“An exciting trend in AI or more appropriately machine learning that can have direct benefit for security is in the area of situational awareness and automation..”
Hi, please tell us about the emerging trends in data integration and data transformation that expose vulnerabilities in enterprise Cloud management frameworks?
Some of the trends we are seeing with regards to data integration and transformation include the use of increasingly distributed multi-cloud environments, the move of critical applications and workloads, and the requirement for privileged access schemes that is increasing the growth of  access credentials. These trends, paired with continuous integration and delivery approaches introduce significant risks and vulnerabilities if not properly managed and secured.
Tell us about the various struggles within organization related to data management and fraud. Why do you think CIOs are lagging behind in meeting business goals linked with data management?
We continue to see organizations struggle to maintain control over their critical data. Not only do they often lack the visibility to accurately know where their critical data lives, but more so know how they are securing the data and who has access to that data. More and more we are seeing the adoption of encryption which requires the use of scalable key management in order to protect their critical data.
Read More: Mini, Micro and Nano Apps: What 2022 Looks like for IT DevOps Industry
We have acquired different definitions for data literacy. As a data scientist, how do you define data literacy and how does it influence the working hard skills required to handle big data, computing and analytics?
In the context of security, we define data literacy as the recognition that data is an increasingly important business resource that needs to be protected, not only while in use, but also while in transit and in storage. Because the insight and business intelligence derived from data aggregation and analysis is only as good as the quality of the data, ensuring its c************** and integrity is paramount. With more and more data collected and aggregated for this purpose, protecting the data becomes more challenging, and that is where cryptography and cryptographic key management comes into play. To protect the c************** and integrity of data, organizations use encryption and digital signature mechanisms that depend on an increasing volume of cryptographic keys that that must always be available when needed, and protected from compromise. Lose the keys – lose the data, putting organizations in significant predicaments with consequential regulatory, financial, and reputational impact.
What kind of security management skills should a data driven company hire for in 2022? Despite so much supply of data science professionals in the recent, why is there a serious gap in the way security is handled in Cloud industry?
Data is a competitive asset for organizations, protecting these assets and ensuring that they are handled accordingly is critical. For this reason, organizations must ensure that they not only have the right talent to collect, aggregate, and analyse data, but also to protect it throughout its lifecycle, no matter where the data actually lives. All too often organizations erroneously think that outsourcing data storage and analytics capabilities to a cloud service provider absolves them from the responsibility to protect their sensitive data. Under the shared responsibility model for cloud security, cloud service providers are responsible for the infrastructure and the service level agreement, but the client organization ultimately remains responsible for the c************** and integrity of the data.
Read More: ITechnology Interview with Neal Gottsacker, Chief Product Officer at Nintex
Your take on the emerging trends in AI Machine Learning influencing Cloud data management and security analytics platforms?
An exciting trend in AI or more appropriately machine learning that can have direct benefit for security is in the area of situational awareness and automation. Letting AI engines decipher patterns over data usage and alerting the human elements when specific profiles are flagged can significantly improve data security posture over multi-cloud and hybrid systems.
Your advice to CIOs and data officers on how to prioritize data planning and integration? Which top tools would you recommend for meeting data integration goals?
Our advice for CIOs is not to forget the fundamentals. Behind every data science project are basic security principles and best practices that should be followed. Always protect you cryptographic keys. Ensure that you deploy least privilege (where every process or individual ought to operate with only those permissions necessary to perform the authorised activities and only for as long as necessary), dual controls so no single individual or entity can subvert your security polices, and always manage your critical keys separate from the applications using them, and in a c******** hardware security module (HSM). Storing keys in software is soft security – In a servers file system, cryptographic keys have a very distinctive footprint. Cryptographic keys are substantially more random than most other types of data. So anyone with the knowledge, the tools and the access can scan a network, look for the tell-tale footprint of a cryptographic key and steal them. So in a busy data center, undertaking best practise measures to protect cryptographic keys from threats such as hackers, malevolent insiders or simple innocent employee mistakes.
And because the importance and value associated with the crypto keys, organisations auditors, want to ensure the company is following the highest possible standards to prevent against the theft of the cryptographic keys and meet compliance mandates such as GDPR and PCI. To check not just for compliance but also to ensure you are protecting the cryptographic keys as well as encrypting your data. And that is where an HSM fits in.
Read More: ITechnology Interview with Sagie Davidovich, CEO at SparkBeyond
Thank you, Cindy! That was fun and we hope to see you back on itechnologyseries.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Cindy Provin , SVP and General Manager, Identity & Data Protection at Entrust. In this role, I am responsible for the operations and strategic direction of of the Identity and Data Protection business segments . Entrust empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications. Entrust’s Data Protection segment is a world leader in providing cryptographic solutions that secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates. Using the same proven technology that our customers depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure.
Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us.
