[DZone Research] Securing Data
[DZone Research] Securing Data
The most popular are encryption and a combination of access, authorization, and authentication.
Join the DZone community and get the full member experience.Join For Free
Protect your applications against today's increasingly sophisticated threat landscape.
To understand the current and future state of data security, we spoke to 31 IT executives from 28 organizations. We asked them, "how are you securing data?" Here's what they told us:
Access, Authorization, and Authentication
- Governance – giving access while protecting. Look at full-spectrum of security – access and authorization. Perform lineage audits. Have a system with strong audits. Be able to clamp down on access control for least privilege. Start with higher access and then increase security and audit-ability as approach production/insights.
- We use a multipronged strategy with a SOC 2 certified environment good for designing our security operations. Certification requires us to look at risks and address them. This requires operational discipline, not taking shortcuts. Most of us know what to do but we need the discipline to do it.
- We force HTTPS and assign a certificate. We allow a private agent so the data manipulation is behind the clients' own firewall. The agent determines what data is allowed beyond the firewall. Automation of the security, default settings are preset to the highest level of security.
- We provide enterprise-level security on top of the open source Apache Ignite platform. This includes security for both data in motion as well as for data at rest with various features to ensure data within a cluster is secure at all times.
- We provide multiple facilities to ensure data security: 1) Encryption and secure key management. 2) The flexibility to handle either on-prem, cloud-based, or hybrid infrastructure, so that you can ensure the physical security of data storage as appropriate for your application and data. 3) Control of data access. Often there is a tension between data scientists who say, “just give me all the data” and the data security group that is responsible for ensuring that access is controlled. We provide a facility to serve data at high speed to data scientists’ favorite stack, without allowing access to sensitive data and without the ability to download or extract data.
Here’s who we spoke to:
- Cheryl Martin, V.P. Research Chief Data Scientist, Alegion
- Adam Smith, COO, Automated Insights
- Amy O’Connor, Chief Data and Information Officer, Cloudera
- Colin Britton, Chief Strategy Officer, Devo
- OJ Ngo, CTO and Co-founder, DH2i
- Alan Weintraub, Office of the CTO, DocAuthority
- Kelly Stirman, CMO and V.P. of Strategy, Dremio
- Dennis Duckworth, Director of Product Marketing, Fauna
- Nikita Ivanov, founder and CTO, GridGain Systems
- Tom Zawacki, Chief Digital Officer, Infogroup
- Ramesh Menon, Vice President, Product, Infoworks
- Ben Slater, Chief Product Officer, Instaclustr
- Jeff Fried, Director of Product Management, InterSystems
- Bob Hollander, Senior Vice President, Services and Business Development, InterVision
- Ilya Pupko, Chief Architect, Jitterbit
- Rosaria Silipo, Principal Data Scientist and Tobias Koetter, Big Data Manager and Head of Berlin Office, KNIME
- Bill Peterson, V.P. Industry Solutions, MapR
- Jeff Healey, Vertica Product Marketing, Micro Focus
- Derek Smith, CTO and Co-founder and Katie Horvath, CEO, Naveego
- Michael LaFleur, Global Head of Solution Architecture, Provenir
- Stephen Blum, CTO, PubNub
- Scott Parker, Director of Product Marketing, Sinequa
- Clarke Patterson, Head of Product Marketing, StreamSets
- Bob Eve, Senior Director, TIBCO
- Yu Xu, Founder and CEO, and Todd Blaschka, CTO, TigerGraph
- Bala Venkatrao, V.P. of Product, Unravel
- Madhup Mishra, VP of Product Marketing, VoltDB
- Alex Gorelik, Founder and CTO, Waterline Data
Opinions expressed by DZone contributors are their own.