Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
16 subscribers
Checked 10M ago
اضافه شده در three سال پیش
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Partially Redacted: Data, AI, Security, and Privacy
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
پادکست هایی که ارزش شنیدن دارند
حمایت شده
E
Everyday AI Podcast – An AI and ChatGPT Podcast
ChatGPT Agent is here! ↳ What the heck is it? ↳ How does it work? ↳ What do you need to know? Glad you asked, shorties. Join us for the answers. Square keeps up so you don't have to slow down. Get everything you need to run and grow your business—without any long-term commitments. And why wait? Right now, you can get up to $200 off Square hardware at square.com/go/jordan. Run your business smarter with Square. Get started today. Newsletter: Sign up for our free daily newsletter More on this Episode: Episode Page Join the discussion: Thoughts on this? Join the convo and connect with other AI leaders on LinkedIn. Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineup Website: YourEverydayAI.com Email The Show: info@youreverydayai.com Connect with Jordan on LinkedIn Topics Covered in This Episode: ChatGPT Agent Mode Overview & Naming Live ChatGPT Agent Demo Walkthrough ChatGPT Agent Mode Availability & Pricing Operator vs. Deep Research Capabilities Explained ChatGPT Agent Virtual Computer Functions Spreadsheet and PowerPoint Generation in ChatGPT Mini RAG-Ready Agents with Data Connectors ChatGPT Agent Security and Biological Risk Classification Timestamps: 00:00 "Introducing ChatGPT Agent" 03:41 Potential Delay for Paid Plan Rollout 09:24 "Chat GPT Agent: New Tools Overview" 12:44 OpenAI-Microsoft Tensions Over Software Overlap 16:42 "ChatGPT's New RAG Feature Unveiled" 21:55 AI Agent with Weapon Risk 23:31 Agent Models: Boon or Bane? 29:05 "Agent Mode: Seamless Editing Integration" Keywords: ChatGPT Agent, Agent Mode, OpenAI, virtual computer, Agentic skills, Operator, Deep Research, browsing websites, web research, synthesizing information, Microsoft competitor, PowerPoint creation, Excel spreadsheet creation, terminal access, public API integration, connectors, data analysis, image generation, multi-agent environments, retrieval augmented generation, mini RAG, AI operating system, human-in-the-loop, security concerns, biology classifier, biological weapons classification, chemical weapons classification, O3 model, Google Gemini 2.5 Pro, agentic models, AI workflows, editable slide deck, Microsoft Office alternative, AI-powered presentations, spreadsheet automation, cloud-based agents, AI task automation, calendar integration, Gmail connector, Send Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Square keeps up so you don't have to slow down. Get everything you need to run and grow your business—without any long-term commitments. And why wait? Right now, you can get up to $200 off Square hardware at square.com/go/jordan. Run your business smarter with Square. Get started today.…
Privacy by Architecture with Skyflow’s Anshu Sharma
Manage episode 340481094 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches.
Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy.
The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.
Topics covered:
- How did you end up with an interest in working in the data privacy space
- Why should companies care about privacy?
- Why is privacy hard for companies?
- What is a data privacy vault?
- Where did this technology come from?
- How does the data privacy vault help with things like data security and compliance?
- How is this different from just a dedicated encrypted database for PII?
- Why haven't more companies built their own vaults?
- Why is an API the right way to deliver this technology?
- How does the vault facilitate data utility while still protecting the data?
Resources:
Follow Anshu on Twitter @anshublog.
76 قسمت
اشتراک گذاریManage episode 340481094 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches.
Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy.
The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.
Topics covered:
- How did you end up with an interest in working in the data privacy space
- Why should companies care about privacy?
- Why is privacy hard for companies?
- What is a data privacy vault?
- Where did this technology come from?
- How does the data privacy vault help with things like data security and compliance?
- How is this different from just a dedicated encrypted database for PII?
- Why haven't more companies built their own vaults?
- Why is an API the right way to deliver this technology?
- How does the vault facilitate data utility while still protecting the data?
Resources:
Follow Anshu on Twitter @anshublog.
76 قسمت
همه قسمت ها
×
In this episode, Sean sat down with Jack Godau to dive deep into the world of pseudoanonymization. They started by discussing Jack's career trajectory working with highly sensitive data and how that experience shapes his engineering mindset. Jack shared how pseudoanonymization differs from anonymization, explaining its value for maintaining data utility while complying with stringent regulations like GDPR. Jack also walked us through the challenges and key components of building a pseudoanonymization engine, including the complexities of handling re-identification risks, ensuring scalability, and optimizing performance for large datasets. He shared insights on the trade-offs between data protection and usability, and whether building these systems in-house is worth the investment for startups. Finally, they explored where the field is heading, especially as data privacy concerns continue to grow.…
In this episode, Sean sits down with Ben Burkert, Co-founder and CTO of Anchor, to dive into the world of certificate management and internal TLS. We explore how certificates and TLS function, the inherent difficulties in managing internal TLS certificates, and why nearly every engineer has a horror story related to it. Ben also shares insights into how Anchor is addressing these challenges and making internal TLS certificate management simpler and more reliable. Key Topics: Understanding Certificates and TLS: Basics of how certificates and TLS work. The role of TLS in securing internal communications. The Challenges of Internal TLS Certificate Management: Why managing internal TLS certificates is so difficult. Common pitfalls and challenges engineers face. Engineer Horror Stories: Real-world examples of certificate management gone wrong. The impact of these failures on teams and organizations. How Anchor is Fixing the Problem: Anchor’s approach to simplifying internal TLS certificate management. Key features and benefits of Anchor’s solution. If you've ever struggled with internal TLS certificates or are looking for a way to avoid the pain altogether, Ben’s expertise provides a clear path to overcoming the challenges of certificate management with a modern, reliable approach. Resources: https://anchor.dev/ https://lcl.host/…
In this episode, we sit down with Ori Rafael, CEO and Co-founder of Upsolver, to explore the rise of the lakehouse architecture and its significance in modern data management. Ori breaks down the origins of the lakehouse and how it leverages S3 to provide scalable and cost-effective storage. We discuss the critical role of open table formats like Apache Iceberg in unifying data lakes and warehouses, and how ETL processes differ between these environments. Ori also shares his vision for the future, highlighting how Upsolver is positioned to empower organizations as they navigate the rapidly evolving data landscape.…
In this episode, Sean Falconer is joined by Aubrey King, solutions architect and community evangelist at F5, to discuss the top 10 security issues for LLM applications. They explore critical threats such as prompt injections, insecure output handling, and training data poisoning, among others. Aubrey provides insights into why these issues arise, the attacks being observed, and the methods used to mitigate these risks. This episode is essential listening for anyone interested in the security of large language models and their applications.…
In this episode, host Sean Falconer sits down with Eric Flaningam, a researcher at Felicis Ventures, to explore the fascinating world of data warehouses. They dive into the history, evolution, and future trends of data warehousing, shedding light on its importance. Key topics discussed include an overview of the article "A Primer on Data Warehouses," and the definition and key characteristics of data warehouses. They also cover the historical evolution and major milestones in data warehousing, the shift from batch processing to real-time data, and the convergence of data warehouses and SQL. Eric and Sean discuss the impact of unstructured and complex data, advancements in technology and their effect on data warehouses, and the technical architecture and components of a typical data warehouse. They share real-world benefits and use cases of data warehouses, common challenges in implementing and maintaining data warehouses, and future trends and the influence of AI and machine learning on data warehouses. For further reading, check out Eric Flaningam’s article, A Primer on Data Warehouses: https://www.generativevalue.com/p/a-primer-on-data-warehouses…
Join us as we chat with Tim Jensen, a privacy enthusiast, about personal online security. Tim shares his journey to becoming a privacy advocate and teacher and provides insights into the common mistakes people make with passwords. We discuss why passwords have persisted for over 60 years, the issues with current password creation methods, and the balance between complexity and usability. We also explore strategies to protect personal information beyond just using better passwords. Finally, Tim shares his thoughts on future approaches to password and identity protection.…
In this episode Sean welcomes Brian Vallelunga, CEO and founder of Doppler, to discuss secrets management. Brian shares the journey of founding Doppler, a company dedicated to securing sensitive data such as API keys and credentials. Sean and Brian discuss the nuances of secrets management, its distinction from password management, and the importance of dedicated services for safeguarding secrets. The episode also addresses the alarming rise in data breaches, common mistakes companies make, and essential practices for managing secrets effectively. Brian offers expert advice on protecting secrets, the necessity for secret rotation, and the future of secrets management.…
In this episode, Sean is joined by Eric Dodds, Head of Product Marketing at RudderStack, to dive into the world of data management, data pipelines, and common data mistakes. Eric shares his insights on when organizations should transition from basic tools like spreadsheets to a more sophisticated data stack, including data warehouses and modern tooling. They discuss the challenges businesses face in data management, specifically about coming up with a common set of definitions that an organization is aligned around. They also discuss how to address these issues, and the importance of secure handling of customer data. Eric also provides an overview of RudderStack, its open-source approach, and the value it brings to managing customer data. Eric shares a ton of practical advice on building and optimizing your data infrastructure.…
In this episode, Kirk Marple, CEO and Co-founder of Graphlit, joins the show. Sean and Kirk dive into the world of unstructured data management, discussing the evolution and current challenges in the field. While structured data has been well-handled since the 1970s, 80-90% of the world’s data remains unstructured, with predictions of 175 billion terabytes by 2025. Despite this vast amount, companies struggle to utilize it effectively due to immature tools and processes. Graphlit was founded to address this gap, providing scalable, maintainable systems with enhanced observability to handle unstructured data efficiently. Kirk discusses the challenges in data security and privacy when building RAG-based applications. He discusses some of their exploration into PII scrubbing and also controlled access to the vector embeddings based on the roles of a user. Finally, looking forward, Kirk shares insights into the future of Graphlit and their continued focus on enhancing the accessibility and utility of unstructured data for businesses across various industries.…
In this episode, Jake Moshenko, CEO and co-founder of AuthZed, joins the show to explore the world of user permissions at scale. Inspired by Google's Zanzibar, AuthZed aims to tackle the challenges of authorization - a less common focus compared to authentication in the tech industry. Jake discusses the initial simplicity and subsequent complications in role-based permission models, where businesses often struggle as they scale and need more nuanced access controls. He explains the Zanzibar paper from Google and the technical challenges with implementing the approach successfully. He explains how AuthZed facilitates a flexible and maintainable permission system and how companies get started.…
In this episode host Sean Falconer is joined by Aaron Painter, CEO of Nametag, to explore the evolving threat and potential of AI deepfakes. They discuss the increasing sophistication of deepfake technology, highlighted by the significant rise in incidents such as the Retool hack, and how these technologies can manipulate public perception and security. Aaron discusses the development of technologies to both create and detect deepfakes, discussing the arms race that pits innovation against security. Aaron shares insights into how his company, Nametag, is at the forefront of combating deepfake fraud by protecting identity data and providing solutions for both companies and individuals to safeguard themselves. They conclude with thoughts on the future, discussing the ongoing technological advancements that are expected to play a crucial role in the fight against deepfakes, aiming to balance innovation with security in the digital landscape.…
In this episode we’re joined by Shubh Sinha, CEO and Co-founder of Integral, to discuss the protection and utilization of sensitive health data. Shubh shares insights from his varied career in sales, engineering, and product management, and dives into the challenges of maintaining privacy and security in healthcare. The conversation covers HIPAA regulations, the balance of securing data while keeping it accessible, and the role of generative AI in healthcare innovations. Tune in for a detailed look at how technology is shaping the future of patient treatment and data privacy.…
In this episode, we dive into the world of MLOps, the engine behind secure and reliable AI/ML deployments. MLOps focuses on the lifecycle of machine learning models, ensuring they are developed and deployed efficiently and responsibly. With the explosion of ML applications, the demand for specialized tools has skyrocketed, highlighting the need for improved observability, auditing, and reproducibility. This shift necessitates an evolution in ML toolchains to address gaps in security, governance, and reliability. Jozu is a platform founded to tackle these very challenges by enhancing the collaboration between AI/ML and application development teams. Jozu aims to provide a comprehensive suite of tools focusing on efficiency throughout the model development and deployment process. This conversation discusses the importance of MLOps, the limitations of current tools, and how Jozu is paving the way for the future of secure and reliable ML deployments. Resources: Jozu KitOps…
In this episode, we dive deep into the world of prompt injection attacks in Large Language Models (LLMs) with the Devansh, AI Solutions Lead at SVAM. We discuss the attacks, existing vulnerabilities, real-world examples, and the strategies attackers use. Our conversation sheds light on the thought process behind these attacks, their potential consequences, and methods to mitigate them. Here's what we covered: Understanding Prompt Injection Attacks: A primer on what these attacks are and why they pose a significant threat to the integrity of LLMs. Vulnerability of LLMs: Insights into the inherent characteristics of LLMs that make them susceptible to prompt injection attacks. Real-World Examples: Discussing actual cases of prompt injection attacks, including a notable incident involving DeepMind researchers and ChatGPT, highlighting the extraction of training data through a clever trick. Attack Strategies: An exploration of common tactics used in prompt injection attacks, such as leaking system prompts, subverting the app's initial purpose, and leaking sensitive data. Behind the Attacks: Delving into the minds of attackers, we discuss whether these attacks stem from a trial-and-error approach or a more systematic thought process, alongside the objectives driving these attacks. Consequences of Successful Attacks: A discussion on the far-reaching implications of successful prompt injection attacks on the security and reliability of LLMs. Aligned Models and Memorization: Clarification of what aligned models are, their purpose, why memorization in LLMs is measured, and its implications. Challenges of Implementing Defense Mechanisms: A realistic look at the obstacles in fortifying LLMs against attacks without compromising their functionality or accessibility. Security in Layers: Drawing parallels between traditional security measures in non-LLM applications and the potential for layered security in LLMs. Advice for Developers: Practical tips for developers working on LLM-based applications to protect against prompt injection attacks. Links: Devansh on LinkedIn AI Made Simple…
In this episode, Joice John, Senior Product Manager at Skyflow, joins the show to discuss the complexities of managing privacy and security with unstructured data. Joice explains what unstructured data is and its distinction from structured data, and then dives into the technologies that tackle these challenges. Joice discusses the unique privacy concerns and significant security risks unstructured data poses, highlighting why they're especially tough to mitigate. Sean and Joice also discuss the support modern data lakes offer for secure unstructured data management, alongside Skyflow’s solutions for overcoming analytics challenges and protecting sensitive customer information.…
P
Partially Redacted: Data, AI, Security, and Privacy
Daniel Wong, Head of Security and Compliance at Skyflow, is back for his third appearance. Daniel discusses his extensive career at the forefront of security engineering, having worked with industry behemoths like Oracle, Salesforce, and CrowdStrike. He discusses the critical differences in security needs between large enterprises and smaller businesses, the evolution of security technologies, and the unique challenges of ensuring enterprise-grade compliance. Daniel shares his personal experiences and the innovative security features he helped pioneer, offering listeners an insider's view of what it takes to protect some of today's leading enterprises. Links: Common Data Security and Privacy Mistakes with Daniel Wong Understanding SOC-2 Compliance and Achieving It with Skyflow's Daniel Wong…
P
Partially Redacted: Data, AI, Security, and Privacy
This episode dives into how we can keep our texts and calls safe from scammers. Sean Falconer chats with Dave Erickson, the co-founder of Phound, which is redefining the way people connect and communicate. Dave shares why texts can easily get targeted by scams, how fraudsters hide their identity, and the tricks they use to trick people. Learn about the simple steps you can take to protect yourself from these scams. Dave also talks about how Phound is working to make our phone numbers safer by creating a self-managed contact card. Users of Phound only receive phone calls and SMS from approved contacts and they’re in control over how long someone can contact them. If you're worried about phone scams or interested in how technology is fighting back, this episode and the work Phound is doing should help. Links: Phound…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode Rishi Bhargava, Co-founder of Descope, joins the show to delve into the intricacies of authentication and identity management. Rishi, with his extensive experience in security, spanning from McAfee to Palo Alto Networks and co-founding Demisto and Descope, shares his insights on the evolution of the security landscape and the persistent challenges surrounding password-based security. Rishi elaborates on the longevity of passwords, their inherent security weaknesses, and the efforts to bolster their security, often at the expense of user convenience. The conversation shifts to emerging alternatives like passkeys, magic links, social logins, and biometrics, exploring their mechanisms, privacy implications, and potential risks. Rishi explains the nuances of passkey technology, addressing concerns about device theft, and the transition to new devices. Rishi articulates his vision for solving unaddressed challenges in authentication and identity management, differentiating Descope from other passwordless solutions. He outlines the integration process, common migration challenges, and the factors that drive companies to switch to third-party authentication providers. Links: Confidential Computing and Secure Enclaves with AWS's Arvind Raghu…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode Sean is joined by Pedram Naveed, Head of Data Engineering at Dagster Labs. They discuss the unique challenges and opportunities in the realm of data engineering, particularly the culture of learning and sharing within the field. Pedram discusses the traditionally guarded nature of data engineering, contrasting it with the more open-source approach in software engineering. He highlights the potential downsides of this secrecy, such as the difficulty in learning best practices and innovating. The discussion also touches on the balance companies must strike between contributing to communal knowledge and protecting valuable data and intellectual property. Pedram shares insights from his experiences at Dagster Labs, including the development of the Dagster Open Platform and its impact on fostering a culture of openness in data engineering. Additionally, they explore the future of collaboration in the field, considering emerging technologies and methodologies that could further encourage sharing and innovation over the next 5-10 years. Links: Dagster Open Platform Pedram Navid…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode Zena Obebe, the founder of Hill Redaction Services, joins the show to discuss the critical role of document redaction in maintaining privacy and security. Zena, an expert in the field, discusses the increasing demand for document redaction across various industries, particularly in legal and medical sectors.Document redaction, the process of obscuring sensitive information in documents, is vital for compliance with privacy laws and protecting personal data. Zena sheds light on the challenges organizations face in redacting documents, emphasizing the complexity and necessity of accurately obscuring information without compromising the integrity of the document. She highlights the evolution of technology in this domain, noting how advancements in AI and automation have enhanced the efficiency and accuracy of redaction processes. Despite these technological strides, Zena cautions against over-reliance on automation, underscoring the importance of human oversight to mitigate risks. The conversation also covers best practices for effective redaction and the need for industry-specific awareness to meet legal and regulatory requirements.…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Sanjeev Sharma, Product Lead from Skyflow, joins the show to explore the complex landscape of payment data residency regulations in India, focusing on the Reserve Bank of India's (RBI) 2018 mandate for local data storage and its impact on digital payments. The discussion covers the regulatory roles of RBI and NPCI, the challenges international businesses face in adapting to these regulations, and the implications for consumer data protection and business continuity. Sanjeev and Sean delve into the technical and operational hurdles companies encounter, such as interpreting intricate payment flows and modifying global IT systems for local compliance. The episode also highlights the influence of technological innovations on payment systems, like mobile penetration and UPI, and offers strategic advice for entrepreneurs navigating this regulatory environment. The episode provides a comprehensive overview of the evolving digital payment sector in India, emphasizing the importance of regulatory compliance for fostering innovation and security.…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode a stellar panel of privacy engineering experts delve into the evolving world of privacy engineering. Saima Fancy, Senior Privacy Specialist for Ontario Health, Jay Averitt, Privacy Product Manager and Engineer at Microsoft, and Mira Olson, Privacy Architect at Doordash, bring diverse perspectives from their extensive experience in the field. They kick off the discussion with personal introductions, shedding light on their roles and contributions to privacy engineering. Jay helps tackle the fundamental question, "What is a privacy engineer?" sparking a thoughtful debate. Mira builds on this by reflecting on the evolution of the role and emerging trends in privacy engineering. Saima assesses the current maturity of the profession, highlighting areas of progress and those needing improvement. The panel discusses the challenges and opportunities facing privacy engineers, with each guest offering insights from their unique vantage points. They explore the core responsibilities and misconceptions about the role, the need for specialized skills and certifications, and the importance of interdisciplinary collaboration. Ethical considerations and the balance between user privacy and technological innovation are also dissected. The discussion dives into the growing privacy concerns surrounding AI and whether we need specialized regulations. Finally, the panel looks towards the future of privacy engineering over the next decade and what they’d change and impact they’d like to see.…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Pramod Raghavendran, a privacy engineering expert with prior experience at Google and Coinbase, joins the show. Together, Sean and Pramod discuss the dynamic landscape of privacy engineering, addressing hot topics and changes since Pramod's last appearance. The conversation delves into the unique role of privacy engineers compared to security engineers, emphasizing collaboration between privacy and security teams. Pramod shares insights into how privacy functions intersect with security, governance, and data platforms. The episode also explores real-world examples, best practices, and future trends, offering a concise yet comprehensive look at the evolving relationship between privacy and other functions within organizations.…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Roshmik Saha, Co-founder and CTO of Skyflow, discusses the critical importance of Personally Identifiable Information (PII) data isolation. The principle is straightforward—separate sensitive and non-sensitive data for effective data governance and privacy. The conversation covers historical origins, government use, and real-world examples from companies like Apple and Google. The episode explores why PII isolation is vital, detailing risks and consequences of not implementing it effectively. Roshmik contrasts data isolation with encryption and access control, emphasizing practicality. "Zero trust" in data security is introduced as a verification-centric approach. Challenges in isolating PII are acknowledged, with a focus on security principles. Best practices for PII isolation include a "need to know" basis and fine-grained access control. Roshmik provides advice for organizations, urging them to prioritize isolation, avoid integration pitfalls, and adopt a zero-trust mindset for enhanced data security.…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, we delve into developer experience (DX) and its pivotal role in data protection, security, and privacy. Ram Muthukrishnan, a product manager at Skyflow, joins the show again to share insights into DX's definition, the key elements of a great DX, and notable companies excelling in this domain. We explore the challenges developers face in implementing secure and privacy-respecting software, emphasizing the need to strike a balance between efficiency and robust security measures. The conversation extends to how a developer's role evolves when tasked with integrating privacy and security into their code and essential skills for this role. We discuss best practices for infusing privacy and security considerations into the software development process, with a reference to Google's approach in product launches. We also address common misconceptions, challenges with security tools, and how a better DX can enhance adoption. Furthermore, we highlight the significance of a positive DX in shaping data protection, especially in sectors like healthcare and finance. This episode offers a concise yet comprehensive exploration of DX's technical underpinnings and its profound impact on data security and privacy.…
P
Partially Redacted: Data, AI, Security, and Privacy
Robin Andruss, Skyflow’s Chief Privacy Officer is back to talk about AI governance and responsible AI. We touch on recent talks Robin gave at InfoGov World and IAPP PSR on privacy-enhancing technologies and AI governance. In this episode, Robin sheds light on the pressing issues of data privacy within this new era of AI-driven product and consumer experiences. She discusses the key privacy challenges inherent to AI, highlighting the concerns voiced by privacy professionals as they navigate this evolving landscape. Robin explores how AI differs from previous technologies in terms of regulation and shares best practices for organizations to ensure data privacy when implementing AI solutions. Topics: How does data privacy relate to AI, and what are the key privacy challenges associated with AI? What are you seeing amongst the privacy professionals in terms of concern around AI? Why is AI different from perhaps other forms of technology that we’ve developed regulations for in the past? What is AI governance? What are the ethical considerations when implementing AI technologies? Can you share some real-world examples of AI applications that have raised ethical concerns? What do companies working in the AI space or those interested in integrating with AI platforms or building out new products be thinking about when it comes to AI, privacy, and governance? Why is transparency and explainability important in AI, and how can organizations achieve these goals? Are there specific tools or methodologies that can help in making AI systems more transparent and understandable? What do you think the future looks like in terms of regulating AI?…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, we discuss the evolving landscape of data protection, especially in the context of India's DPDP law. Kuldeep Tomar, the Head of Information Security at Games24x7, delves into the significance of safeguarding data beyond just access control, highlighting the importance of data protection itself. He discusses how data protection is a critical facet of a Chief Information Security Officer's (CISO) responsibilities and how a robust data protection strategy can enhance an organization's ability to respond effectively to data breaches, aligning with the DPDP's mandates. Topics: Many people think of cybersecurity as primarily controlling who has access to data. Why is it important to emphasize the protection of the data itself, beyond just access control? How does a strong data protection strategy improve an organization's ability to respond to data breaches or security incidents as mandated by DPDP? Discuss the importance of continuous monitoring and auditing of data access and usage, and its alignment with DPDP compliance. DPDP encourages the principle of data minimization. Can you explain what this means and how it can be practically implemented? For organizations with a global presence, how can they ensure compliance with DPDP when transferring data internationally, considering data sovereignty? What are the biggest challenges companies face when it comes to complying with data privacy regulations in APAC? What are the key challenges that companies operating in India face when it comes to complying with data privacy regulations? How do cultural differences across APAC impact data privacy practices and regulations? What do you anticipate happening in APAC with regards to privacy regulations or the focus on privacy for companies over the next 3-5 years?…
P
Partially Redacted: Data, AI, Security, and Privacy
Former Chief Compliance and Privacy Officer of GeneDx, Murali Mani, joins the show to discuss data privacy in healthcare. Murali spent over 15 years working in privacy and healthcare across companies like Philips, IBM, and GeneDx. In this episode he shares his thoughts on common misconceptions about data privacy in healthcare, breaks down which regulations apply to which type of company, history of privacy in healthcare, and the challenges companies face with compliance and data protection. Topics: What are some common misconceptions or misunderstandings about data privacy in healthcare that you often encounter? How has the landscape of healthcare data privacy evolved in recent years, and what new challenges have emerged Traditionally security and privacy in health is not tightly controlled. Why is that? Historically, how do pharma and drug companies manage and secure personal data? What’s the problem with attempting to manage privacy challenges with purely written policies? How can companies accelerate compliance and prioritizing privacy? How can companies build trust and transparency with patients and data subjects? How does gen AI play a role? What’s the future look like for companies in this space? If you were advising a company today, what would your suggestion be for managing this problem?…
P
Partially Redacted: Data, AI, Security, and Privacy
Sam Sternberg, Customer Programs Lead at Skyflow, joins the show to discuss the world of privacy and security at scale within large enterprises. We explore the complex infrastructure, regulatory challenges, and evolving technologies that these giants face in protecting customer and employee data. From managing expansive data infrastructures and international privacy regulations to securing data in the cloud, both multi-cloud and hybrid cloud and harnessing AI, we provide insights and best practices for safeguarding sensitive information. Check out the episode to delve into the technology and people-centric approaches to privacy and security within the data landscape of large organizations. Topics: When we’re talking about a large enterprise, can you paint a picture for what the infrastructure of these companies might look like? How many databases, servers, and people are involved? What are the fundamental differences between data management in small to medium-sized businesses and large enterprise organizations, especially concerning security and privacy? How does the scale and complexity of data infrastructure in large companies impact their ability to maintain data privacy and security effectively? What are the main regulatory frameworks that enterprise companies must navigate, and how do these impact data management strategies? Large enterprises often have extensive data lakes and warehouses. How can these organizations ensure the confidentiality, integrity, and availability of their data in such environments? With the increasing adoption of cloud services, how should large enterprises approach cloud security and privacy concerns, especially in multi-cloud or hybrid cloud environments? Could you share some best practices for securely managing customer and employee data, considering the unique challenges faced by big companies in this regard? How has the adoption of artificial intelligence and machine learning impacted data security and privacy practices in large organizations, and what precautions should they take when implementing these technologies? Many large enterprises operate globally. How does managing security and privacy requirements across different countries and regions impact their strategies and challenges? What emerging trends or technologies do you foresee having a significant impact on data security and privacy in large enterprises in the near future?…
P
Partially Redacted: Data, AI, Security, and Privacy
1 Data Protection 101: Redaction, Masking, Encryption, and More with Skyflow’s Ram Muthukrishnan 32:47
In this episode, Ram Muthukrishnan, Senior Product Manager at Skyflow, joins the show to delve into the fundamental aspects of data protection. Ram demystified key concepts like redaction, masking, and encryption, shedding light on their significance in the world of data protection. Ram walked us through the practical applications of these techniques and their role in ensuring data privacy and security in today's digital landscape. Topics: Why is it important to protect sensitive customer data? What are the key differences between redaction, masking, encryption, and tokenization as data protection techniques? How does data redaction work, and in what scenarios is it typically used? What’s it mean to mask data and what are the different approaches? Can you break down the basics of encryption for our listeners? What are the primary differences between symmetric and asymmetric encryption, and when should each be used Tokenization is often associated with payment data. Could you explain how tokenization replaces sensitive data with tokens and its advantages? When does it make sense to use tokenization versus something like encryption? What advantages or disadvantages are there to tokenization? Access control is a critical aspect of data protection. How does it work, and what are some best practices for implementing effective access control measures? How can organizations balance the need for data security with the requirement for data accessibility by authorized personnel? Are there any common misconceptions or challenges when it comes to implementing these data protection techniques? What are some emerging trends or technologies in the field of data protection that we should be aware of? Resources: Confidential Computing and Secure Enclaves with AWS's Arvind Raghu Secure Multi-Party Computation Explained with Skyflow's Liz Acosta Homomorphic Encryption with Skyflow’s Avradip Mandal…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, we dive into the realm of cloud security with Merritt Baer, Field CISO of Lacework. Together, we look at the complex tapestry of perceptions surrounding on-premises security versus the cloud, shedding light on why some still view on-prem as the safer option. Merritt lends her expertise to dissect the trade-offs that companies face by remaining in the traditional on-premises sphere rather than embracing the potential of the cloud. We explore the security considerations unique to the cloud-native world, offering insights into what it takes to navigate this transformation securely. Whether you're a seasoned professional or just beginning your cloud journey, this episode will expand your understanding of cloud security, uncovering the pros, cons, and crucial factors to ponder when venturing into the realm of cloud computing. Topics: Why do people think on-prem is more secure? What are the tradeoffs a company is making when they refuse to move to the cloud? What are the new challenges facing a company once they’ve moved to the cloud from a security perspective that perhaps they didn’t face in the on-prem world? Does the cloud reduce or increase your security risk footprint? Does the type of talent and team look different? How are cloud-native security tools and platforms different from traditional on-premises security solutions? How do you manage security at this kind of scale? As organizations adopt multi-cloud and hybrid cloud strategies, how do you recommend they maintain consistent security measures across different cloud environments? What are some emerging security threats in the cloud landscape, and how can organizations proactively defend against them? What is keeping CISOs up at night?…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, we explore the world of General Data Protection Regulation (GDPR) Catawiki’s Data Protection Lead Paul Breitbarth. We cover GDPR's history, business essentials, compliance significance, and the art of harmonizing business objectives with regulatory demands. Paul breaks down key GDPR components, emphasizing their role in safeguarding data privacy. From data handling to breach notification, listeners gain insights into essential compliance steps. The heart of the conversation revolves around the challenge of balancing business goals with GDPR rules. Practical strategies are discussed, including privacy-conscious approaches and effective data protection policies. This episode is a guide for businesses and individuals navigating GDPR's complexities, offering actionable insights for responsible data management and privacy protection. Topics: What was the immediate impact on businesses when GDPR came into effect? How did the world respond? What are the main requirements of a business when it comes to GDPR? What are the key rights granted to individuals under GDPR, and how can they exercise these rights? What are the technical requirements? What are some common challenges businesses face when implementing GDPR compliance? How has GDPR influenced the handling of data breaches and security incidents? What are the fines for non-compliance? What does it mean to be compliant? Can you really be 100% compliant? Is that realistic? How can a business navigate GDPR compliance, balance all the needs, and still do business? What are the responsibilities and obligations of data processors and data controllers under GDPR? Are there any recent updates or amendments to GDPR that businesses should be aware of? What’s the future of GDPR?…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Ray Everett, Head of Privacy and Data Protection at Avellino Lab, joins the show to discuss the rise of the privacy officer. The conversation delves into the essential role of privacy officers, providing listeners with a comprehensive understanding of their responsibilities and the challenges they encounter. Ray offers practical advice on effectively finding and hiring privacy officers, as well as initiating and managing successful privacy programs. This episode is a must-listen for anyone seeking to navigate the ever-evolving landscape of privacy protection. Topics: How has the privacy landscape changed throughout your career? What are some of the big changes from when you started to today? Can you describe the role and responsibilities of a Chief Privacy Officer? How has this evolved over time? What does this function end up looking like within a large organization? Who’s on the team? When should a company be building a privacy function? How do they know they need it? When a company decides to establish a privacy officer role, what factors should they consider in determining the scope and authority of the position? How does one go about finding a qualified privacy officer? What skills, qualifications, and experience should be sought after? What sets a great privacy officer apart from an average one? Let’s say I’m a founder and I realize I should hire a privacy officer and build a privacy function, but I have no experience with it, I just know I need to do it. Where do I start? How do I know what to look for in a potential candidate? During the hiring process, what specific interview questions should I be asking? What kind of positive or negative signals should I be testing for? Even when privacy organizations exist, they are often under-resourced and under-appreciated. What are your suggestions or thoughts on how a privacy officer can work with an organization to prevent this from happening? What’s the typical career path for someone looking to move into privacy? What do you recommend for those listening that might want to build a career in privacy? What are your thoughts on the future of the privacy officer? Will they own more budget, have more authority? Resources: Ray Everett LinkedIn International Association of Privacy Professionals…
P
Partially Redacted: Data, AI, Security, and Privacy
In the podcast episode Jodi Daniels, Founder & CEO of Red Clover Advisors, and Justin Daniels, Legal and Corporate Counsel at Baker Donelson, share valuable insights on privacy and security considerations in product development. They discuss the common mistakes made and the crucial questions to ask when designing new products, emphasizing the need for proactive data protection. Jodi and Justin delve into core principles and best practices for integrating privacy-by-design, highlight the risks of neglecting privacy and security during product development, and explore ways to balance innovation and functionality with privacy and data protection requirements. They also address the importance of ingraining privacy and security throughout the product life cycle and provide guidance on evaluating the privacy and security implications of emerging technologies like AI. Topics: From your point of view, what do you think is the biggest mistake or oversight people make when building new products when it comes to privacy and security? What kind of questions should I be asking myself when designing a new product when it comes to data protection? What are the core principles and best practices for operationalizing privacy-by-design when developing new products? What are the potential risks and challenges associated with neglecting privacy and security considerations during the product development phase? How can organizations effectively balance the need for innovation and functionality with the requirements of privacy and data protection? What steps can companies take to ensure that privacy and security are ingrained throughout the product life cycle, from design to deployment? Are there any specific regulations or standards that companies should be aware of when it comes to privacy and security in new product development? What are some of the privacy and security challenges facing companies interested in generative AI? When it comes to any kind of new technology, like AI, how can individuals and businesses evaluate the privacy and security implications before integrating them into their operations? What are some common misconceptions or myths surrounding privacy and security in AI, and how can they be addressed? Resources: Data Reimagined: Building Trust One Byte at a Time…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Rachael Ormiston, Head of Privacy at Osano, joins the show to discuss the impact of generative AI on privacy. We covered a wide range of topics, including Rachael's initial impression of ChatGPT and the risks associated with generative AI. We also explored Italy's recent ban on ChatGPT, the measures that can be taken to mitigate risks and protect privacy, and how businesses and organizations can leverage generative AI responsibly without infringing on people's privacy rights. Furthermore, we delved into the role of policymakers in regulating the use of generative AI to ensure privacy protection, as well as the ethical considerations that should be taken into account. Rachael provided valuable insights on how individuals can protect their privacy in the age of generative AI and the steps they can take to safeguard their personal information. Finally, we discussed the future of generative AI, highlighting the need to harness its potential while ensuring that privacy remains a top priority. Join us in this enlightening conversation as we navigate the intersection of Generative AI and privacy, gaining valuable insights from Rachael Ormiston's expertise. Topics: What was your first impression of ChatGPT? How can generative AI impact privacy, and what are some of the risks associated with it? Recently Italy became the first western country to ban ChatGPT, why did they do this? What might this mean for other countries? What measures can be taken to mitigate the risks of generative AI, and how can we ensure that privacy is protected? How can businesses and organizations leverage generative AI while ensuring that they don't infringe on people's privacy rights? How can policymakers regulate the use of generative AI to ensure that it doesn't infringe on people's privacy rights? What ethical considerations should be taken into account when using generative AI, and how can we ensure that it is used responsibly? How can individuals protect their privacy in the age of generative AI, and what steps can they take to safeguard their personal information? What is the future of generative AI, and how can we harness its potential while ensuring that it doesn't pose a threat to our privacy?…
P
Partially Redacted: Data, AI, Security, and Privacy
In this podcast episode, Jimmy Fong, Chief Commercial Officer at Seon, discusses online fraud and the role of Seon's fraud prevention tool. Jimmy covers common fraud patterns, evolving tactics, and the challenges of distinguishing legitimate user behavior from fraudulent activities. He shares Seon's journey, emerging fraud patterns, and best practices for security. Jimmy emphasizes collaboration and information sharing, highlighting the potential of generative AI in fraud prevention. Topics: How does online fraud work and why is it such a concern for online businesses and consumers? What are some common fraud patterns that individuals or businesses should be aware of when conducting transactions online? How has fraud patterns changed over time? How do fraudsters typically exploit vulnerabilities in online systems to carry out their fraudulent activities? Why fraudulently submit demo requests to a business? What is a fraudster attempting to do? What are the challenges and complexities involved in distinguishing between legitimate user behavior and fraudulent activities? How did Seon start? Are there any notable trends or emerging fraud patterns that you've observed recently? How should businesses adapt to stay ahead of evolving fraud tactics? What are some best practices that individuals and businesses can implement to enhance their overall security posture and minimize the risk of falling victim to online fraud? How important is collaboration and information sharing between businesses, industry associations, and law enforcement agencies in combating online fraud? Are there any notable initiatives in this regard? In your opinion, what does the future of fraud prevention look like? What role might generative AI play on both sides? Resources: Seon SEON Cat & Mouse Podcast…
P
Partially Redacted: Data, AI, Security, and Privacy
Manny Silva, Skyflow’s Head of Documentation, joins the podcast to share his journey of tinkering with generative AI systems and building a private GPT trained on internal Skyflow documents. Manny discusses his first impression of ChatGPT, how he got interested in this space as a technical writer, and the non-obvious insights he gained along the way. He addresses common misconceptions about GPT, particularly regarding privacy and security. Manny explains the concept of creating a private GPT and explores the reasons why organizations would want to implement it. He provides valuable insights into effectively integrating a private GPT into existing workflows and systems, along with the challenges and considerations companies should be aware of. Manny shares best practices for training and fine-tuning a private GPT to ensure optimal performance and accuracy. He delves into the impact of his work at Skyflow and the enhanced productivity observed in the field. Finally, Manny looks ahead to future advancements and trends in the field of private GPTs and discusses their transformative potential in the realms of documentation, product launches, and marketing. Topics: When you first saw ChatGPT, what was your first impression? As a technical writer, how did you get so interested in this space and start tinkering with the Open AI platform and APIs? What are some of the non-obvious things you learned as you dove into this? What are some of the common misconceptions you’re seeing when it comes to GPT, in particular when talking about privacy and security? What’s it mean to create a private GPT and why would someone want to do that? How can organizations effectively implement and integrate a private GPT into their existing workflows and systems? What are some common challenges or considerations that companies should be aware of when building and utilizing a private GPT? What are some best practices and strategies for training and fine-tuning a private GPT to ensure optimal performance and accuracy? Can you describe what you built at Skyflow that leverages private GPT?\ What kind of impact are you seeing in terms of yours or other people’s productivity? Looking ahead, what advancements or trends can we expect to see in the field of private GPTs, and how will they continue to transform the way we work with documentation, product launches, and marketing? Resources: Privacy-First AI: Harnessing Snowflake and Skyflow to Customize GPT Generative AI Data Privacy with Skyflow GPT Privacy Vault…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Ashley Jose, a product lead at Skyflow with a decade of experience in SaaS product management, explores the importance of data governance in today's data-driven world. He discusses the impact of growing data on business decisions and highlights the key components of an effective data governance framework. Ashley addresses misconceptions, explains the evolution of data governance, and its intersection with data privacy regulations. He also explores how data governance works within Skyflow's data privacy vault approach. Ashley addresses common misconceptions about data governance and dispels myths surrounding the topic. He then delves into the evolution of data governance in the face of big data and technological advancements, highlighting both new challenges and opportunities. He explains how organizations must navigate privacy regulations like GDPR and incorporate them into their data governance strategies. Drawing on Skyflow's expertise in data privacy vaults, Ashley explains how data governance functions within their approach. He demonstrates how this approach addresses challenges related to controlling access to sensitive data. Ashley provides practical advice for engineers and technical professionals looking to enhance their involvement in data governance initiatives. Topics: How has the growth of data that businesses store, process, and analyze impacted how they make business decisions? Can you explain what data governance is and why it is important in the context of today's data-driven world? What are the key components of a comprehensive data governance framework? What are the main challenges organizations face when implementing effective data governance practices? How does data governance impact engineers and technical teams directly? What role do they play in ensuring successful data governance? What are some common misconceptions or myths about data governance that you often come across? How would you address them? With the rise of big data and advancements in technology, how has data governance evolved over the years? Are there any new challenges or opportunities that have emerged? How does data governance intersect with data privacy and compliance regulations, such as GDPR or CCPA? In the context of Skyflow and the data privacy vault approach to the management of sensitive data, how does data governance work? How does a data privacy vault help address some of the challenges with controlling access to sensitive data? Are there any emerging trends or technologies in the data governance space that you find particularly interesting or promising? Do you have any practical advice or recommendations for engineers and technical professionals who want to enhance their understanding and involvement in data governance initiatives within their organizations? Resources: Introducing the Skyflow Data Governance Engine Data Access Control with lakeFS’s Adi Polak The Partially Redacted 2022 Year in Review with Skyflow’s Ashley Jose…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Anshu Sharma, CEO and co-founder of Skyflow highlights the alarming disparity between the millions of dollars companies invest in cybersecurity and the persistent occurrence of breaches and cyber attacks. Despite these hefty investments, current approaches to cybersecurity are simply not enough to protect customer data. It's like putting a bandaid on a broken arm - it might temporarily cover the problem, but it won't heal the underlying issue. According to Anshu, what we truly need is a security by default approach. We require systems that not only secure customer Personally Identifiable Information (PII) but also understand and handle the various types of workflows involving PII. This means implementing measures that go beyond mere protection and actively support the necessary tasks and operations involving sensitive data. Skyflow has developed technology that addresses these challenges. Skyflow not only ensures the security of PII but also supports the specific workflows associated with it. By doing so, Skyflow's technology effectively insulates applications from the burdensome responsibility of managing customer data, allowing organizations to focus on their core business objectives. Topics: Are we getting better at protecting customer data or worse? Why has the software industry failed at cybersecurity? How do you think the trend towards increased regulation and oversight of the cybersecurity industry will impact the development and adoption of new security technologies? What is security-by-default? What are some of the tactics companies can use to build products that are secure-by-default? How does this approach potentially change the culture of the company? What’s an example of a company building products with security built-in? What inspired you to start Skyflow, and how does your solution address the current challenges with cybersecurity in the software industry? What is the key difference between what Skyflow offers and what’s historically been done by businesses for data protection? How do you see the software industry evolving in terms of cybersecurity in the next few years, and what role do you think companies like Skyflow will play in this transformation? What’s next for Skyflow? Resources: The software industry has failed at cybersecurity. What, now? Privacy by Architecture with Anshu Sharma…
P
Partially Redacted: Data, AI, Security, and Privacy
1 Engineering for Data Privacy: Navigating Infrastructure, Security, and Compliance with Skyflow’s Roshmik Saha 44:33
In this episode Roshmik Saha, Head of Engineering at Skyflow, dives into the fascinating realm of data privacy and security solutions. Whether you're considering building your own privacy solution or seeking insights into the infrastructure requirements for handling credit card data securely, this episode has you covered. One important aspect that often goes underestimated is the maintenance costs associated with data privacy solutions. Roshmik emphasizes the significance of factoring in long-term maintenance expenses, as these solutions require ongoing updates, monitoring, and enhancements to adapt to evolving threats and regulations. It's crucial to recognize that compliance is merely a baseline and that solely building for compliance may not offer state-of-the-art security. Roshmik shares his expertise on how to go beyond compliance and implement robust security measures to protect sensitive data effectively. During the conversation, Roshmik highlights key considerations and features when building a data privacy solution to securely store and govern access to data. From encryption techniques and access control mechanisms to comprehensive auditing capabilities, he offers insights into the foundational elements required for a robust privacy solution. Additionally, he emphasizes the importance of incorporating state-of-the-art security technologies and features to reduce the risk of data breaches and potential reputational damage. Scalability is another critical aspect to address when developing a data privacy solution. Roshmik sheds light on the challenges faced by engineering teams in ensuring that the solution can meet the needs of a growing organization. He discusses strategies for building a scalable architecture that can handle increasing data volumes, user demands, and operational complexities. Throughout the episode, Roshmik provides practical advice and shares his thoughts on various topics, including the future of data privacy and security technologies. By drawing from his vast experience and expertise, you'll gain valuable insights into building a data privacy solution that not only meets regulatory requirements but also ensures resilience against cyber attacks. Topics: If I told you I was starting a B2C company and I was going to build my own privacy and security solution, what would your advice be Considering just credit card data, what would I need from an infrastructure standpoint to securely store, handle, and process credit card data? Beyond infrastructure costs, what other types of costs would I need to think through? What are the types of features or technologies I’d need to build to meet existing privacy requirements but also reduce the risk that I end up in the news for a data breach? What are the key considerations or features when building a data privacy solution to securely store data and govern access? What’s the engineering cost to build and maintain these? What kind of expertise does an engineering team require to build something that you think not only meets regulatory requirements, but also is resilient to cyber attacks? What are the most important security measures that need to be put in place to protect data privacy? How do you test and evaluate the effectiveness of the data privacy solution? How do you ensure that the data privacy solution remains up-to-date with evolving data privacy regulations and best practices? What are the biggest challenges that engineering teams face when building a data privacy solution? How do you ensure that the data privacy solution is scalable to meet the needs of a growing organization? Why do you think companies try to do this themselves? How do you ensure that the Skyflow is resilient to cyber attacks and other security threats? What advice would you give to other engineering teams building a data privacy solution for their organization? Are there any future data privacy or security technologies you’re excited about?…
P
Partially Redacted: Data, AI, Security, and Privacy
In this episode, Constantine Karbaliotis from nNovation, a certified privacy professional with a wealth of experience in the field of privacy and data protection joins the show. Constantine has served as a privacy officer for two multinational corporations, and now serves multiple organizations as a privacy advisor. Constantine is well-versed in a range of privacy program management areas, including policy development, implementing PIA/PbD programs, vendor privacy management, breach management and response, addressing notice, consent, and data subject rights issues, as well as contract issues such as data transfer agreements and security/privacy addenda. During our conversation, we explore the evolution of Canadian data privacy regulations, from their early beginnings to the current landscape, which is shaped by a range of federal and provincial laws. We discuss the primary Canadian privacy regulations that individuals and organizations should be aware of, and the differences between federal and provincial privacy laws, and how they impact individuals and organizations. We also delve into how the Canadian government enforces privacy regulations, and the penalties that individuals and organizations can face for non-compliance. Additionally, we examine how recent high-profile data breaches have affected Canadian privacy regulations and the changes made in response. We explore the challenges posed by emerging technologies, such as artificial intelligence and the Internet of Things, and their impact on Canadian privacy regulations. We also look at how individuals and organizations can stay up-to-date with the latest developments in Canadian privacy regulation and the resources available to help them comply. Topics: How has Canadian privacy regulation evolved over the years, and what impact has this had on individuals and organizations? What are the primary Canadian privacy regulations that individuals and organizations should be aware of? What are the differences between federal and provincial privacy laws in Canada, and how do they impact individuals and organizations? How does the Canadian government enforce privacy regulations, and what penalties can individuals and organizations face for non-compliance? How have recent high-profile data breaches affected Canadian privacy regulations, and what changes have been made in response? How does Canadian privacy regulation compare to other countries, such as the EU's General Data Protection Regulation (GDPR)? How can individuals and organizations stay up-to-date with the latest developments in Canadian privacy regulation, and what resources are available to help them comply? How do emerging technologies, such as artificial intelligence and the Internet of Things, affect Canadian privacy regulations, and what challenges do they pose? What do you see as the future of Canadian privacy regulation, and how do you think it will continue to evolve in the years to come? Resources: nNovation…
P
Partially Redacted: Data, AI, Security, and Privacy
In today's digital age, data privacy and security have become critical concerns for companies of all sizes. One way for companies to demonstrate their commitment to protecting customer data is by achieving SOC-2 compliance. But what exactly is SOC-2, and how can companies achieve it? To answer these questions, Daniel Wong, Head of Security and Compliance at Skyflow, joins the show to share his insights into SOC-2 compliance and the steps companies can take to achieve it. Throughout the interview, Daniel explains what SOC-2 compliance is, why it's important, and how it differs from other compliance standards. He also walks us through the key steps businesses can take to achieve SOC-2 compliance, including risk assessment, gap analysis, and remediation. Daniel also highlights the benefits of using Skyflow's platform to achieve SOC-2 compliance, such as its ability to help companies protect sensitive data while still enabling secure data sharing. He also discusses the challenges that businesses may face when pursuing SOC-2 compliance and how to overcome them. Whether you're a business owner or a data privacy professional, this interview with Daniel Wong provides valuable insights into SOC-2 compliance and how to achieve it. Topics: Can you explain what SOC-2 compliance is, and why it's important for businesses to achieve it What’s the difference between SOC-2 Type 1 and Type 2? How do these compare to ISO 27001? How does SOC-2 compliance differ from other compliance standards, such as PCI DSS or HIPAA? What are some common challenges that businesses face when pursuing SOC-2 compliance, and how can they overcome them? Can you walk us through the key steps that businesses need to take to achieve SOC-2 compliance? Skyflow Data Privacy Vault is SOC-2 compliant, how long did that take and what was involved? What’s that mean for our customers that want to achieve SOC-2 compliance? What advice would you give to businesses that are just starting their SOC-2 compliance journey? With something like a car, I can’t just manufacture a car in my house and start selling it. There’s certain inspections from a safety perspective that I have to pass. Do you think software needs more requirements like this before you can just launch something and start having people use it? Where do you see standards like SOC-2 going in the future? Resources: Common Data Security and Privacy Mistakes with Daniel Wong Skyflow is Certified SOC 2 Compliant…
P
Partially Redacted: Data, AI, Security, and Privacy
Data access control is becoming increasingly important as more and more sensitive data is being stored and processed by businesses and organizations. In this episode, the VP of Developer Experience at lakeFS, Adi Polak, joins to help define data access control and give examples of sensitive data that requires access control. Adi also talks about the concept of role-based access control (RBAC), which differs from traditional access control methods and provides several advantages. The steps involved in implementing RBAC are discussed, as well as best practices and challenges. Real-world examples of RBAC implementation and success stories are provided, and lessons learned from RBAC implementation are shared. We also discuss lakeFS, an open-source platform that provides a Git-like interface for managing data lakes. In particular, we get into the data management controls, the security and privacy features, and the future of the product. Topics: What are some common types of data access controls? Why are these types of controls important? How can RBAC help organizations better manage and secure their data? What are some challenges in implementing effective data access controls? How can organizations balance data security with the need to provide employees with the information they need to do their jobs? What are some best practices for managing data access control? How do you ensure that data access controls remain effective over time as your organization grows and changes? What is lakeFS? What model of data access management does lakeFS support? What are some of the other privacy and security features of lakeFS? What’s next for lakeFS? Anything you can share? Where do you see data access control going in the next 5-10 years? Resources: lakeFS Roadmap Scaling Machine Learning with Spark: Distributed ML with MLlib, TensorFlow, and PyTorch…
P
Partially Redacted: Data, AI, Security, and Privacy
Europe has seen a significant evolution in privacy regulation over the past decade, with the introduction of the EU's General Data Protection Regulation (GDPR) in 2018 being a significant milestone. The GDPR establishes a comprehensive framework for protecting personal data and gives individuals greater control over how their data is collected, processed, and used. The impact of these privacy regulations on businesses has been significant. Companies that operate in the EU or process EU citizens' data must comply with the GDPR's requirements or face significant fines and other penalties. This has required many businesses to implement new processes and technologies to ensure compliance, such as appointing data protection officers, conducting privacy impact assessments, and implementing data subject access request processes. One particularly tricky situation to navigate for businesses is transatlantic data transfers. Transatlantic data transfers face numerous challenges, including differing legal frameworks and data protection standards between the European Union (EU) and the United States (US). These differences can create legal uncertainty and potential risks for companies that transfer personal data across the Atlantic. In particular, the invalidation of the EU-US Privacy Shield framework by the European Court of Justice in 2020 has left companies without a clear mechanism for transatlantic data transfers, highlighting the need for a new agreement that meets the requirements of both the EU and the US. Additionally, concerns about government surveillance and data breaches have further complicated the transatlantic data transfer landscape, underscoring the need for strong data protection measures and clear regulatory frameworks. Privacy and data protection writer and expert Robert Bateman, who has published over 1500 articles related to privacy, joins the show to breakdown the evolution of privacy regulations in Europe, the impact that’s had on businesses, and explain the challenges surrounding transatlantic data transfers. Topics: How have privacy regulations evolved and what impact have they had for businesses? Can you discuss some of the history of Meta challenges in Europe? How enforceable are the fines? Do companies actually end up paying the fines? What are the key concerns around transatlantic data transfers? How do the cultural differences between the US and EU impact their approach to privacy and what impact has this had? How do organizations ensure compliance with privacy laws when transferring data between the US and EU? EU and US data transfers. How do we make progress? Could someone build meta from scratch today such that it is in compliance or is a business like this something that just can't exist under European privacy laws? What are your thoughts on the impact that generative AI might have on privacy? Resources: Data Protection Newsletter…
P
Partially Redacted: Data, AI, Security, and Privacy
Zero trust infrastructure is an approach to security that requires all users, devices, and services to be authenticated and authorized before being granted access to resources. Unlike traditional security models that assume everything inside the network is trusted, zero trust assumes that all traffic is untrusted. In today's world, where cyber threats are becoming increasingly sophisticated, Zero trust infrastructure is crucial for protecting sensitive data and preventing unauthorized access. Hashicorp is a company that provides a suite of tools for building and managing secure systems. Their products, such as Vault, Consul, and Boundary, can help organizations implement a zero trust approach to security. Vault is a tool for securely storing and managing secrets such as passwords, API keys, and certificates. It provides a centralized place to manage access to secrets and has several features to ensure the security of these secrets, such as encryption, access control, and auditing. Consul is a service discovery and configuration tool that provides a secure way to connect and manage services across different networks. It provides features such as service discovery, health checking, and load balancing, and can be integrated with Vault for secure authentication and authorization. Boundary is a tool for securing access to infrastructure and applications. It provides a secure way to access resources across different networks and can be integrated with Vault and Consul for secure authentication and authorization. Rosemary Wang, Developer Advocate at Hashicorp joins the show to explain zero trust infrastructure and how Vault, Consul, and Boundary help organizations build zero trust into their architecture. Topics: Why do you think we need developer tooling for access and authorization at a lower level within someone’s infrastructure? Can you explain what zero trust is and why it's important for modern security architectures? How does HashiCorp Vault, Boundary, and Consul fit into a zero trust security model? What is HashiCorp Vault and what problem does it help a company solve? What are some common use cases for HashiCorp Vault, and how can it help organizations with their security and compliance requirements? How does HashiCorp Vault handle secrets rotation and expiration? What is application based networking and how does this concept relate to HashiCorp Consul? Can you walk us through the process of setting up and configuring HashiCorp Consul for a typical enterprise environment? What are some common challenges or pitfalls that organizations face when using HashiCorp Consul, and how can they overcome them? How does Boundary simplify remote access to critical resources in a zero trust environment? What are some common use cases for HashiCorp Boundary, and how can it help organizations with their security and compliance requirements? How does HashiCorp approach balancing security with ease of use for its products? Can you talk about any upcoming features or developments in Vault, Boundary, or Consul that users should be excited about? Resources: @joatmon08…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
مشابه Partially Redacted: Data, AI, Security, and Privacy
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
