We recently hosted a panel featuring Satori Cyber’s advisory board about the overlapping responsibilities of security, privacy and data teams tasked with securing new data science environments. In this post, we’re going to cover the main takeaways provided by our distinguished panel of speakers, which included Andy Roth (CPO at Intuit), Colin Anderson (CISO at Levi Strauss & Co.), Sounil Yu (CISO-in-Residence at YL Ventures) and Eldad Chai (CEO and Co-Founder at Satori Cyber).
The field is evolvingWhile data protection and data governance aren't new concepts, they’re constantly subjected to new approaches as their fields evolve. The recent upsurge in self-service data models is an excellent example, as these models require a strategic overhaul to effectively secure them. Andy has identified three major drivers of change to the field of data governance:
- Regulatory compliance - There are philosophical differences to European and American approaches to privacy. The former acknowledges it as a human rights while the latter views it as a vertical requirement with the exception of CCPA (and WPA)
- Customer tech compliance - Today’s customers require that their data remain segregated and handled with their own delineated set of access policies and use controls
- The strategic value of data - Organizations have caught on that there are much stronger incentives to govern data properly outside of fines. The most successful data-driven organizations are the ones that make their data as accessible as possible-today, maturity tends to occur in organizations that evolve from a mere data science mindset to one focused on data democratization.
...But it remains highly complexData science environments are plagued by multiple layers of complexity. Among them are the multitude of teams connecting to data, variety of supporting data technologies, host of data silos and data types and unending pool of data access tools. According to Colin, it’s helpful to approach data like water, a substance that flows according to the path of least resistance. To this end, he points out how the public cloud unleashed a set of new access capabilities beyond reports, which were the traditional gatekeepers of data. Today, many people across an enterprise have direct access to data. In cloud environments, this means that it’s particularly difficult to understand the following:
- Where’s the data?
- Who’s accessing the data?
- What are they doing with it?
- What controls are in place to prevent data leaks?