Partially Redacted: Data Privacy, Security & Compliance

By Skyflow

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 2
Reviews: 0

Description

Partially Redacted brings together experts on engineering, architecture, privacy, data, and security to share knowledge, best practices, and real world experiences – all to help you better understand how to use, manage, and protect sensitive customer data. Each episode provides an in-depth conversation with an industry expert who dives into their background and experience working in data privacy. They’ll share practical advice and insights about the techniques, tools, and technologies that every company – and every technology professional – should know about. Learn from an amazing array of founders, engineers, architects, and leaders in the privacy space. Subscribe to the podcast and join the community at https://skyflow.com/community to stay up to date on the latest trends in data privacy, and to learn what lies ahead.

Episode Date
Data Privacy Challenges and Where to Start with Skyflow’s Ari Hoffman
38:22

Ari Hoffman has spent his career helping businesses implement and solve technically challenging problems at companies like Cisco and Fivserv. Today, he serves as the Director of Customer Programs at Skyflow, where he helps Skyflow customers tackle their privacy and security challenges. Ari joins the show to share his expertise about the common privacy challenges and use cases businesses are facing today and how to break apart these challenges into bite-sized and manageable pieces. Ari discusses his career path, why he joined Skyflow, Skyflow Data Privacy Vault, and how companies are using this technology to address some of the biggest privacy and security challenges that face them today. Talking through specific examples, like PCI compliance, PII data protection, data minimization and governance, Ari provides actionable advice for businesses looking to get a handle on data privacy, security, and compliance. Topics:

  • How did you end up working in the privacy space and why Skyflow?
  • What is Skyflow? What does it do and how do customers use it?
  • What are some of the common use cases and challenges companies are trying to solve when it comes to data privacy?
  • How does a company avoid big bang security implementations?
  • How do you avoid this being an overwhelming problem that stops a company from taking action?
  • How long will an implementation actually take? Do companies need to scope out 6 months or more to make this change?
  • How can I have flexibility to work with any payment vendor, or maybe even multiple vendors, but not take on the responsibility of PCI compliance myself?
  • If I'm using 10 different PCI systems today, how do I disentangle that and migrate to something that’s more flexible and simple to manage?
  • What about protecting data beyond credit card data? Where do I begin to start locking this down?
  • Are you seeing concentrated customer areas and trends thus far?
  • What are some of the most popular Skyflow features that customers use?
  • What are some of the best practices for privacy implementations?
  • Thoughts on the future of privacy for businesses and consumers?
  • What are the big gaps in data privacy today? What future technology or development are you excited about?
  • Where should someone looking to learn more about the data privacy space begin?

Resources:

Dec 07, 2022
Bug Bounties, Pentesting, and Automated Security Workflows with Trickest’s Nenad Zaric
38:03

Companies use bug bounties and penetration testing to proactively look for vulnerabilities in their systems. These programs should be part of any security conscious organization. However, even with these systems in place, it can be difficult to stay ahead of the hackers and potential attacks. Additionally, the tools available for running penetration tests can be complex to run and often require using a combination of tools. Former pentester and bug bounty hunter Nenan Zaric joins the show to talk about the types of vulnerabilities that companies should be looking for and about how to automate security workflows through the Trickest platform, a company he founded. Nenad's advice from years of cybersecurity work is to be proactive and always attack yourself so that you can find the problems before the attacker does. Topics:

  • Tell me about your history as a former penetration tester and bug bounty hacker. First, what is pentesting and bug bounty hacking
  • How did you get into this field and learn the skills necessary to hack into systems?
  • What are some of the common mistakes companies make when it comes to security that allows a hacker to penetrate their security?
  • How should companies think about protecting themselves and their customer data to prevent such attacks?
  • What is Trickest?
  • Is the idea of automating security workflows something new? How is this traditionally done and how does Trickest improve on the traditional model?
  • What are the common use cases that people are using Trickest for?
  • What sort of common attacks does Trickest help prevent?
  • Who’s your typical user? Is it a white collar hacker, like a pentester, or is it security professionals within an organization wanting to have an automated system for testing their security?
  • Walk me through how to set up an automated security workflow. What’s the output of a workflow?
  • How do the ready-made workflows work? What are some examples?
  • Where do these security workflows fit with the overall development process for a company? Is this an on-going thing that should be continually run and tested for weaknesses?
  • A large amount of attacks have a human element, social engineering and such, how does Trickest help prevent such attacks?
  • What are your thoughts on the future of security? Are we getting better at protecting and locking down systems?
  • What’s next for Trickest? Anything in the future roadmap that you can share?

Resources:

 

Nov 30, 2022
Machine Learning and Privacy at the Edge with Edge Impulse’s Daniel Situnayake
46:08

Edge devices are hardware devices that sit at the edge of a network. They could be routers, switches, your phone, voice assistant, or even a sensor in a factory that monitors factory conditions. Machine learning on the edge combines ideas from machine learning with embedded engineering. With machine learning models running on edge devices amazing new types of applications can be built, such as using image recognition to only take pictures of the objects you care about, developing self-driving cars, or automatically detect potential equipment failure. However, with more and more edge devices being used all the time that might be collecting sensitive information via sensors, there are a number of potential privacy and security concerns. Dan Situnayake, Head of Machine Learning at Edge Impulse, joins the show to share his knowledge about the practical privacy and security concerns when working with edge IoT devices and how to still leverage this incredible technology but do so in an ethical and privacy-preserving way. Topics:

  • What’s your background and how did you end up as the head of machine learning at Edge Impulse?
  • What is an edge device?
  • What is Edge Impulse and what are the types of use cases people are solving with AI on edge devices through the Edge Impulse platform?
  • What are the unique security challenges with edge devices?
  • Since these devices are potentially observing people, collecting information about someone’s movements, what kind of privacy concerns does someone building for these devices need to think about?
  • Are there industry best practices for protecting potentially sensitive information gathered from such devices?
  • Is there research into how to collect data but protect someone's privacy when it comes to building training sets in machine learning?
  • What happens if someone steals one of these devices? Are there safeguards in place to protect the data collected on the device?
  • Where do you see this industry going in the next 5-10 years?
  • Do you foresee security and privacy getting easier or harder as these devices become more and more common?

Resources:

Nov 23, 2022
Inside PCI DSS and Privacy for Payments with Skyflow’s Bjorn Ovick
49:10

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It was introduced to create a level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data and ultimately reduce fraud.

Merchants that wish to accept payments need to be PCI compliant. Without PCI compliance, the merchant not only risks destroying customer trust in the case of a data breach, but they risk fines and potentially being stopped from being able to accept payments.

Payment processors like Stripe, Adyen, Braintree, and so on, help offload PCI compliance by providing PCI compliant infrastructure available through simple APIs. 

Bjorn Ovick, Head of Fintech at Skyflow, formerly of Wells Fargo, Visa, Samsung, and American Express, holds over 20 patents related to payment applications. He joins the show to share his background, thoughts on the evolution of technology in this space, break down PCI DSS, payment processors, and how Skyflow helps not only offload PCI compliance but gives businesses flexibility to work with multiple payment processors.

Topics:

  • Can you share a bit about your background and how did you end up working in the financial industry?
  • You also have over 20 patents for payment applications, what are some of those patents?
  • So you are Head of Fintech Business and Growth at Skyflow, what does that consist of and how did you come to work at Skyflow?
  • Can you talk a bit about the evolution and change of the fintech market from when you started your career to today?
  • What is PCI DSS and where did it come from?
  • How does a company achieve PCI DSS compliance?
  • What’s a company’s responsibilities with respect to PCI compliance?
  • What's it take to build out PCI compliant infrastructure?
  • What happens if you violate PCI compliance?
  • How do you offload PCI compliance and still accept payments?
  • What is PCI tokenization?
  • What patterns do you see in payments and what should someone consider as they build their payment stack?
  • Why would a merchant use multiple payment processors?
  • How does a company use multiple payment processors?
  • What is network tokenization and how does that improve privacy and security?
  • What is 3D secure?
  • What are the big gaps in terms of payment processing today? What problems still need to be solved?
  • Where do you see the payment technology industry going in the next 5-10 years?
  • Where should someone looking to learn more about the payments space go?

Resources:

Nov 16, 2022
Building a Secure CI/CD Pipeline with Google’s Anjali Khatri and Nitin Vashishtha
53:17

DevOps is a concept that has exploded in the past few years, allowing software development teams to release software and automate the process. This decreases time to market and speeds up learning cycles. Continuous Integration and Continuous Delivery (CI/CD), automates the software delivery pipeline, continuously deploying new software releases in an automated fashion. But when we deploy code quickly, it's imperative that we don't ignore the security aspect from the beginning. Ideally, we shift security left and incorporate it into the pipeline right from the start. This reduces software vulnerabilities and makes sure our cloud resources are configured following the best practices in terms of security. Google Cloud Principle Architect Anjali Khatri and Google Cloud Solutions Engineer Nitin Vashishtha join the show to discuss DevOps, DevSecOps, the shift left movement, and how to use Google Cloud to create a secure CI/CD pipeline. Topics:

  • How has the cloud changed the way people need to think about architecting secure systems?
  • How does the scale of cloud potentially impact the scale of a security or privacy issue?
  • What is DevOps?
  • Why is this area so hot right now?
  • What problems has the DevOps movement helped solve that were traditionally difficult or impossible to address?
  • How does the Shift Left movement for security relate to what’s happening in DevOps?
  • What is DevSecOps?
  • How does DevSecOps fit into a company’s overall security and privacy program and strategy?
  • When it comes to things like CI/CD, what are the common mistakes people can make when it comes to security, privacy, or compliance?
  • Cloud Build is a serverless CI/CD platform, why do I need something beyond this to automate my pipeline?
  • What other Cloud tools and components should I be using to make sure my CI/CD system is not only able to support my team’s day to day development but is actually secure?
  • Can you talk about Artifact Registry and what that product means in terms of security?
  • How does Cloud’s Binary Authorization system work? Why would I use it and how does that improve my security posture?
  • Does the addition of security as part of say my CI/CD pipeline impact performance in a meaningful way?
  • Can you walk me through what the CI/CD process looks like using the combination of Cloud tools and resources?
  • How much knowledge and experience do I need to set this up?
  • How does a combination of tools like this play with configuring Cloud resources directly within the Google Cloud Console?
  • Are there Cloud products that help me lock down my source code?
  • Are there Cloud products that automatically scan my code for security or privacy vulnerabilities?
  • What are your thoughts on the future of cloud security?
  • Are there technologies in this space that you are particularly excited about?
  • Where should someone looking to learn more DevSecOps and cloud security?

Resources:

Nov 09, 2022
Digital Health Data Privacy with the Future of Privacy Forum’s Jordan Wrigley
43:14

Over the past 20 years, there's been tremendous growth in technology for digital health. From healthcare management software, medical devices, to fitness trackers, there's more health data available about an individual than at any other time. However, with an increase in data, there's also been an increase in considerations for the secure management of this data. Privacy regulations haven't been able to keep up with the explosion of technological growth. Jordan Wrigley, Researcher for Health and Wellness at the Future of Privacy Forum, joins the show to share her expertise about digital health data privacy. Sean and Jordan discuss the goals and activities of the Future of Privacy Forum, how culture impacts how an individual thinks about health-related privacy, the shift in concern over health data privacy, and what a company needs to be thinking about when building products that collect or process digital health data. Topics:

  • Who are you? What’s your educational background, work history, and how you ended up where you are today?
  • What is the Future of Privacy Forum?
  • What are the goals, activities, and focus areas of the organization?
  • How do people and companies typically engage the FPF?
  • What is your role and area of expertise at the FPF?
  • Do you think there’s been a shift in privacy sensitivity with regards to medical and health data in the past few years and if so, what has led to the growing concern and focus?
  • What’s considered health-related data when it comes to privacy regulations?
  • What types of tools/techniques should a company be considering to improve their privacy and security posture when dealing with health data?
  • Let's say I'm a gym own. What do I need to know about my responsibilities in terms of privacy when it comes to the collection and management of health-related data?
  • Where is the line between a fitness tracker and an actual medical device? And should these trackers have more regulatory demands placed on them?
  • What are the regulatory requirements for an actual medical device?
  • If I’m processing clinical trial data and I want to be able to perform analytics on the data and produce sharable reports, what do I need to know about maintaining privacy in this scenario?
  • How does developing for children impact the types of privacy and security considerations that a company needs to be thinking about?
  • What are your thoughts on the future of privacy? Are there tools, technologies, or trends that you’re excited about?
  • What are some of the big challenges in privacy that we need to solve?

Resources:

Nov 02, 2022
Why We Need to Get Rid of Passwords with Passage’s Nick Hodges
36:23

Passwords have been around since the 1960s and as a means to keep someone out of a non-connected terminal, they were relatively secure. The scale of a compromised system was relatively low. But the world has changed drastically in that time. Every computer is connected to a massive network of other computers. The impact scale of a compromised password is multiple times more problematic than it was even 30 years ago, yet we continue to rely on passwords as a security means to protect account information. Security means like longer passwords, more complicated schemes, no dictionary words, and even two-factor authentication have had limited success with stopping hacks. Additionally, each of these requirements adds friction to a user accomplishing their task, whether that's to buy a product, communicate with friends, or login to critical systems. WebAuthN is a standard protocol for supporting passwordless authentication based on a combination of a user identifier and biometrics. Consumers can simply login via their email and using their thumb print on their phone or relying on facial recognition on their device. Passwordless authentication not only reduces frictions for users, but it removes a massive security vulnerability, the password. Nick Hodges, Developer Advocate at Passage, joins the show to share his knowledge and expertise about the security issues with traditional passwords, how passwordless works and addresses historical security issues, and how Passage.id can be used to quickly create a passwordless authentication systems for your product. Topics:

  • What’s the problem with passwords?
  • Why have passwords stuck along so long?
  • What’s it mean to go passwordless?
  • What is a passkey and how do they work?
  • How does the privacy and security of a passkey compare to a standard password?
  • A Passkey is stored within the Trusted Platform Module of a phone. What happens if someone steals my phone?
  • What happens if I upgrade my device? Do my passkeys come with me?
  • What are the potential security risks or limitations of passkey based login?
  • What if I don’t have my phone? Can I still login?
  • Can you share an account with someone else? How does that work?
  • When a business switches over to using a passkey approach, what’s the reaction from their customers?
  • Is there a big educational challenge to convince companies to ditch passwords?
  • Why is a passkey approach to login not more widely adopted? What’s stopping mainstream use?
  • What is Passage and how is helping businesses go passwordless?
  • Who’s your typical customer? Startups just building their auth system or are people replacing existing systems for this approach?
  • What’s it take to get started? How hard would it be for me to rip out my existing authentication and adopt Passage?
  • What are your thoughts on the future of passwords and password security? How far away are we from completely getting rid of passwords?
  • What’s next for Passage? Anything on the future roadmap that you can share?

Resources:

Oct 26, 2022
Differential Privacy with the University of Victoria’s Dr. Yun Lu
46:31

Differential privacy provides a mathematical definition of what privacy is in the context of user data. In lay terms, a data set is said to be differentially private if the existence or lack of existence of a particular piece of data doesn't impact the end result. Differential privacy protects an individual's information essentially as if her information were not used in the analysis at all. This is a promising area of research and one of the future privacy-enhancing technologies that many people in the privacy community are excited about. However, it's not just theoretical, differential privacy is already being used by large technology companies like Google and Apple as well as in US Census result reporting. Dr. Yun Lu of the University of Victoria specializes in differential privacy and she joins the show to explain differential privacy, why it's such a promising and compelling framework, and share some of her research on applying differential privacy in voting and election result reporting. Topics:

  • What’s your educational background and work history?
  • What is differential privacy?
  • What’s the history of differential privacy? Where did this idea come from?
  • How does differential privacy cast doubt on the results of the data?
  • What problems does differential privacy solve that can’t be solved by existing privacy technologies?
  • When adding noise to a dataset, is the noise always random or does it need to be somehow correlated with the original dataset’s distribution?
  • How do you choose an epsilon?
  • What are the common approaches to differential privacy?
  • What are some of the practical applications of differential privacy so far?
  • How is differential privacy used for training a machine learning model?
  • What are some of the challenges with implementing differential privacy?
  • What are the limitations of differential privacy?
  • What area of privacy does your research focus on?
  • Can you talk a bit about the work you did on voting data privacy
  • How have politicians exploited the data available on voters?
  • How can we prevent privacy leakage when releasing election results?
  • What are some of the big challenges in privacy research today that we need to try to solve?
  • What future privacy technologies are you excited about?

Resources:

Oct 19, 2022
Encryption Key Management and Its Role in Modern Data Privacy with Skyflow’s Osvaldo Banuelos
22:09

When managing your company’s most sensitive data, encryption is a must. To fit your overall data protection strategy, you need a wide range of options for managing your encryption keys so you can generate, store, and rotate them as needed. The risk of sensitive data being misused or stolen can be limited, as long as just the people (and services) who are authorized to access data for approved purposes can access the key. Without proper management of encryption keys robust encryption techniques can be rendered ineffective. So, while encryption is a core feature of any effective data privacy solution, encryption only enhances data privacy when paired with effective key management. Osvaldo Banuelos, lead software engineer at Skyflow, joins the show to share his knowledge and expertise about encryption key management and its role in modern data privacy. Topics:

  • Can you share some of your background from where you started your engineering career to where you are today?
  • How did you end up with an interest in working in the data privacy space? And what’s your work history in this space?
  • What are the fundamentals of encryption?
  • How do you protect against the key being leaked and rendering encryption ineffective?
  • What is an encryption key management system?
  • What are the components of an effective key management system?
  • How often should a key be rotated and does a KMS provide that functionality out of the box?
  • How does key rotation work?
  • Who within an organization is typically responsible for key management?
  • What are some of the popular KMS systems on the market today?
  • From a feature perspective, are they all the same or are their pros and cons to one over the other?
  • How does key management work in Skyflow?
  • When it comes to data privacy, you likely want to protect your customer data using encryption and to do that effectively, you need a robust key management system. Is this enough or are there other technologies a company would need to incorporate to have an effective privacy and compliance strategy?
  • What are the big gaps in data privacy today? What future technology or development are you excited about?
  • Where should someone looking to learn more about the data privacy space begin?

Resources:

Oct 12, 2022
Introduction to Tokenization and Encryption with Skyflow’s Joe McCarron
34:06

Joe McCarron, with prior roles at Zendesk and Apollo GraphQL, has spent much of his career thinking about and building products for developers. Today, he serves as the product lead for Skyflow's Vault, APIs, and developer experience. In this episode, Joe discusses how his undergrad in Political Science and career working on developer-first products led him to Skyflow. Sean and Joe discuss tokenization and encryption, how they are different, the problems they solve, and what every engineer should know about these techniques.

Topics:

  • What is your background as a product manager?
  • How did you end up with an interest in working in the data privacy space? And what’s your work history in this space?
  • What is tokenization?
  • What is encryption?
  • How are they different?
  • What problems does each solve?
  • Do they compete with each other or are they complementary?
  • How much does your typical engineer need to understand about encryption and tokenization?
  • What are the big gaps in data privacy today? What future technology or development are you excited about?
  • Where should someone looking to learn more about the data privacy space begin?

Resources:

Oct 05, 2022
Privacy Engineering at CMU and Privacy Decision Making with Dr. Lorrie Cranor
44:30

Dr. Lorrie Cranor began her career in privacy 25 years ago and has been a professor at Carnegie Mellon University in the School of Computer Science for 19 years. Today, she serves as director and professor for the CMU privacy engineering program. In this episode, Dr. Cranor discusses how she started her career in privacy and then eventually moved into academics. She talks about the history of the CMU privacy engineering program, what the program entails as a student, and the career opportunities available to graduates. Dr. Cranor's area of research focuses on the usability of privacy and privacy decision making. She discusses several recent studies looking at how real world users understand and navigate cookie consent popups and design best practices for companies. She also explains privacy labels and how developers building applications on iOS and Android can do a better job creating these labels. We also discuss the future of privacy education and technologies, touching on the responsibilities of companies and privacy-enhancing technologies like differential privacy.

Topics:

  • How did you get interested in security and privacy and start working in this field?
  • What’s the history of CMU’s Privacy Engineering Program? How did it start?
  • Which department is the program part of?
  • If I’m taking the Master’s degree program, what does that consist of?
  • What’s the typical undergraduate background of someone taking the Master’s degree program?
  • Do graduates typically end up working as privacy engineers and what sort of companies do they end up at?
  • What’s the difference between the Master’s program and the certificate program?
  • How has engagement with the privacy program changed over the past decade?
  • Should privacy education be part of a standard software engineering undergraduate program?
  • How would you describe your areas of privacy research and the types of problems you’re interested in studying?
  • What have you discovered about how individuals make privacy-related decisions?
  • How can companies go beyond the bare minimum in terms of communicating privacy choices to their users?
  • Privacy choices are notoriously difficult to navigate and understand, what does your research help teach us about improving the usability of UX for privacy controls?
  • How can you test privacy choice? Does the collection of test data potentially violate someone’s privacy?
  • What is a privacy nutrition label and what problems is it meant to address?
  • Starting in 2020, Apple started using this concept by requiring that all apps in the Apple app store include a privacy label. Labels are self-generated by the app developer. How good is the resulting privacy label if the developer lacks privacy training and education?
  • What are the common mistakes developers are making with creating these privacy labels?
  • What advice do you have for developers so that they can create an accurate privacy label?
  • Cookie consent overlays and popups are now very common. What event led to the introduction of these consent dialogs for consumers?
  • What problems have you discovered with the usability of cookie consent screens?
  • Do we need privacy regulations like GDPR to be more prescriptive in terms of how you meet their requirements, which could include usability guidelines for something like cookie consent?
  • Thoughts on the future of privacy engineering?
  • What are your predictions about privacy education and awareness over the next 5-10 years?

Resources:

Related episode:

Sep 28, 2022
What Every Company Should Know About Privacy with Robin Andruss
34:17

Robin Andruss has spent her career working in and thinking about privacy and compliance. She's previously held privacy roles at Google, Yahoo!, and Twilio, where she served as the Global Director for Privacy and Data Protection. She's currently the Chief Privacy Officer for Skyflow. In this episode, she discusses her background, how she got interested in privacy, privacy engineering, the responsibilities of a Chief Privacy Officer, and what every company needs to be thinking about when it comes to the ever changing privacy landscape.

Topics:

  • What are the responsibilities of a chief privacy officer?
  • How did you end up with an interest in working in the data privacy space? And what’s your work history in this space?
  • What is privacy engineering?
  • What is the typical background of someone that ends up working as a privacy engineer?
  • Where does privacy engineering typically sit in an organization
  • How does an engineering team typically work with the privacy function within an organization?
  • People tend to lump security and privacy together, what’s the difference?
  • If you were advising a startup today, what advice would you give them about how to navigate the ever changing privacy landscape?
  • What should every company be thinking about when it comes to data privacy?
  • Does every company need to hire a privacy specialist? If not, at what point does that make sense?
  • What are the big gaps in data privacy today? What future technology or development are you excited about?
  • Where should someone looking to learn more about the data privacy space begin?

Resources:

 

Sep 21, 2022
Common Data Security and Privacy Mistakes with Daniel Wong
32:39

Daniel Wong has spent his career thinking about data security and privacy. He holds more than 50 patents on database security, and spent 8 years serving as Oracle's Director of Engineering, Security, pioneering much of the modern database security methods and techniques. Daniel now serves as Skyflow's Head of Security and Compliance, where he makes sure Skyflow and Skyflow customers are compliant with the privacy rules and regulations around the world and that security best practices are followed and understood. In this episode, Daniel discusses his background, the evolution of privacy and security from on-prem computing to the cloud, and also discusses the common mistakes companies make when it comes to data security and privacy. He touches on what impact that could have on their business and how can companies prevent these mistakes from happening. Topics covered:

  • What were some of the security technologies that you helped pioneer during your time at Oracle?
  • How has company privacy and security requirements and thinking changed throughout your career?
  • What do you do as the Head of Security and Compliance at Skyflow?
  • What are some of the common mistakes you see companies make when it comes to security and privacy?
  • What are the consequences of these mistakes?
  • How can companies prevent these mistakes from happening?
  • Is privacy just about compliance for companies or are they motivated by other factors?
  • What tools and technologies should companies be investing in?
  • At what point does it make sense for a company to hire a security and compliance expert?
  • What are the big gaps in data privacy today? What future technologies or development are you excited about?

Resources:

Sep 14, 2022
Data Security in Snowflake’s Data Cloud with Dan Myers
27:03

Snowflake went public last year and is one of the fastest growing companies in the data cloud space. Businesses from all over the world are utilizing Snowflake for data storage, processing, and analytics.  Businesses using Snowflake are storing massive amounts of data, including regulated and highly sensitive customer data. In this episode, Dan Myers, developer advocacy lead from Snowflake, joins the show to discuss how he ended up working in the data space, Snowflake's various configuration and deployment models, and what each means from a security perspective as well as some of the recent privacy features Snowflake announced during their conference this past June.

Topics covered:

  • How did you end up in the job you're in today?
  • Where did your interest in the data space begin?
  • What is Snowflake and how do people use it?
  • What are some of the features Snowflake provides to help protect customer data?
  • What are the different deployment models for Snowflake and how do they impact security?
  • When might it make sense for a business to use a multi-tenant versus single tenant cloud architecture?
  • How does Snowflake's data masking and external tokenization features work?
  • What are some of the tools Snowflake provides to facilitate secure data sharing?
  • What is tag-based data masking versus dynamic data masking?

Resources:

Follow Dan on Twitter @jdanielmyers

Sep 07, 2022
Data Protocol’s Privacy Engineering Certificate Course with Jake Ward
38:52

Data Protocol is a developer education platform designed specifically to serve the learning styles and needs of engineers. The platform includes a live terminal environment and immersive platform to teach, train, and certify professionals. Companies like Uber and Meta have created courses for the platform and employees serve as instructors. Data Protocol also includes many courses focused on data privacy and security, including the Privacy Engineering Certificate course led by the Head of Privacy Engineering at Uber, Nishant Bhajaria. Jake Ward, CEO and Founder of Data Protocol joins the show to discuss his motivations for creating the platform, why focus on privacy, and how they were able to take Nishant's real world experience and turn it into a course.

Topics covered:

  • What's your background and how did you end up where you are today?
  • What is Data Protocol and what were your motivations for launching the platform?
  • Why are developers different? Why train and educate that audience specifically?
  • How did you get an interest in privacy and why focus training engineers in privacy?
  • What are some of the privacy-related courses and certifications offered on the platform?
  • How do these courses get designed and come together?
  • How are people and businesses using these courses?
  • What can someone expect from taking one of these courses?
  • Have you faced an educational challenge with generating interest in people taking privacy-related courses or are you seeing a shift to more interest in privacy?
  • Privacy and security are buzz words we hear more and more these days, are things really changing - if not / why not?
  • What’s next for Data Protocol? Anything exciting on the horizon that you can share?

Resources:

 

Sep 07, 2022
Privacy by Architecture with Skyflow’s Anshu Sharma
38:30

Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches. Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy. The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.

Topics covered:

  • How did you end up with an interest in working in the data privacy space
  • Why should companies care about privacy?
  • Why is privacy hard for companies?
  • What is a data privacy vault?
  • Where did this technology come from?
  • How does the data privacy vault help with things like data security and compliance?
  • How is this different from just a dedicated encrypted database for PII?
  • Why haven't more companies built their own vaults?
  • Why is an API the right way to deliver this technology?
  • How does the vault facilitate data utility while still protecting the data?

Resources:

Follow Anshu on Twitter @anshublog.

Sep 07, 2022
Introducing Partially Redacted, a Podcast about Data Privacy, Security & Compliance
02:16

Welcome to the trailer episode for Partially Redacted.

In this episode, Sean Falconer, Head of Developer Relations at Skyflow, introduces the goals and motivations behind creating a podcast about privacy, what you can expect from each show, and a teaser for some upcoming episodes.

If you work in privacy, data, security, compliance, or related fields, make sure you subscribe. You can also join the conversation and community at https://skyflow.com/community.

Aug 22, 2022