We were delighted to host two esteemed data and security experts to provide both an industry viewpoint from the analyst perspective, and "on the ground" experience from the former CEO of Tableau, on the risks of data sprawl and practical mitigation strategies for dealing with the explosion of data.
- Alexei Balaganski, Lead Analyst/CTO, KuppingerCole
- Mark Nelson, Former CEO, Tableau
- Ganesh Kirti, CEO and Founder, TrustLogix
Below are some of the key takeaways from each speaker. You can also access the full webinar recording of “Data Sprawl: The Ticking Time Bomb in Your Business and How to Defuse It”.
Alexei Balaganski, Lead Analyst/CTO, KuppingerCole
- Data sprawl is not an exception. It’s not a root cause. It's just a new normal. You have to live with it, have to deal with it somehow.
- Multi-cloud is a serious multiplier here, because with every additional cloud store you only increase your complexity, and we all know that complexity is the worst enemy of security.
- Compliance can no longer be addressed with spreadsheets and yearly reviews! Compliance failures are not only costly nowadays they can even bring your entire business to a halt.
- The only way to find some peace of mind, if you will, in this situation is to introduce those security and compliance controls that work in real-time, but can give you an overview of what's going on—and what's not going on—in your cloud infrastructure.
- TrustLogix was also one of the around 20 vendors we have reviewed, reviewed in our Leadership Compass. And of course, performance and scalability were two of the things we ranked in the highest node.
Mark Nelson, Former CEO, Tableau
- Data sprawl is real; but it's a feature, not a bug. You want people to bring the data that is most useful for them in their day-to-day jobs. The side effect of that is that they're going to bring in other data sources and data stores. If you really want self-service analytics, if you really want the business to be able to use its data, you need to be able to enable this. You have to figure out how to do this responsibly and have the right level of governance on it.
- You’ve got lawyers out there who are writing really nice data policies on how your company is supposed to be handling data and what the intent is. But then, proving that the actual implementation of your permissions is meeting what you wrote down as your policy is nearly impossible.
- It's not useful to have an infinitely scalable database. If you have very limited scalability on project permissions on the front end, then that gates your access to that database. Right? So the [security] solution really has to work with those amazing systems that have now been provided at the back end. You know, layer on top of them and not work against them.
- It's hard enough to get access to data. It's nearly impossible to revoke as you should.
- Unless you are in the business of building a data security product, you probably should not be building a data security solution.
Ganesh Kirti, Founder and CEO, TrustLogix
- Data sprawl is a given in the multi-cloud, multi-data platform world today… it becomes very crucial for data security professionals and data architects to recognize this challenge and take proactive measures to manage and secure data effectively to get more value from the data.
- The solution has to work frictionlessly for data consumers. At the end of the day, the data has to be made available to the data analyst, and data engineers, and for various applications…while putting the policies in place and getting the data to the right people.
- Mark talked about converting policies from legal into implementing the right access controls… that cost justifies having a third-party solution because you can focus on your data and not focus on trying to solve these problems we talked about, the performance and complexities of compliance requirements, and the business, that are changing dynamically.
- You know people come and go. Projects move on. People leave their jobs. But they still have access to the data. They still have access to the permissions.
- Having a tool that answers questions for security people, “Is everything implemented as per policies?” then allows data people to move fast.
