SlideShare une entreprise Scribd logo

Align Data Governance with Business Goals in Streaming Era

confluent
confluent

Speakers: Paige Bartley, Senior Analyst, Data and Enterprise Intelligence, Ovum + Cameron Tovey, Head of Information Security, Confluent For many organizations that want to adopt streaming data, strengthening their governance protocol is a key requirement. While this certainly poses a challenge for data protection regulations and standards, it also limits the potential of data in broader enterprise initiatives that look to maximize the value of information. There’s a prevailing enterprise perception that compliance with data protection regulations and standards, such as General Data Protection Regulation (GDPR) in the EU, Payment Card Industry (PCI), International Standards Organization (ISO) and many others is a burden: limiting the leverage of data. However, the core requirement of compliance—better control of data—has multiple downstream benefits. When compliance objectives are aligned with existing business objectives, the business can experience net gain. For many organizations that want to adopt streaming data, strengthening their governance protocol is a key requirement. While this certainly poses a challenge for data protection regulations and standards, it also limits the potential of data in broader enterprise initiatives that look to maximize the value of information. Learning objectives: -Understand how data compliance can be a facilitator of existing business objectives rather than a burden -Find out how to align existing business initiatives with compliance initiatives for maximum business benefit -Learn about the place of streaming data and data-in-motion in the compliance effort -Identify governance and tooling needs, existing controls and how they apply to new and emerging technology -Discover your options for improving governance

Technologie
1  sur  39
Compliance in Motion: Aligning Data Governance Initiatives with Business Objectives in the Streaming Era Paige Bartley, Cameron Tovey,
2 Cameron Tovey is the head of information security at Confluent. With nearly 20 years of experience protecting data, he ensures that Confluent’s information security program is complete and running smoothly. Before Confluent he protected data for technology startups, healthcare organizations, retail companies, banking institutions and other Fortune 100 entities. Cameron Tovey Head of Information Security, Confluent Paige specializes in all aspects of the data lifecycle including creation, cleansing, security, privacy and productivity. Working across the information management space, Paige researches how data use affects both large organizations and individuals alike. Paige’s other areas of expertise include regulatory and legal matters, data preparation, data quality, unstructured data, master data and records management, as well as neuroscience and cognitive science. Paige Bartley Senior Analyst, Data and Enterprise Intelligence, Ovum
3 Session Overview ● This session will be one hour ● The last 10-15 minutes will consist of Q&A ● Submit questions by entering them into the GoToWebinar panel ● The slides and recording will be available
Ovum | TMT intelligence | informa4 Copyright © Informa PLC GDPR: The Business Challenge… and Opportunity
Ovum | TMT intelligence | informa5 Copyright © Informa PLC GDPR was designed to give consumers and citizens more control over the personal data that, today, is increasingly part of the exchange for goods and services. ▪ Personal data under GDPR has a broader definition than personal data under existing regulations. ▪ Personal data = any data that can directly, or indirectly, identify a natural person A Very Brief Overview of the EU’s General Data Protection Regulation (GDPR) Goods and Services Personal Data “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
Ovum | TMT intelligence | informa6 Copyright © Informa PLC Does GDPR apply to my organization? Yes, if it: ▪ Has customers that are EU residents ▪ Has employees or contractors that are EU-based ▪ Markets or advertises to EU prospects ▪ Collects personal data from EU residents Fines exist in two tiers depending on severity of the violation: GDPR is Global in its Reach, with Enforcement Across Borders (Less Severe) 2% annual global revenue, OR €10 million (More Severe) 4% annual global revenue, OR €20 million Fines Lawsuits Reputational Damage
Ovum | TMT intelligence | informa7 Copyright © Informa PLC Because of business pressure, many countries are modeling their own data protection policies after GDPR. GDPR Has Started a Global Trend of Data Protection Regulation Regional motivation for adopting policy mirroring GDPR: Outcomes: • Proliferation of slightly different regulations across different regions • Increasing consumer awareness of data privacy and data rights • Increasingly complicated regulatory landscape for the enterprise GDPR-Modele d Regulation EU Adequacy Decision Facilitated Data Transfer Lower Cost of Doing Business
Ovum | TMT intelligence | informa8 Copyright © Informa PLC GDPR’s core objective is to protect the rights and freedoms of natural persons. However, the core technical requirement to achieve this is the absolute, granular control of data. To fulfil subject rights, the enterprise must be able to: ▪ Know where all personal data resides in the IT ecosystem ▪ Associate all relevant data with the correct person/identity ▪ Restrict access to data based on employee roles and data attributes ▪ Quickly and efficiently delete or modify data if necessary ▪ Keep an audit trail and lineage of all data-related activities within the enterprise The Core Requirements of GDPR and Data Protection
Ovum | TMT intelligence | informa9 Copyright © Informa PLC This level of understanding and control requires end-to-end management of the data lifecycle, from the point of data creation, to consumption, to disposition. • Data-in-Motion • Data-at-Rest GDPR Requires End-to-End Data Control Data Ingestion Data Storage Data Consumption Data Disposition Data Creation Data Lifecycle
Ovum | TMT intelligence | informa10 Copyright © Informa PLC Complete control of data is the foundation for all data leverage within the enterprise. ▪ Data control for “reactive” purposes: compliance ▪ Data control for “proactive” purposes: data exploitation Better control of data results in better data-driven outcomes: → Improved data quality → More accurate analysis → Facilitated self-service → Reduced processing times → Opportunity to build consumer trust The Business Opportunity of Compliance
Ovum | TMT intelligence | informa11 Copyright © Informa PLC Two Top IT Trends Share the Same Common Requirement
Ovum | TMT intelligence | informa12 Copyright © Informa PLC Aligning Compliance Objectives with Business Objectives The enterprise can benefit from compliance if it is aligned with existing business objectives. Any business initiative that benefits from the control of data will benefit from a robust data privacy and compliance program.
Ovum | TMT intelligence | informa13 Copyright © Informa PLC Compliance requires an orchestration of people, process, and technology across the organization. Challenges to enterprise-wide coordination and alignment with business objectives include: ▪ Poor communication across teams/units ▪ Lack of robust IT integration ▪ Proliferation of specialty point solutions ▪ “Checkbox” mentality towards requirements Compliance Efforts Cannot be “Siloed,” Organizationally or Technically People • Roles, titles, responsibilities • Positive team dynamics Process • Building efficient workflows • Effective task management Technology • Ensuring IT integration • Contributing to control of data
Ovum | TMT intelligence | informa14 Copyright © Informa PLC Streaming Data: A Growing Need for Governance
Ovum | TMT intelligence | informa15 Copyright © Informa PLC GDPR does not differentiate between streaming data and data-at-rest when it comes to data privacy and protection for personal information. Examples of data protected by GDPR: ▪ Sensor data related to health metrics ▪ Data from wearables ▪ Certain social media activity data ▪ IP address data Streaming Data Falls Under the Protection of GDPR Streaming Data Requirements for control: ▪ Records of how data was processed ▪ Who handled and accessed data ▪ Full data lineage and audit capabilities ▪ Documentation of retention periods ▪ Ability to restrict access based on user
Ovum | TMT intelligence | informa16 Copyright © Informa PLC To fully reap the benefit of real-time and streaming data sources while avoiding compliance risk, the enterprise needs to have granular control of data access, data sovereignty, and lineage. All of the following depend on understanding the full data lifecycle: ▪ Result reproducibility ▪ Accurate ROI calculation ▪ Demonstration of compliance Data Control: It’s NOT just about GDPR Data Control • Data-in-Motio n • Data-at-Rest Proactive Benefits • Accuracy • Visibility • Data quality • Self-service
Ovum | TMT intelligence | informa17 Copyright © Informa PLC Streaming data is left inadequately governed by many organizations. Governance of the Full Data Lifecycle is Needed Creation Ingestion Storage Consumption Disposition Traditional data governance frameworks and technologiesUnderserved data governance needs
Ovum | TMT intelligence | informa18 Copyright © Informa PLC Apache Kafka has emerged as a leading open source distributed streaming platform for the enterprise. Kafka is following a maturation curve common to nearly all open source technologies. → Initial focus on use cases and business problem → Secondary focus on integration and compatibility → Tertiary focus on governance and security Apache Kafka: A Streaming Platform, Still in the Process of Maturing Apache Kafka, in its native form, currently lacks certain governance and security features: ▪ Lacks group or role-based security support ▪ Does not currently track data lineage Like most maturing open source technology, Kafka has “rough edges” in terms of enterprise-grade governance and security features.
Ovum | TMT intelligence | informa19 Copyright © Informa PLC Following a similar maturity curve to Hadoop, Apache Kafka is now supported by commercial software that helps fill in its gaps for security and governance. Commercial products help provide: ▪ A polished front-end for management and administration ▪ Integration capabilities to embed streaming data enterprise-wide ▪ Centralized monitoring of performance and replication ▪ Optimization of resource utilization and reliability Commercial products provide the tooling that help “operationalize” streaming data in the enterprise. Commercial Software Helps Fill Kafka Functionality Gaps
Ovum | TMT intelligence | informa20 Copyright © Informa PLC Without commercial software to support security and governance in Kafka, the enterprise must rely on extensive hand-coding. This poses several challenges: ▪ Slow, tedious process ▪ Bottlenecked with skilled users ▪ Prone to human error ▪ Not easily scalable Challenges Face the “DIY” Streaming Open Source Approach Native Kafka Hand-Coding Commercial Software Support Integrated Governance
Ovum | TMT intelligence | informa21 Copyright © Informa PLC Operationalization: the scaling of infrastructure and processes throughout the entire organization, so that so that anyone, in any role, can contribute directly or indirectly to the creation of business value. Without strong data governance and data control, operationalization of any data initiative will fail. Operationalization: The “Holy Grail” for Data Initiatives Data Initiative Outcomes of Operationalization Compliance Shift from cost center to profit center. Strengthened consumer trust. Better data quality. Streaming Data Contextual insight: streaming + historical data. Streaming data leverage across business units. Self-Service Reduced end user dependency on IT. Rapid time to accurate insight. Crowdsourced knowledge. Machine Learning & AI Rapid model development and deployment. ML & AI leveraged consistently in business decisions.
Ovum | TMT intelligence | informa22 Copyright © Informa PLC 3 Tips: Aligning Enterprise Objectives with Compliance
Ovum | TMT intelligence | informa23 Copyright © Informa PLC 1 ▪ A process-based framework first needs to be defined to support the achievement of business objectives ▪ Technology will fit within this framework, not determine it. ▪ Ensure that related business objectives “piggyback” off of each other and share processes and human roles ▪ Avoid silos: the technological kind, and the communicative organizational kind ▪ Technology should facilitate existing processes and roles, not vice versa. ▪ Processes should not have to be radically reshaped to accommodate technology tools. Technology should facilitate existing processes, not force the creation of new ones. 1: Define and codify human processes first, implement technology second
Ovum | TMT intelligence | informa24 Copyright © Informa PLC 2 ▪ Build a list of all relevant stakeholders in the compliance and data leverage process. ▪ IT, line of business, risk and compliance, security, privacy, legal; even business end users that consume data should have a representative to speak on their behalf ▪ Ensure adequate communication between parties. ▪ Agree on objectives for the business, and for data’s role in the business. ▪ The organization will likely find that most of these objectives all require better control of data. ▪ Build use cases that can be “sold” to high-level leadership. Focus on data control. ▪ What can be achieved with better control of data? What use cases would be possible? What is the potential ROI? What potential risks can be mitigated? Compliance should NOT exist in a bubble. Compliance requirements “touch” all business units. 2: Get all relevant stakeholders at the table, and buy-in from leadership
Ovum | TMT intelligence | informa25 Copyright © Informa PLC 3 ▪ Streaming data and data-in-motion are often overlooked by the enterprise when it comes to security and governance. ▪ Take stock of all data types ingested, processed, consumed, and stored within the enterprise. ▪ Evaluate the level of control that can be applied to these varying data types. Do differing data types have equal control mechanisms? Streaming data needs to be governed with the same rigor as data-at-rest. 3: Ensure equal governance for ALL data types within the enterprise Data Governance Framework Data-in-Motio n Data-at-Rest
Ovum | TMT intelligence | informa26 Copyright © Informa PLC 3 Questions to considers when evaluating mechanisms for data control: ▪ Can personal data be consistently identified among other non-sensitive data types? ▪ Is encryption used for both data-in-motion and data-at-rest? ▪ Can lineage be tracked for both streaming data and historical data? ▪ Can access controls be consistently applied based on user role or data attribute, across data sources and repositories? ▪ Is there a central platform or “pane of glass” for the administration of data policies? The more control of data can be centralized, the more streamlined the governance process is. 3: Ensure equal governance for ALL data types within the enterprise (cont.)
27 What is driving compliance in your organization? Confluent Cloud Managing risk Shortening the sales cycle
28 Managing Risk Governmental Regulations: ● General Data Protection Regulation (GDPR) ● Health Insurance Portability and Accountability (HIPAA) ● Federal Risk and Authorization Management Program (FedRAMP) Many organizations must address these regulatory requirements, either by directly processing or storing protected information, or by their customers’ need for them to process or store protected information. Data Protection Standards: ● ISO/IEC 27000 series standards ● Payment Card Industry Data Security Standard (PCI DSS) ● Service Organization Control 2 (SOC 2) The ability of these standards to change at a reasonable rate to match and stay inline with industry trends is what helps them remain applicable and reusable in an effective data security and compliance program.
29 Sales Cycles
30 Regulations and Standards Health Insurance Portability and Accountability (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) Compliance with this regulation includes performing a gap assessment to understand what holes need to be fixed in order to properly comply, putting together and beginning implementation on a remediation plan. General Data Protection Regulation (GDPR) This European regulation identifies the rights of individuals to request a copy of, make changes to or have personal information completely deleted from systems. It also requires clear communication to individuals regarding the purposes for which their information is being used. Federal Risk and Authorization Management Program (FedRAMP) Federal Information Security Modernization Act (FISMA) The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Required by U.S. government entities for cloud services, FedRAMP requires implementation of National Institute of Standards and Technology (NIST) standards for data protection.
31 Regulations and Standards Payment Card Industry Data Security Standard (PCI DSS) PCI DSS has specific technical requirements designed to protect credit card data used in processing payments. It strictly controls which pieces of data normally contained on the magnetic stripe of a credit card may be retained by a company and what controls must be in place in order to do so. Service Organization Control (SOC 2) Defined by the American Institute of Certified Public Accountants (AICPA), this audit standard provides an external and independent assessment of a service provider’s controls environment. Well recognized in the U.S., this audit assessment covers how well a security program has operated their security controls over a period of time. ISO 27001 & ISO 27018 The International Standards Organization (ISO) has provided guidance on how to implement an effective information security management system (ISMS). The 27001 standard provides requirements for establishing, implementing, maintaining and continually improving an ISMS. The 27018 standard focuses on protection of personal data in the cloud.
32 Three Pillars of Data Protection Data is only accessible to those to whom it is intended. The ability to access data at the moment required Ensuring that data does not change inappropriately Confidentiality Availability Integrity
33 Emerging Technology Streaming Technology ● Confidentiality ● Integrity ● Availability ● Authentication ● Authorization ● Audit/Non-Repudiation/Logging Cloud Services ● Shared Responsibility Model ● What does your provider control? ● What controls do they evidence for you? ● Are their controls good enough for you? ● What do you control? ● What are your requirements for the things in your control?
34 Streaming Technology Confidentiality – What controls are available for data confidentiality? ● Does the system encrypt data in transit? ● Does the system encrypt data at rest? ● How are these accomplished? ● Does the system provide role-based access controls? ● Does the system integrate with directory services or use single sign-on (SSO)? Integrity – What controls are available to maintain data integrity? ● Who has access to make changes? ● How do you know your data is accurate? ● What is the backup model (i.e., traditional data or system backups or distributed copies of data)? ● How long does it take to recover from a problem? Availability – What controls are utilized for availability and performance scaling to accommodate growth? ● What level of service is guaranteed? ● How do I measure compliance with your commitments for uptime? ● What is your plan to resolve issues in the event of downtime?
35 Streaming Technology Authentication – What controls are available to authenticate both customer users and service provider users? ● Can customer authentication services like LDAP, Active Directory or single sign-on be integrated? ● Can password and other authentication settings be managed by the customer? ● Can users utilize multi-factor authentication? ● How do automated processes integrate with the service? ● How are authentication credentials protected? Authorization – What different activities can the customer control or limit? ● Are role-based controls available? ● Are roles able to be defined to match my organization in your system? ● What are the critical functions that should or could be limited? ● Is the ability to limit read, write, delete, and administration functions available? Audit – How can a customer monitor access and changes to data and environments? ● Are system activities logged? ● How are these logs available to the customer? ● Are the logs available in a format that can be automatically consumed and processed by customer systems?
36 Cloud Services Shared Responsibility Model Responsibility for security of data and systems deployed in any cloud provider is always shared. Cloud Service Provider Controls There are controls clearly provided by the cloud service provider over which the customer has little or no influence. Optional Controls There are controls made available by the cloud service provider which the customer can choose to implement at their discretion. Customer Controls There are controls that are completely in control of the customer who utilizes a cloud service.
37 Is an external opinion or audit report available that explains the controls they put in place? Does the customer have an accounting of the customer-responsible controls? ? What controls does the cloud service provider make available to all customers? What controls are the responsibility of the customer? Are the documented controls sufficient? Cloud Services Are the available customer controls and settings configured correctly? How does a customer monitor for when changes made expose customer data or systems? Are customer controls and settings documented?
38 Resources and Next Steps https://confluent.io http://cnfl.io/slack #security @confluentinc
39 Thank you for joining us!

Recommandé

Life is a Stream of Events
Life is a Stream of Events Life is a Stream of Events
Life is a Stream of Events confluent
 
Event-driven Business: How Leading Companies Are Adopting Streaming Strategies
Event-driven Business: How Leading Companies Are Adopting Streaming StrategiesEvent-driven Business: How Leading Companies Are Adopting Streaming Strategies
Event-driven Business: How Leading Companies Are Adopting Streaming Strategiesconfluent
 
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...confluent
 
Digital Transformation Mindset - More Than Just Technology
Digital Transformation Mindset - More Than Just TechnologyDigital Transformation Mindset - More Than Just Technology
Digital Transformation Mindset - More Than Just Technologyconfluent
 
Event-Based Business Architecture: Orchestrating Enterprise Communications
Event-Based Business Architecture: Orchestrating Enterprise Communications Event-Based Business Architecture: Orchestrating Enterprise Communications
Event-Based Business Architecture: Orchestrating Enterprise Communications confluent
 
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...DataWorks Summit
 
Confluent x imply: Build the last mile to value for data streaming applications
Confluent x imply: Build the last mile to value for data streaming applicationsConfluent x imply: Build the last mile to value for data streaming applications
Confluent x imply: Build the last mile to value for data streaming applicationsconfluent
 
Change data capture
Change data captureChange data capture
Change data captureJames Deppen
 

Recommandé

Life is a Stream of Events
Life is a Stream of Events Life is a Stream of Events
Life is a Stream of Events confluent
 
Event-driven Business: How Leading Companies Are Adopting Streaming Strategies
Event-driven Business: How Leading Companies Are Adopting Streaming StrategiesEvent-driven Business: How Leading Companies Are Adopting Streaming Strategies
Event-driven Business: How Leading Companies Are Adopting Streaming Strategiesconfluent
 
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...
Architecture Patterns for Event Streaming (Nick Dearden, Confluent) London 20...confluent
 
Digital Transformation Mindset - More Than Just Technology
Digital Transformation Mindset - More Than Just TechnologyDigital Transformation Mindset - More Than Just Technology
Digital Transformation Mindset - More Than Just Technologyconfluent
 
Event-Based Business Architecture: Orchestrating Enterprise Communications
Event-Based Business Architecture: Orchestrating Enterprise Communications Event-Based Business Architecture: Orchestrating Enterprise Communications
Event-Based Business Architecture: Orchestrating Enterprise Communications confluent
 
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...DataWorks Summit
 
Confluent x imply: Build the last mile to value for data streaming applications
Confluent x imply: Build the last mile to value for data streaming applicationsConfluent x imply: Build the last mile to value for data streaming applications
Confluent x imply: Build the last mile to value for data streaming applicationsconfluent
 
Change data capture
Change data captureChange data capture
Change data captureJames Deppen
 
ANZ C-Level Roundtable
ANZ C-Level RoundtableANZ C-Level Roundtable
ANZ C-Level Roundtableconfluent
 
Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019Sabri Skhiri
 
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceGDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceCloudera, Inc.
 
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...NoSQLmatters
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Adapting to the exponential development of technology
Adapting to the exponential development of technologyAdapting to the exponential development of technology
Adapting to the exponential development of technologyDataWorks Summit
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Impetus Technologies
 
Cloud Digital Transformation
Cloud Digital TransformationCloud Digital Transformation
Cloud Digital TransformationRaul Goycoolea Seoane
 
Using Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce CostsUsing Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce CostsConnotate
 
Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...DataWorks Summit
 
Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)Denodo
 
Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists Cloudera, Inc.
 
Accelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQLAccelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQLSumeet Bansal
 
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)Denodo
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government WSO2
 
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...Jochem van Grondelle
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architectureBui Kiet
 
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...Principled Technologies
 
Data Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and DifferencesData Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and DifferencesKai Wähner
 
Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?eG Innovations
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 

Contenu connexe

Tendances

ANZ C-Level Roundtable
ANZ C-Level RoundtableANZ C-Level Roundtable
ANZ C-Level Roundtableconfluent
 
Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019Sabri Skhiri
 
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceGDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceCloudera, Inc.
 
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...NoSQLmatters
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Adapting to the exponential development of technology
Adapting to the exponential development of technologyAdapting to the exponential development of technology
Adapting to the exponential development of technologyDataWorks Summit
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Impetus Technologies
 
Using Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce CostsUsing Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce CostsConnotate
 
Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...DataWorks Summit
 
Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)Denodo
 
Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists Cloudera, Inc.
 
Accelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQLAccelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQLSumeet Bansal
 
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)Denodo
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government WSO2
 
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...Jochem van Grondelle
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architectureBui Kiet
 
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...Principled Technologies
 
Data Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and DifferencesData Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and DifferencesKai Wähner
 
Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?eG Innovations
 

Tendances (20)

ANZ C-Level Roundtable
ANZ C-Level RoundtableANZ C-Level Roundtable
ANZ C-Level Roundtable
 
Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019Lead confluent HQ Dec 2019
Lead confluent HQ Dec 2019
 
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceGDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
 
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
Kai Wähner – Real World Use Cases for Realtime In-Memory Computing - NoSQL ma...
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine Learning
 
Adapting to the exponential development of technology
Adapting to the exponential development of technologyAdapting to the exponential development of technology
Adapting to the exponential development of technology
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
 
Cloud Digital Transformation
Cloud Digital TransformationCloud Digital Transformation
Cloud Digital Transformation
 
Using Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce CostsUsing Web Data to Drive Revenue and Reduce Costs
Using Web Data to Drive Revenue and Reduce Costs
 
Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...Who changed my data? Need for data governance and provenance in a streaming w...
Who changed my data? Need for data governance and provenance in a streaming w...
 
Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)Data Virtualization for Data Architects (Australia)
Data Virtualization for Data Architects (Australia)
 
Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists Cloudera Data Impact Awards 2021 - Finalists
Cloudera Data Impact Awards 2021 - Finalists
 
Accelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQLAccelerating big data with ioMemory and Cisco UCS and NOSQL
Accelerating big data with ioMemory and Cisco UCS and NOSQL
 
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
 
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
To mesh or mess up your data organisation - Jochem van Grondelle (Prosus/OLX ...
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architecture
 
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
Design advantages of Hadoop ETL offload with the Intel processor-powered Dell...
 
Data Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and DifferencesData Warehouse vs. Live Datamart - Comparison and Differences
Data Warehouse vs. Live Datamart - Comparison and Differences
 
Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?Migrating to the Cloud – Is Application Performance Monitoring still required?
Migrating to the Cloud – Is Application Performance Monitoring still required?
 

Similaire à Align Data Governance with Business Goals in Streaming Era

Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-smIBM Sverige
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityEQS Group
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 
Establishing sustainable GDPR compliance
Establishing sustainable GDPR complianceEstablishing sustainable GDPR compliance
Establishing sustainable GDPR complianceCloudera, Inc.
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceCloudera, Inc.
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightN-iX
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 

Similaire à Align Data Governance with Business Goals in Streaming Era (20)

Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
 
2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
Establishing sustainable GDPR compliance
Establishing sustainable GDPR complianceEstablishing sustainable GDPR compliance
Establishing sustainable GDPR compliance
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 

Plus de confluent

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flinkconfluent
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsconfluent
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flinkconfluent
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...confluent
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluentconfluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloudconfluent
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Diveconfluent
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Meshconfluent
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservicesconfluent
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3confluent
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernizationconfluent
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataconfluent
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2confluent
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023confluent
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesisconfluent
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023confluent
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streamsconfluent
 

Plus de confluent (20)

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flink
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insights
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flink
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalk
 
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Dive
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Mesh
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservices
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernization
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time data
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesis
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streams
 

Dernier

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Dernier (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Align Data Governance with Business Goals in Streaming Era

  • 1. Compliance in Motion: Aligning Data Governance Initiatives with Business Objectives in the Streaming Era Paige Bartley, Cameron Tovey,
  • 2. 2 Cameron Tovey is the head of information security at Confluent. With nearly 20 years of experience protecting data, he ensures that Confluent’s information security program is complete and running smoothly. Before Confluent he protected data for technology startups, healthcare organizations, retail companies, banking institutions and other Fortune 100 entities. Cameron Tovey Head of Information Security, Confluent Paige specializes in all aspects of the data lifecycle including creation, cleansing, security, privacy and productivity. Working across the information management space, Paige researches how data use affects both large organizations and individuals alike. Paige’s other areas of expertise include regulatory and legal matters, data preparation, data quality, unstructured data, master data and records management, as well as neuroscience and cognitive science. Paige Bartley Senior Analyst, Data and Enterprise Intelligence, Ovum
  • 3. 3 Session Overview ● This session will be one hour ● The last 10-15 minutes will consist of Q&A ● Submit questions by entering them into the GoToWebinar panel ● The slides and recording will be available
  • 4. Ovum | TMT intelligence | informa4 Copyright © Informa PLC GDPR: The Business Challenge… and Opportunity
  • 5. Ovum | TMT intelligence | informa5 Copyright © Informa PLC GDPR was designed to give consumers and citizens more control over the personal data that, today, is increasingly part of the exchange for goods and services. ▪ Personal data under GDPR has a broader definition than personal data under existing regulations. ▪ Personal data = any data that can directly, or indirectly, identify a natural person A Very Brief Overview of the EU’s General Data Protection Regulation (GDPR) Goods and Services Personal Data “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
  • 6. Ovum | TMT intelligence | informa6 Copyright © Informa PLC Does GDPR apply to my organization? Yes, if it: ▪ Has customers that are EU residents ▪ Has employees or contractors that are EU-based ▪ Markets or advertises to EU prospects ▪ Collects personal data from EU residents Fines exist in two tiers depending on severity of the violation: GDPR is Global in its Reach, with Enforcement Across Borders (Less Severe) 2% annual global revenue, OR €10 million (More Severe) 4% annual global revenue, OR €20 million Fines Lawsuits Reputational Damage
  • 7. Ovum | TMT intelligence | informa7 Copyright © Informa PLC Because of business pressure, many countries are modeling their own data protection policies after GDPR. GDPR Has Started a Global Trend of Data Protection Regulation Regional motivation for adopting policy mirroring GDPR: Outcomes: • Proliferation of slightly different regulations across different regions • Increasing consumer awareness of data privacy and data rights • Increasingly complicated regulatory landscape for the enterprise GDPR-Modele d Regulation EU Adequacy Decision Facilitated Data Transfer Lower Cost of Doing Business
  • 8. Ovum | TMT intelligence | informa8 Copyright © Informa PLC GDPR’s core objective is to protect the rights and freedoms of natural persons. However, the core technical requirement to achieve this is the absolute, granular control of data. To fulfil subject rights, the enterprise must be able to: ▪ Know where all personal data resides in the IT ecosystem ▪ Associate all relevant data with the correct person/identity ▪ Restrict access to data based on employee roles and data attributes ▪ Quickly and efficiently delete or modify data if necessary ▪ Keep an audit trail and lineage of all data-related activities within the enterprise The Core Requirements of GDPR and Data Protection
  • 9. Ovum | TMT intelligence | informa9 Copyright © Informa PLC This level of understanding and control requires end-to-end management of the data lifecycle, from the point of data creation, to consumption, to disposition. • Data-in-Motion • Data-at-Rest GDPR Requires End-to-End Data Control Data Ingestion Data Storage Data Consumption Data Disposition Data Creation Data Lifecycle
  • 10. Ovum | TMT intelligence | informa10 Copyright © Informa PLC Complete control of data is the foundation for all data leverage within the enterprise. ▪ Data control for “reactive” purposes: compliance ▪ Data control for “proactive” purposes: data exploitation Better control of data results in better data-driven outcomes: → Improved data quality → More accurate analysis → Facilitated self-service → Reduced processing times → Opportunity to build consumer trust The Business Opportunity of Compliance
  • 11. Ovum | TMT intelligence | informa11 Copyright © Informa PLC Two Top IT Trends Share the Same Common Requirement
  • 12. Ovum | TMT intelligence | informa12 Copyright © Informa PLC Aligning Compliance Objectives with Business Objectives The enterprise can benefit from compliance if it is aligned with existing business objectives. Any business initiative that benefits from the control of data will benefit from a robust data privacy and compliance program.
  • 13. Ovum | TMT intelligence | informa13 Copyright © Informa PLC Compliance requires an orchestration of people, process, and technology across the organization. Challenges to enterprise-wide coordination and alignment with business objectives include: ▪ Poor communication across teams/units ▪ Lack of robust IT integration ▪ Proliferation of specialty point solutions ▪ “Checkbox” mentality towards requirements Compliance Efforts Cannot be “Siloed,” Organizationally or Technically People • Roles, titles, responsibilities • Positive team dynamics Process • Building efficient workflows • Effective task management Technology • Ensuring IT integration • Contributing to control of data
  • 14. Ovum | TMT intelligence | informa14 Copyright © Informa PLC Streaming Data: A Growing Need for Governance
  • 15. Ovum | TMT intelligence | informa15 Copyright © Informa PLC GDPR does not differentiate between streaming data and data-at-rest when it comes to data privacy and protection for personal information. Examples of data protected by GDPR: ▪ Sensor data related to health metrics ▪ Data from wearables ▪ Certain social media activity data ▪ IP address data Streaming Data Falls Under the Protection of GDPR Streaming Data Requirements for control: ▪ Records of how data was processed ▪ Who handled and accessed data ▪ Full data lineage and audit capabilities ▪ Documentation of retention periods ▪ Ability to restrict access based on user
  • 16. Ovum | TMT intelligence | informa16 Copyright © Informa PLC To fully reap the benefit of real-time and streaming data sources while avoiding compliance risk, the enterprise needs to have granular control of data access, data sovereignty, and lineage. All of the following depend on understanding the full data lifecycle: ▪ Result reproducibility ▪ Accurate ROI calculation ▪ Demonstration of compliance Data Control: It’s NOT just about GDPR Data Control • Data-in-Motio n • Data-at-Rest Proactive Benefits • Accuracy • Visibility • Data quality • Self-service
  • 17. Ovum | TMT intelligence | informa17 Copyright © Informa PLC Streaming data is left inadequately governed by many organizations. Governance of the Full Data Lifecycle is Needed Creation Ingestion Storage Consumption Disposition Traditional data governance frameworks and technologiesUnderserved data governance needs
  • 18. Ovum | TMT intelligence | informa18 Copyright © Informa PLC Apache Kafka has emerged as a leading open source distributed streaming platform for the enterprise. Kafka is following a maturation curve common to nearly all open source technologies. → Initial focus on use cases and business problem → Secondary focus on integration and compatibility → Tertiary focus on governance and security Apache Kafka: A Streaming Platform, Still in the Process of Maturing Apache Kafka, in its native form, currently lacks certain governance and security features: ▪ Lacks group or role-based security support ▪ Does not currently track data lineage Like most maturing open source technology, Kafka has “rough edges” in terms of enterprise-grade governance and security features.
  • 19. Ovum | TMT intelligence | informa19 Copyright © Informa PLC Following a similar maturity curve to Hadoop, Apache Kafka is now supported by commercial software that helps fill in its gaps for security and governance. Commercial products help provide: ▪ A polished front-end for management and administration ▪ Integration capabilities to embed streaming data enterprise-wide ▪ Centralized monitoring of performance and replication ▪ Optimization of resource utilization and reliability Commercial products provide the tooling that help “operationalize” streaming data in the enterprise. Commercial Software Helps Fill Kafka Functionality Gaps
  • 20. Ovum | TMT intelligence | informa20 Copyright © Informa PLC Without commercial software to support security and governance in Kafka, the enterprise must rely on extensive hand-coding. This poses several challenges: ▪ Slow, tedious process ▪ Bottlenecked with skilled users ▪ Prone to human error ▪ Not easily scalable Challenges Face the “DIY” Streaming Open Source Approach Native Kafka Hand-Coding Commercial Software Support Integrated Governance
  • 21. Ovum | TMT intelligence | informa21 Copyright © Informa PLC Operationalization: the scaling of infrastructure and processes throughout the entire organization, so that so that anyone, in any role, can contribute directly or indirectly to the creation of business value. Without strong data governance and data control, operationalization of any data initiative will fail. Operationalization: The “Holy Grail” for Data Initiatives Data Initiative Outcomes of Operationalization Compliance Shift from cost center to profit center. Strengthened consumer trust. Better data quality. Streaming Data Contextual insight: streaming + historical data. Streaming data leverage across business units. Self-Service Reduced end user dependency on IT. Rapid time to accurate insight. Crowdsourced knowledge. Machine Learning & AI Rapid model development and deployment. ML & AI leveraged consistently in business decisions.
  • 22. Ovum | TMT intelligence | informa22 Copyright © Informa PLC 3 Tips: Aligning Enterprise Objectives with Compliance
  • 23. Ovum | TMT intelligence | informa23 Copyright © Informa PLC 1 ▪ A process-based framework first needs to be defined to support the achievement of business objectives ▪ Technology will fit within this framework, not determine it. ▪ Ensure that related business objectives “piggyback” off of each other and share processes and human roles ▪ Avoid silos: the technological kind, and the communicative organizational kind ▪ Technology should facilitate existing processes and roles, not vice versa. ▪ Processes should not have to be radically reshaped to accommodate technology tools. Technology should facilitate existing processes, not force the creation of new ones. 1: Define and codify human processes first, implement technology second
  • 24. Ovum | TMT intelligence | informa24 Copyright © Informa PLC 2 ▪ Build a list of all relevant stakeholders in the compliance and data leverage process. ▪ IT, line of business, risk and compliance, security, privacy, legal; even business end users that consume data should have a representative to speak on their behalf ▪ Ensure adequate communication between parties. ▪ Agree on objectives for the business, and for data’s role in the business. ▪ The organization will likely find that most of these objectives all require better control of data. ▪ Build use cases that can be “sold” to high-level leadership. Focus on data control. ▪ What can be achieved with better control of data? What use cases would be possible? What is the potential ROI? What potential risks can be mitigated? Compliance should NOT exist in a bubble. Compliance requirements “touch” all business units. 2: Get all relevant stakeholders at the table, and buy-in from leadership
  • 25. Ovum | TMT intelligence | informa25 Copyright © Informa PLC 3 ▪ Streaming data and data-in-motion are often overlooked by the enterprise when it comes to security and governance. ▪ Take stock of all data types ingested, processed, consumed, and stored within the enterprise. ▪ Evaluate the level of control that can be applied to these varying data types. Do differing data types have equal control mechanisms? Streaming data needs to be governed with the same rigor as data-at-rest. 3: Ensure equal governance for ALL data types within the enterprise Data Governance Framework Data-in-Motio n Data-at-Rest
  • 26. Ovum | TMT intelligence | informa26 Copyright © Informa PLC 3 Questions to considers when evaluating mechanisms for data control: ▪ Can personal data be consistently identified among other non-sensitive data types? ▪ Is encryption used for both data-in-motion and data-at-rest? ▪ Can lineage be tracked for both streaming data and historical data? ▪ Can access controls be consistently applied based on user role or data attribute, across data sources and repositories? ▪ Is there a central platform or “pane of glass” for the administration of data policies? The more control of data can be centralized, the more streamlined the governance process is. 3: Ensure equal governance for ALL data types within the enterprise (cont.)
  • 27. 27 What is driving compliance in your organization? Confluent Cloud Managing risk Shortening the sales cycle
  • 28. 28 Managing Risk Governmental Regulations: ● General Data Protection Regulation (GDPR) ● Health Insurance Portability and Accountability (HIPAA) ● Federal Risk and Authorization Management Program (FedRAMP) Many organizations must address these regulatory requirements, either by directly processing or storing protected information, or by their customers’ need for them to process or store protected information. Data Protection Standards: ● ISO/IEC 27000 series standards ● Payment Card Industry Data Security Standard (PCI DSS) ● Service Organization Control 2 (SOC 2) The ability of these standards to change at a reasonable rate to match and stay inline with industry trends is what helps them remain applicable and reusable in an effective data security and compliance program.
  • 30. 30 Regulations and Standards Health Insurance Portability and Accountability (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) Compliance with this regulation includes performing a gap assessment to understand what holes need to be fixed in order to properly comply, putting together and beginning implementation on a remediation plan. General Data Protection Regulation (GDPR) This European regulation identifies the rights of individuals to request a copy of, make changes to or have personal information completely deleted from systems. It also requires clear communication to individuals regarding the purposes for which their information is being used. Federal Risk and Authorization Management Program (FedRAMP) Federal Information Security Modernization Act (FISMA) The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Required by U.S. government entities for cloud services, FedRAMP requires implementation of National Institute of Standards and Technology (NIST) standards for data protection.
  • 31. 31 Regulations and Standards Payment Card Industry Data Security Standard (PCI DSS) PCI DSS has specific technical requirements designed to protect credit card data used in processing payments. It strictly controls which pieces of data normally contained on the magnetic stripe of a credit card may be retained by a company and what controls must be in place in order to do so. Service Organization Control (SOC 2) Defined by the American Institute of Certified Public Accountants (AICPA), this audit standard provides an external and independent assessment of a service provider’s controls environment. Well recognized in the U.S., this audit assessment covers how well a security program has operated their security controls over a period of time. ISO 27001 & ISO 27018 The International Standards Organization (ISO) has provided guidance on how to implement an effective information security management system (ISMS). The 27001 standard provides requirements for establishing, implementing, maintaining and continually improving an ISMS. The 27018 standard focuses on protection of personal data in the cloud.
  • 32. 32 Three Pillars of Data Protection Data is only accessible to those to whom it is intended. The ability to access data at the moment required Ensuring that data does not change inappropriately Confidentiality Availability Integrity
  • 33. 33 Emerging Technology Streaming Technology ● Confidentiality ● Integrity ● Availability ● Authentication ● Authorization ● Audit/Non-Repudiation/Logging Cloud Services ● Shared Responsibility Model ● What does your provider control? ● What controls do they evidence for you? ● Are their controls good enough for you? ● What do you control? ● What are your requirements for the things in your control?
  • 34. 34 Streaming Technology Confidentiality – What controls are available for data confidentiality? ● Does the system encrypt data in transit? ● Does the system encrypt data at rest? ● How are these accomplished? ● Does the system provide role-based access controls? ● Does the system integrate with directory services or use single sign-on (SSO)? Integrity – What controls are available to maintain data integrity? ● Who has access to make changes? ● How do you know your data is accurate? ● What is the backup model (i.e., traditional data or system backups or distributed copies of data)? ● How long does it take to recover from a problem? Availability – What controls are utilized for availability and performance scaling to accommodate growth? ● What level of service is guaranteed? ● How do I measure compliance with your commitments for uptime? ● What is your plan to resolve issues in the event of downtime?
  • 35. 35 Streaming Technology Authentication – What controls are available to authenticate both customer users and service provider users? ● Can customer authentication services like LDAP, Active Directory or single sign-on be integrated? ● Can password and other authentication settings be managed by the customer? ● Can users utilize multi-factor authentication? ● How do automated processes integrate with the service? ● How are authentication credentials protected? Authorization – What different activities can the customer control or limit? ● Are role-based controls available? ● Are roles able to be defined to match my organization in your system? ● What are the critical functions that should or could be limited? ● Is the ability to limit read, write, delete, and administration functions available? Audit – How can a customer monitor access and changes to data and environments? ● Are system activities logged? ● How are these logs available to the customer? ● Are the logs available in a format that can be automatically consumed and processed by customer systems?
  • 36. 36 Cloud Services Shared Responsibility Model Responsibility for security of data and systems deployed in any cloud provider is always shared. Cloud Service Provider Controls There are controls clearly provided by the cloud service provider over which the customer has little or no influence. Optional Controls There are controls made available by the cloud service provider which the customer can choose to implement at their discretion. Customer Controls There are controls that are completely in control of the customer who utilizes a cloud service.
  • 37. 37 Is an external opinion or audit report available that explains the controls they put in place? Does the customer have an accounting of the customer-responsible controls? ? What controls does the cloud service provider make available to all customers? What controls are the responsibility of the customer? Are the documented controls sufficient? Cloud Services Are the available customer controls and settings configured correctly? How does a customer monitor for when changes made expose customer data or systems? Are customer controls and settings documented?
  • 38. 38 Resources and Next Steps https://confluent.io http://cnfl.io/slack #security @confluentinc
  • 39. 39 Thank you for joining us!