globally. This includes overseeing everything from the product strategy and roadmap, leading the development of new products and features, all the way to ensuring everything runs smoothly with our internal IT help desk.

Additionally, as an adtech company, we process a high volume of transactions in the cloud including trillions of events that need to be tracked and reported on daily, so I spend a lot of time thinking about how we evolve our high-volume production systems to address these specific needs of the company.

While CIOs traditionally focus on the supporting tech used to keep the organisation operating smoothly – covering internal tools, processes, procedure and all the internal networking – CTOs typically focus much more on the actual products and how they tie into revenue. My role covers both.

Are you spearheading any major product or IT initiatives you can tell us about?

Last year, we undertook a huge project to migrate our entire high-volume infrastructure into the Google Cloud Platform (GCP). This is not a hybrid cloud solution, but 100pc cloud-based.

This initiative was not a lift-and-shift exercise. We refactored major parts of the platform while supporting the old on-premises infrastructure and learning about the features, function and idiosyncrasies of GCP.

Being in the cloud has brought us tremendous benefits, as we can now address scale and load, and handle peaks and dips in a way we weren’t able to before. We also have access to the advanced services of GCP like their AI and machine learning, which we’re using to optimise and streamline the performance of our exchange.

On the product side, I’m driving two major initiatives. First, the development of our OpenAudience product suite. We’re organising and using data in an interesting and sophisticated way to better enable one-to-one marketing in the programmatic universe. This will make it very easy for brands and advertisers to transact on audiences using their DSP (demand side platforms) partners.

The other initiative is around Prebid.org, which is an open-source project aimed at helping publishers better manage their ad inventory. I am on the board of the organisation and our team actively contributes code to enhance the value of the solution.

Open-source projects like Prebid are key for moving the adtech industry forward and we’re regularly thinking through how we can continue to collaborate with others across the industry to build solutions that help our partners navigate a rapidly evolving advertising ecosystem.

How big is your team? Do you outsource where possible?

The product and engineering team at OpenX is around 120 people, with a significant portion of the team based in Krakow.

We outsource some 24/7 helpdesk efforts, a network operations centre and specific software-development projects that require unique expertise. We handle the majority of the software development work in-house.

What are your thoughts on digital transformation and how are you addressing it?

OpenX exists in a completely digital ecosystem, and we’ve operated this way for more than a decade. From a core infrastructure point of view, we’re mostly digital and everything is SaaS-based.

Internally, we are using all of the latest and greatest tools to manage our processes. The sheer size of our platform compared to the number of people that support it means it’s essentially completely automated.

What big tech trends do you believe are changing the world and your industry specifically?

Moving to the cloud is the top trend changing our industry. We made this bet last year and the way we look at it, when you think about the sheer volumes of data we deal with in digital advertising – which is growing every day – it’s almost impossible not to use a cloud-based infrastructure to support the business.

The second big trend is privacy. You need to take the time to understand it, and then you need to build it into your strategy and products. In the last few years, the adtech industry has had to grapple with a number of changes introduced by GDPR and CCPA.

Both initiatives have provided complex new privacy frameworks to follow and as privacy continues to be top-of-mind for consumers, learning to navigate in this new regulatory landscape is something that everyone in our space is thinking about.

Finally, while big data is not a new trend by any means, better management of data and particularly understanding the lifecycle of data has grown in importance.

With the abundance of data in our industry specifically, it’s important to be smart about the data you’re utilising and also the data you’re not, and aggressively getting rid of data you don’t need. When petabytes of data accumulate each day, you have to be very good at understanding it, using it for what you need and then getting rid of it.

In terms of security, what are your thoughts on how we can better protect data?

Security needs a seat at the table in terms of corporate strategy. The security team is often seen as the people in the room who are quick to say no or slow down product development, but taking this view is the wrong approach.

Data protection and security need to be baked into strategy from the start. It needs to become second nature, and addressed regularly, so every year there isn’t a rush to make updates to meet the latest security requirements.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.