Listen on iTunes | Listen on Spotify | more directories coming soon 🙂
In today’s episode, you will hear from the co-founders of eXate Peter Lancos and Sonal Rattan. eXate streamlines, automates and simplifies the processes of storing, interpreting, and extracting value from data assets. It democratizes data privacy for organizations by providing a simple, embedded platform that automates the technical enforcement of data policies.
Data is becoming more and more regulated every day:
Many global organizations are struggling to meet data regulation standards. Below are just a handful of data regulations across the world that have been introduced within the past couple of years.
- GDPR – Europe
- Califorina Consumer Privacy Act (CCPA) – USA
- Personal Information Security Specification – China
- Personal Data Protection Bill – India
Why organizations struggle to meet data regulations?
- Decentralized Security – Organizations should have a common approach to handle security controls. This should not be done at the individual app or DB level. These security policies for these systems should be centrally managed.
- Lack of Automation – When you try to do it on a team-by-team basis, and you have thousands of development teams across a large organization, you have people doing it differently all across the organization, which effectively is tying your data into knots. Your developers should not be having to read through policies and interpret regulations, they should be able to call an API that tells them what they can do what that data.
Chief Security Officers:
Are normally the stakeholder when technically solving to meet the data regulations. CSO’s typically do not typically have the budget to solve for it. The enterprise architects the ones most likely to spearhead the effort to better automate and integrate the security across the organization.
What is DataSecOps(Data Security Ops):
DataSecOps is the collaboration and automation of policies enforcement from the various teams across the organization; Dev, Legal, Security, Governance, Risk, Compliance, Data Stewards, and Data Owners.
Real-life examples of using DataSecOps in practice:
- Preventing Prod Data in NonProd Environments: Configure rules that when any information is flowing from a production data source into a non-production data source that’s it protected by the policies and rules set by the policy owner.
- Protect data flowing through APIs: Control data centrally at a proxy level, personalize the API contents based on the consumer, and the policies rules set for the consumers. DataSecOps allows you to centrally manage API access and usage.
Privacy-enhancing technologies are technologies/methods that enable the protection of data. PETs are typically used to minimize the use of personal data without losing the functionality of data. Below are a few examples of privacy-enhancing technologies:
- Homomorphic Encryption: encryption method that enables computational operations on encrypted data
- Differential privacy: Protects data at the individual level, but allows you to derive insights at the group level.
- Obfuscation: General term for data masking where you replace sensitive data with adding misleading data.
- Pseudonymization: Replacing sensitive data with statistical realistic fictional data.
eXate is a DataSecOps SaaS solution that simplifies the way organizations access and share data.eXate has developed a solution that automates the technical enforcement of data policies across the organization. eXate is cloud-agnostic and can be run on-prem, cloud, and hybrid. eXate is built on top of Docker Kubernetes
What are your guiding principles for designing security into a modern data architecture:
- Data privacy should be simple
- Data policies should be centrally managed and automatically applied, you should not be reliant upon having a federated distributed way of applying data policies.
- Principle of Least Privilege
Where do you see data security heading over the next 2-5 years from now?
- DataSecOps principles will be mainstream and automated. Security will be built in from the start and not as an afterthought.