#173 - Bart Vandekerckhove - Data Security Deep Dive
May 8, 2024
auto_awesome
Bart Vandekerckhove, data security expert, discusses challenges faced by data teams using traditional IAM tech. Topics include zero trust concept, breaches, balancing security with efficiency, promoting security culture, incentives for data practitioners, transition to observability-centered security, managing sensitive data with masking rules and access controls.
Traditional IAM struggles with granular data security management.
Balancing innovation and data security is crucial for cloud data platforms.
Implementing zero trust and revoking access rights are key for enhancing data security.
Deep dives
Streamlining Data Security Management
RITO's application streamlines data security management by providing access requests, management, monitoring, and automation to help data platform teams. The challenge arises from the gap between data governance policies and what actually happens in data teams, making it necessary to bridge the divide by providing tools for implementation.
Balancing Innovation and Data Security
As organizations move data to cloud platforms and aim for faster insights, balancing innovation with data security becomes crucial. The dichotomy emerges where moving fast and strictly managing access seem mutually exclusive. Legacy technologies like Identity and Access Management (IAM) designed for perimeter access struggle when applied at a granular data level, presenting challenges for data teams.
Zero Trust Approach
Implementing a zero trust approach assumes that security perimeters are breached and restricts access to only what users absolutely require. This principle extends beyond data access to encompass infrastructure, code repositories, and other tools, requiring granular access management to mitigate potential harm from breaches.
Revocation and Ephemeral Access
Implementing revocation with ephemeral access rights can enhance security by automatically revoking unused permissions, limiting access in duration or based on specific needs. This approach ensures tighter control over access rights, preventing long-standing privileges that could lead to unintended breaches or errors.
Cultivating a Security-Conscious Culture
Building a security-conscious culture involves prioritizing customer data privacy over profit, fostering collaboration between leadership, engineers, and data owners, and providing comprehensive security training. Companies need to prioritize data security as a core value to mitigate risks effectively.
Automating Anomaly Detection for Enhanced Security
Automating anomaly detection can bolster security by identifying suspicious activities, unauthorized access attempts, or unusual behaviors in data interactions. By relying on observability-based approaches, organizations can proactively monitor and respond to security threats in real-time, reducing potential risks associated with data breaches.
Bart Vandekerckhove (Raito) joins us to chat about data security, and the challenges data teams face when using traditional IAM technology and workflows for data access/security management.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
