Artwork

Player FM - Internet Radio Done Right

17 subscribers

Checked 10M ago
اضافه شده در three سال پیش
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
icon Daily Deals

Privacy by Architecture with Skyflow’s Anshu Sharma

38:30
 
اشتراک گذاری
 

Manage episode 340481094 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches.
Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy.
The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.

Topics covered:

  • How did you end up with an interest in working in the data privacy space
  • Why should companies care about privacy?
  • Why is privacy hard for companies?
  • What is a data privacy vault?
  • Where did this technology come from?
  • How does the data privacy vault help with things like data security and compliance?
  • How is this different from just a dedicated encrypted database for PII?
  • Why haven't more companies built their own vaults?
  • Why is an API the right way to deliver this technology?
  • How does the vault facilitate data utility while still protecting the data?

Resources:

Follow Anshu on Twitter @anshublog.

  continue reading

76 قسمت

Artwork
iconاشتراک گذاری
 
Manage episode 340481094 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches.
Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy.
The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.

Topics covered:

  • How did you end up with an interest in working in the data privacy space
  • Why should companies care about privacy?
  • Why is privacy hard for companies?
  • What is a data privacy vault?
  • Where did this technology come from?
  • How does the data privacy vault help with things like data security and compliance?
  • How is this different from just a dedicated encrypted database for PII?
  • Why haven't more companies built their own vaults?
  • Why is an API the right way to deliver this technology?
  • How does the vault facilitate data utility while still protecting the data?

Resources:

Follow Anshu on Twitter @anshublog.

  continue reading

76 قسمت

همه قسمت ها

×
 
In this episode, Sean sat down with Jack Godau to dive deep into the world of pseudoanonymization. They started by discussing Jack's career trajectory working with highly sensitive data and how that experience shapes his engineering mindset. Jack shared how pseudoanonymization differs from anonymization, explaining its value for maintaining data utility while complying with stringent regulations like GDPR. Jack also walked us through the challenges and key components of building a pseudoanonymization engine, including the complexities of handling re-identification risks, ensuring scalability, and optimizing performance for large datasets. He shared insights on the trade-offs between data protection and usability, and whether building these systems in-house is worth the investment for startups. Finally, they explored where the field is heading, especially as data privacy concerns continue to grow.…
 
In this episode, Sean sits down with Ben Burkert, Co-founder and CTO of Anchor, to dive into the world of certificate management and internal TLS. We explore how certificates and TLS function, the inherent difficulties in managing internal TLS certificates, and why nearly every engineer has a horror story related to it. Ben also shares insights into how Anchor is addressing these challenges and making internal TLS certificate management simpler and more reliable. Key Topics: Understanding Certificates and TLS: Basics of how certificates and TLS work. The role of TLS in securing internal communications. The Challenges of Internal TLS Certificate Management: Why managing internal TLS certificates is so difficult. Common pitfalls and challenges engineers face. Engineer Horror Stories: Real-world examples of certificate management gone wrong. The impact of these failures on teams and organizations. How Anchor is Fixing the Problem: Anchor’s approach to simplifying internal TLS certificate management. Key features and benefits of Anchor’s solution. If you've ever struggled with internal TLS certificates or are looking for a way to avoid the pain altogether, Ben’s expertise provides a clear path to overcoming the challenges of certificate management with a modern, reliable approach. Resources: https://anchor.dev/ https://lcl.host/…
 
In this episode, we sit down with Ori Rafael, CEO and Co-founder of Upsolver, to explore the rise of the lakehouse architecture and its significance in modern data management. Ori breaks down the origins of the lakehouse and how it leverages S3 to provide scalable and cost-effective storage. We discuss the critical role of open table formats like Apache Iceberg in unifying data lakes and warehouses, and how ETL processes differ between these environments. Ori also shares his vision for the future, highlighting how Upsolver is positioned to empower organizations as they navigate the rapidly evolving data landscape.…
 
In this episode, Sean Falconer is joined by Aubrey King, solutions architect and community evangelist at F5, to discuss the top 10 security issues for LLM applications. They explore critical threats such as prompt injections, insecure output handling, and training data poisoning, among others. Aubrey provides insights into why these issues arise, the attacks being observed, and the methods used to mitigate these risks. This episode is essential listening for anyone interested in the security of large language models and their applications.…
 
In this episode, host Sean Falconer sits down with Eric Flaningam, a researcher at Felicis Ventures, to explore the fascinating world of data warehouses. They dive into the history, evolution, and future trends of data warehousing, shedding light on its importance. Key topics discussed include an overview of the article "A Primer on Data Warehouses," and the definition and key characteristics of data warehouses. They also cover the historical evolution and major milestones in data warehousing, the shift from batch processing to real-time data, and the convergence of data warehouses and SQL. Eric and Sean discuss the impact of unstructured and complex data, advancements in technology and their effect on data warehouses, and the technical architecture and components of a typical data warehouse. They share real-world benefits and use cases of data warehouses, common challenges in implementing and maintaining data warehouses, and future trends and the influence of AI and machine learning on data warehouses. For further reading, check out Eric Flaningam’s article, A Primer on Data Warehouses: https://www.generativevalue.com/p/a-primer-on-data-warehouses…
 
Join us as we chat with Tim Jensen, a privacy enthusiast, about personal online security. Tim shares his journey to becoming a privacy advocate and teacher and provides insights into the common mistakes people make with passwords. We discuss why passwords have persisted for over 60 years, the issues with current password creation methods, and the balance between complexity and usability. We also explore strategies to protect personal information beyond just using better passwords. Finally, Tim shares his thoughts on future approaches to password and identity protection.…
 
In this episode Sean welcomes Brian Vallelunga, CEO and founder of Doppler, to discuss secrets management. Brian shares the journey of founding Doppler, a company dedicated to securing sensitive data such as API keys and credentials. Sean and Brian discuss the nuances of secrets management, its distinction from password management, and the importance of dedicated services for safeguarding secrets. The episode also addresses the alarming rise in data breaches, common mistakes companies make, and essential practices for managing secrets effectively. Brian offers expert advice on protecting secrets, the necessity for secret rotation, and the future of secrets management.…
 
In this episode, Sean is joined by Eric Dodds, Head of Product Marketing at RudderStack, to dive into the world of data management, data pipelines, and common data mistakes. Eric shares his insights on when organizations should transition from basic tools like spreadsheets to a more sophisticated data stack, including data warehouses and modern tooling. They discuss the challenges businesses face in data management, specifically about coming up with a common set of definitions that an organization is aligned around. They also discuss how to address these issues, and the importance of secure handling of customer data. Eric also provides an overview of RudderStack, its open-source approach, and the value it brings to managing customer data. Eric shares a ton of practical advice on building and optimizing your data infrastructure.…
 
In this episode, Kirk Marple, CEO and Co-founder of Graphlit, joins the show. Sean and Kirk dive into the world of unstructured data management, discussing the evolution and current challenges in the field. While structured data has been well-handled since the 1970s, 80-90% of the world’s data remains unstructured, with predictions of 175 billion terabytes by 2025. Despite this vast amount, companies struggle to utilize it effectively due to immature tools and processes. Graphlit was founded to address this gap, providing scalable, maintainable systems with enhanced observability to handle unstructured data efficiently. Kirk discusses the challenges in data security and privacy when building RAG-based applications. He discusses some of their exploration into PII scrubbing and also controlled access to the vector embeddings based on the roles of a user. Finally, looking forward, Kirk shares insights into the future of Graphlit and their continued focus on enhancing the accessibility and utility of unstructured data for businesses across various industries.…
 
In this episode, Jake Moshenko, CEO and co-founder of AuthZed, joins the show to explore the world of user permissions at scale. Inspired by Google's Zanzibar, AuthZed aims to tackle the challenges of authorization - a less common focus compared to authentication in the tech industry. Jake discusses the initial simplicity and subsequent complications in role-based permission models, where businesses often struggle as they scale and need more nuanced access controls. He explains the Zanzibar paper from Google and the technical challenges with implementing the approach successfully. He explains how AuthZed facilitates a flexible and maintainable permission system and how companies get started.…
 
In this episode host Sean Falconer is joined by Aaron Painter, CEO of Nametag, to explore the evolving threat and potential of AI deepfakes. They discuss the increasing sophistication of deepfake technology, highlighted by the significant rise in incidents such as the Retool hack, and how these technologies can manipulate public perception and security. Aaron discusses the development of technologies to both create and detect deepfakes, discussing the arms race that pits innovation against security. Aaron shares insights into how his company, Nametag, is at the forefront of combating deepfake fraud by protecting identity data and providing solutions for both companies and individuals to safeguard themselves. They conclude with thoughts on the future, discussing the ongoing technological advancements that are expected to play a crucial role in the fight against deepfakes, aiming to balance innovation with security in the digital landscape.…
 
In this episode we’re joined by Shubh Sinha, CEO and Co-founder of Integral, to discuss the protection and utilization of sensitive health data. Shubh shares insights from his varied career in sales, engineering, and product management, and dives into the challenges of maintaining privacy and security in healthcare. The conversation covers HIPAA regulations, the balance of securing data while keeping it accessible, and the role of generative AI in healthcare innovations. Tune in for a detailed look at how technology is shaping the future of patient treatment and data privacy.…
 
In this episode, we dive into the world of MLOps, the engine behind secure and reliable AI/ML deployments. MLOps focuses on the lifecycle of machine learning models, ensuring they are developed and deployed efficiently and responsibly. With the explosion of ML applications, the demand for specialized tools has skyrocketed, highlighting the need for improved observability, auditing, and reproducibility. This shift necessitates an evolution in ML toolchains to address gaps in security, governance, and reliability. Jozu is a platform founded to tackle these very challenges by enhancing the collaboration between AI/ML and application development teams. Jozu aims to provide a comprehensive suite of tools focusing on efficiency throughout the model development and deployment process. This conversation discusses the importance of MLOps, the limitations of current tools, and how Jozu is paving the way for the future of secure and reliable ML deployments. Resources: Jozu KitOps…
 
In this episode, we dive deep into the world of prompt injection attacks in Large Language Models (LLMs) with the Devansh, AI Solutions Lead at SVAM. We discuss the attacks, existing vulnerabilities, real-world examples, and the strategies attackers use. Our conversation sheds light on the thought process behind these attacks, their potential consequences, and methods to mitigate them. Here's what we covered: Understanding Prompt Injection Attacks: A primer on what these attacks are and why they pose a significant threat to the integrity of LLMs. Vulnerability of LLMs: Insights into the inherent characteristics of LLMs that make them susceptible to prompt injection attacks. Real-World Examples: Discussing actual cases of prompt injection attacks, including a notable incident involving DeepMind researchers and ChatGPT, highlighting the extraction of training data through a clever trick. Attack Strategies: An exploration of common tactics used in prompt injection attacks, such as leaking system prompts, subverting the app's initial purpose, and leaking sensitive data. Behind the Attacks: Delving into the minds of attackers, we discuss whether these attacks stem from a trial-and-error approach or a more systematic thought process, alongside the objectives driving these attacks. Consequences of Successful Attacks: A discussion on the far-reaching implications of successful prompt injection attacks on the security and reliability of LLMs. Aligned Models and Memorization: Clarification of what aligned models are, their purpose, why memorization in LLMs is measured, and its implications. Challenges of Implementing Defense Mechanisms: A realistic look at the obstacles in fortifying LLMs against attacks without compromising their functionality or accessibility. Security in Layers: Drawing parallels between traditional security measures in non-LLM applications and the potential for layered security in LLMs. Advice for Developers: Practical tips for developers working on LLM-based applications to protect against prompt injection attacks. Links: Devansh on LinkedIn AI Made Simple…
 
In this episode, Joice John, Senior Product Manager at Skyflow, joins the show to discuss the complexities of managing privacy and security with unstructured data. Joice explains what unstructured data is and its distinction from structured data, and then dives into the technologies that tackle these challenges. Joice discusses the unique privacy concerns and significant security risks unstructured data poses, highlighting why they're especially tough to mitigate. Sean and Joice also discuss the support modern data lakes offer for secure unstructured data management, alongside Skyflow’s solutions for overcoming analytics challenges and protecting sensitive customer information.…
 
Daniel Wong, Head of Security and Compliance at Skyflow, is back for his third appearance. Daniel discusses his extensive career at the forefront of security engineering, having worked with industry behemoths like Oracle, Salesforce, and CrowdStrike. He discusses the critical differences in security needs between large enterprises and smaller businesses, the evolution of security technologies, and the unique challenges of ensuring enterprise-grade compliance. Daniel shares his personal experiences and the innovative security features he helped pioneer, offering listeners an insider's view of what it takes to protect some of today's leading enterprises. Links: Common Data Security and Privacy Mistakes with Daniel Wong Understanding SOC-2 Compliance and Achieving It with Skyflow's Daniel Wong…
 
This episode dives into how we can keep our texts and calls safe from scammers. Sean Falconer chats with Dave Erickson, the co-founder of Phound, which is redefining the way people connect and communicate. Dave shares why texts can easily get targeted by scams, how fraudsters hide their identity, and the tricks they use to trick people. Learn about the simple steps you can take to protect yourself from these scams. Dave also talks about how Phound is working to make our phone numbers safer by creating a self-managed contact card. Users of Phound only receive phone calls and SMS from approved contacts and they’re in control over how long someone can contact them. If you're worried about phone scams or interested in how technology is fighting back, this episode and the work Phound is doing should help. Links: Phound…
 
In this episode Rishi Bhargava, Co-founder of Descope, joins the show to delve into the intricacies of authentication and identity management. Rishi, with his extensive experience in security, spanning from McAfee to Palo Alto Networks and co-founding Demisto and Descope, shares his insights on the evolution of the security landscape and the persistent challenges surrounding password-based security. Rishi elaborates on the longevity of passwords, their inherent security weaknesses, and the efforts to bolster their security, often at the expense of user convenience. The conversation shifts to emerging alternatives like passkeys, magic links, social logins, and biometrics, exploring their mechanisms, privacy implications, and potential risks. Rishi explains the nuances of passkey technology, addressing concerns about device theft, and the transition to new devices. Rishi articulates his vision for solving unaddressed challenges in authentication and identity management, differentiating Descope from other passwordless solutions. He outlines the integration process, common migration challenges, and the factors that drive companies to switch to third-party authentication providers. Links: Confidential Computing and Secure Enclaves with AWS's Arvind Raghu…
 
In this episode Sean is joined by Pedram Naveed, Head of Data Engineering at Dagster Labs. They discuss the unique challenges and opportunities in the realm of data engineering, particularly the culture of learning and sharing within the field. Pedram discusses the traditionally guarded nature of data engineering, contrasting it with the more open-source approach in software engineering. He highlights the potential downsides of this secrecy, such as the difficulty in learning best practices and innovating. The discussion also touches on the balance companies must strike between contributing to communal knowledge and protecting valuable data and intellectual property. Pedram shares insights from his experiences at Dagster Labs, including the development of the Dagster Open Platform and its impact on fostering a culture of openness in data engineering. Additionally, they explore the future of collaboration in the field, considering emerging technologies and methodologies that could further encourage sharing and innovation over the next 5-10 years. Links: Dagster Open Platform Pedram Navid…
 
In this episode Zena Obebe, the founder of Hill Redaction Services, joins the show to discuss the critical role of document redaction in maintaining privacy and security. Zena, an expert in the field, discusses the increasing demand for document redaction across various industries, particularly in legal and medical sectors.Document redaction, the process of obscuring sensitive information in documents, is vital for compliance with privacy laws and protecting personal data. Zena sheds light on the challenges organizations face in redacting documents, emphasizing the complexity and necessity of accurately obscuring information without compromising the integrity of the document. She highlights the evolution of technology in this domain, noting how advancements in AI and automation have enhanced the efficiency and accuracy of redaction processes. Despite these technological strides, Zena cautions against over-reliance on automation, underscoring the importance of human oversight to mitigate risks. The conversation also covers best practices for effective redaction and the need for industry-specific awareness to meet legal and regulatory requirements.…
 
In this episode, Sanjeev Sharma, Product Lead from Skyflow, joins the show to explore the complex landscape of payment data residency regulations in India, focusing on the Reserve Bank of India's (RBI) 2018 mandate for local data storage and its impact on digital payments. The discussion covers the regulatory roles of RBI and NPCI, the challenges international businesses face in adapting to these regulations, and the implications for consumer data protection and business continuity. Sanjeev and Sean delve into the technical and operational hurdles companies encounter, such as interpreting intricate payment flows and modifying global IT systems for local compliance. The episode also highlights the influence of technological innovations on payment systems, like mobile penetration and UPI, and offers strategic advice for entrepreneurs navigating this regulatory environment. The episode provides a comprehensive overview of the evolving digital payment sector in India, emphasizing the importance of regulatory compliance for fostering innovation and security.…
 
In this episode a stellar panel of privacy engineering experts delve into the evolving world of privacy engineering. Saima Fancy, Senior Privacy Specialist for Ontario Health, Jay Averitt, Privacy Product Manager and Engineer at Microsoft, and Mira Olson, Privacy Architect at Doordash, bring diverse perspectives from their extensive experience in the field. They kick off the discussion with personal introductions, shedding light on their roles and contributions to privacy engineering. Jay helps tackle the fundamental question, "What is a privacy engineer?" sparking a thoughtful debate. Mira builds on this by reflecting on the evolution of the role and emerging trends in privacy engineering. Saima assesses the current maturity of the profession, highlighting areas of progress and those needing improvement. The panel discusses the challenges and opportunities facing privacy engineers, with each guest offering insights from their unique vantage points. They explore the core responsibilities and misconceptions about the role, the need for specialized skills and certifications, and the importance of interdisciplinary collaboration. Ethical considerations and the balance between user privacy and technological innovation are also dissected. The discussion dives into the growing privacy concerns surrounding AI and whether we need specialized regulations. Finally, the panel looks towards the future of privacy engineering over the next decade and what they’d change and impact they’d like to see.…
 
In this episode, Pramod Raghavendran, a privacy engineering expert with prior experience at Google and Coinbase, joins the show. Together, Sean and Pramod discuss the dynamic landscape of privacy engineering, addressing hot topics and changes since Pramod's last appearance. The conversation delves into the unique role of privacy engineers compared to security engineers, emphasizing collaboration between privacy and security teams. Pramod shares insights into how privacy functions intersect with security, governance, and data platforms. The episode also explores real-world examples, best practices, and future trends, offering a concise yet comprehensive look at the evolving relationship between privacy and other functions within organizations.…
 
In this episode, Roshmik Saha, Co-founder and CTO of Skyflow, discusses the critical importance of Personally Identifiable Information (PII) data isolation. The principle is straightforward—separate sensitive and non-sensitive data for effective data governance and privacy. The conversation covers historical origins, government use, and real-world examples from companies like Apple and Google. The episode explores why PII isolation is vital, detailing risks and consequences of not implementing it effectively. Roshmik contrasts data isolation with encryption and access control, emphasizing practicality. "Zero trust" in data security is introduced as a verification-centric approach. Challenges in isolating PII are acknowledged, with a focus on security principles. Best practices for PII isolation include a "need to know" basis and fine-grained access control. Roshmik provides advice for organizations, urging them to prioritize isolation, avoid integration pitfalls, and adopt a zero-trust mindset for enhanced data security.…
 
In this episode, we delve into developer experience (DX) and its pivotal role in data protection, security, and privacy. Ram Muthukrishnan, a product manager at Skyflow, joins the show again to share insights into DX's definition, the key elements of a great DX, and notable companies excelling in this domain. We explore the challenges developers face in implementing secure and privacy-respecting software, emphasizing the need to strike a balance between efficiency and robust security measures. The conversation extends to how a developer's role evolves when tasked with integrating privacy and security into their code and essential skills for this role. We discuss best practices for infusing privacy and security considerations into the software development process, with a reference to Google's approach in product launches. We also address common misconceptions, challenges with security tools, and how a better DX can enhance adoption. Furthermore, we highlight the significance of a positive DX in shaping data protection, especially in sectors like healthcare and finance. This episode offers a concise yet comprehensive exploration of DX's technical underpinnings and its profound impact on data security and privacy.…
 
Robin Andruss, Skyflow’s Chief Privacy Officer is back to talk about AI governance and responsible AI. We touch on recent talks Robin gave at InfoGov World and IAPP PSR on privacy-enhancing technologies and AI governance. In this episode, Robin sheds light on the pressing issues of data privacy within this new era of AI-driven product and consumer experiences. She discusses the key privacy challenges inherent to AI, highlighting the concerns voiced by privacy professionals as they navigate this evolving landscape. Robin explores how AI differs from previous technologies in terms of regulation and shares best practices for organizations to ensure data privacy when implementing AI solutions. Topics: How does data privacy relate to AI, and what are the key privacy challenges associated with AI? What are you seeing amongst the privacy professionals in terms of concern around AI? Why is AI different from perhaps other forms of technology that we’ve developed regulations for in the past? What is AI governance? What are the ethical considerations when implementing AI technologies? Can you share some real-world examples of AI applications that have raised ethical concerns? What do companies working in the AI space or those interested in integrating with AI platforms or building out new products be thinking about when it comes to AI, privacy, and governance? Why is transparency and explainability important in AI, and how can organizations achieve these goals? Are there specific tools or methodologies that can help in making AI systems more transparent and understandable? What do you think the future looks like in terms of regulating AI?…
 
In this episode, we discuss the evolving landscape of data protection, especially in the context of India's DPDP law. Kuldeep Tomar, the Head of Information Security at Games24x7, delves into the significance of safeguarding data beyond just access control, highlighting the importance of data protection itself. He discusses how data protection is a critical facet of a Chief Information Security Officer's (CISO) responsibilities and how a robust data protection strategy can enhance an organization's ability to respond effectively to data breaches, aligning with the DPDP's mandates. Topics: Many people think of cybersecurity as primarily controlling who has access to data. Why is it important to emphasize the protection of the data itself, beyond just access control? How does a strong data protection strategy improve an organization's ability to respond to data breaches or security incidents as mandated by DPDP? Discuss the importance of continuous monitoring and auditing of data access and usage, and its alignment with DPDP compliance. DPDP encourages the principle of data minimization. Can you explain what this means and how it can be practically implemented? For organizations with a global presence, how can they ensure compliance with DPDP when transferring data internationally, considering data sovereignty? What are the biggest challenges companies face when it comes to complying with data privacy regulations in APAC? What are the key challenges that companies operating in India face when it comes to complying with data privacy regulations? How do cultural differences across APAC impact data privacy practices and regulations? What do you anticipate happening in APAC with regards to privacy regulations or the focus on privacy for companies over the next 3-5 years?…
 
Former Chief Compliance and Privacy Officer of GeneDx, Murali Mani, joins the show to discuss data privacy in healthcare. Murali spent over 15 years working in privacy and healthcare across companies like Philips, IBM, and GeneDx. In this episode he shares his thoughts on common misconceptions about data privacy in healthcare, breaks down which regulations apply to which type of company, history of privacy in healthcare, and the challenges companies face with compliance and data protection. Topics: What are some common misconceptions or misunderstandings about data privacy in healthcare that you often encounter? How has the landscape of healthcare data privacy evolved in recent years, and what new challenges have emerged Traditionally security and privacy in health is not tightly controlled. Why is that? Historically, how do pharma and drug companies manage and secure personal data? What’s the problem with attempting to manage privacy challenges with purely written policies? How can companies accelerate compliance and prioritizing privacy? How can companies build trust and transparency with patients and data subjects? How does gen AI play a role? What’s the future look like for companies in this space? If you were advising a company today, what would your suggestion be for managing this problem?…
 
Sam Sternberg, Customer Programs Lead at Skyflow, joins the show to discuss the world of privacy and security at scale within large enterprises. We explore the complex infrastructure, regulatory challenges, and evolving technologies that these giants face in protecting customer and employee data. From managing expansive data infrastructures and international privacy regulations to securing data in the cloud, both multi-cloud and hybrid cloud and harnessing AI, we provide insights and best practices for safeguarding sensitive information. Check out the episode to delve into the technology and people-centric approaches to privacy and security within the data landscape of large organizations. Topics: When we’re talking about a large enterprise, can you paint a picture for what the infrastructure of these companies might look like? How many databases, servers, and people are involved? What are the fundamental differences between data management in small to medium-sized businesses and large enterprise organizations, especially concerning security and privacy? How does the scale and complexity of data infrastructure in large companies impact their ability to maintain data privacy and security effectively? What are the main regulatory frameworks that enterprise companies must navigate, and how do these impact data management strategies? Large enterprises often have extensive data lakes and warehouses. How can these organizations ensure the confidentiality, integrity, and availability of their data in such environments? With the increasing adoption of cloud services, how should large enterprises approach cloud security and privacy concerns, especially in multi-cloud or hybrid cloud environments? Could you share some best practices for securely managing customer and employee data, considering the unique challenges faced by big companies in this regard? How has the adoption of artificial intelligence and machine learning impacted data security and privacy practices in large organizations, and what precautions should they take when implementing these technologies? Many large enterprises operate globally. How does managing security and privacy requirements across different countries and regions impact their strategies and challenges? What emerging trends or technologies do you foresee having a significant impact on data security and privacy in large enterprises in the near future?…
 
In this episode, Ram Muthukrishnan, Senior Product Manager at Skyflow, joins the show to delve into the fundamental aspects of data protection. Ram demystified key concepts like redaction, masking, and encryption, shedding light on their significance in the world of data protection. Ram walked us through the practical applications of these techniques and their role in ensuring data privacy and security in today's digital landscape. Topics: Why is it important to protect sensitive customer data? What are the key differences between redaction, masking, encryption, and tokenization as data protection techniques? How does data redaction work, and in what scenarios is it typically used? What’s it mean to mask data and what are the different approaches? Can you break down the basics of encryption for our listeners? What are the primary differences between symmetric and asymmetric encryption, and when should each be used Tokenization is often associated with payment data. Could you explain how tokenization replaces sensitive data with tokens and its advantages? When does it make sense to use tokenization versus something like encryption? What advantages or disadvantages are there to tokenization? Access control is a critical aspect of data protection. How does it work, and what are some best practices for implementing effective access control measures? How can organizations balance the need for data security with the requirement for data accessibility by authorized personnel? Are there any common misconceptions or challenges when it comes to implementing these data protection techniques? What are some emerging trends or technologies in the field of data protection that we should be aware of? Resources: Confidential Computing and Secure Enclaves with AWS's Arvind Raghu Secure Multi-Party Computation Explained with Skyflow's Liz Acosta Homomorphic Encryption with Skyflow’s Avradip Mandal…
 
Loading …

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

 

icon Daily Deals
icon Daily Deals
icon Daily Deals

راهنمای مرجع سریع

در حین کاوش به این نمایش گوش دهید
پخش