Artwork

Player FM - Internet Radio Done Right

17 subscribers

Checked 10M ago
اضافه شده در three سال پیش
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
icon Daily Deals

Understanding SOC-2 Compliance and Achieving It with Skyflow’s Daniel Wong

37:19
 
اشتراک گذاری
 

Manage episode 362928436 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

In today's digital age, data privacy and security have become critical concerns for companies of all sizes. One way for companies to demonstrate their commitment to protecting customer data is by achieving SOC-2 compliance. But what exactly is SOC-2, and how can companies achieve it?

To answer these questions, Daniel Wong, Head of Security and Compliance at Skyflow, joins the show to share his insights into SOC-2 compliance and the steps companies can take to achieve it.

Throughout the interview, Daniel explains what SOC-2 compliance is, why it's important, and how it differs from other compliance standards. He also walks us through the key steps businesses can take to achieve SOC-2 compliance, including risk assessment, gap analysis, and remediation.

Daniel also highlights the benefits of using Skyflow's platform to achieve SOC-2 compliance, such as its ability to help companies protect sensitive data while still enabling secure data sharing. He also discusses the challenges that businesses may face when pursuing SOC-2 compliance and how to overcome them.

Whether you're a business owner or a data privacy professional, this interview with Daniel Wong provides valuable insights into SOC-2 compliance and how to achieve it.
Topics:

  • Can you explain what SOC-2 compliance is, and why it's important for businesses to achieve it
  • What’s the difference between SOC-2 Type 1 and Type 2?
  • How do these compare to ISO 27001?
  • How does SOC-2 compliance differ from other compliance standards, such as PCI DSS or HIPAA?
  • What are some common challenges that businesses face when pursuing SOC-2 compliance, and how can they overcome them?
  • Can you walk us through the key steps that businesses need to take to achieve SOC-2 compliance?
  • Skyflow Data Privacy Vault is SOC-2 compliant, how long did that take and what was involved?
  • What’s that mean for our customers that want to achieve SOC-2 compliance?
  • What advice would you give to businesses that are just starting their SOC-2 compliance journey?
  • With something like a car, I can’t just manufacture a car in my house and start selling it. There’s certain inspections from a safety perspective that I have to pass. Do you think software needs more requirements like this before you can just launch something and start having people use it?
  • Where do you see standards like SOC-2 going in the future?

Resources:

  continue reading

76 قسمت

Artwork
iconاشتراک گذاری
 
Manage episode 362928436 series 3386287
محتوای ارائه شده توسط Skyflow. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Skyflow یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

In today's digital age, data privacy and security have become critical concerns for companies of all sizes. One way for companies to demonstrate their commitment to protecting customer data is by achieving SOC-2 compliance. But what exactly is SOC-2, and how can companies achieve it?

To answer these questions, Daniel Wong, Head of Security and Compliance at Skyflow, joins the show to share his insights into SOC-2 compliance and the steps companies can take to achieve it.

Throughout the interview, Daniel explains what SOC-2 compliance is, why it's important, and how it differs from other compliance standards. He also walks us through the key steps businesses can take to achieve SOC-2 compliance, including risk assessment, gap analysis, and remediation.

Daniel also highlights the benefits of using Skyflow's platform to achieve SOC-2 compliance, such as its ability to help companies protect sensitive data while still enabling secure data sharing. He also discusses the challenges that businesses may face when pursuing SOC-2 compliance and how to overcome them.

Whether you're a business owner or a data privacy professional, this interview with Daniel Wong provides valuable insights into SOC-2 compliance and how to achieve it.
Topics:

  • Can you explain what SOC-2 compliance is, and why it's important for businesses to achieve it
  • What’s the difference between SOC-2 Type 1 and Type 2?
  • How do these compare to ISO 27001?
  • How does SOC-2 compliance differ from other compliance standards, such as PCI DSS or HIPAA?
  • What are some common challenges that businesses face when pursuing SOC-2 compliance, and how can they overcome them?
  • Can you walk us through the key steps that businesses need to take to achieve SOC-2 compliance?
  • Skyflow Data Privacy Vault is SOC-2 compliant, how long did that take and what was involved?
  • What’s that mean for our customers that want to achieve SOC-2 compliance?
  • What advice would you give to businesses that are just starting their SOC-2 compliance journey?
  • With something like a car, I can’t just manufacture a car in my house and start selling it. There’s certain inspections from a safety perspective that I have to pass. Do you think software needs more requirements like this before you can just launch something and start having people use it?
  • Where do you see standards like SOC-2 going in the future?

Resources:

  continue reading

76 قسمت

همه قسمت ها

×
 
In this episode, Sean sat down with Jack Godau to dive deep into the world of pseudoanonymization. They started by discussing Jack's career trajectory working with highly sensitive data and how that experience shapes his engineering mindset. Jack shared how pseudoanonymization differs from anonymization, explaining its value for maintaining data utility while complying with stringent regulations like GDPR. Jack also walked us through the challenges and key components of building a pseudoanonymization engine, including the complexities of handling re-identification risks, ensuring scalability, and optimizing performance for large datasets. He shared insights on the trade-offs between data protection and usability, and whether building these systems in-house is worth the investment for startups. Finally, they explored where the field is heading, especially as data privacy concerns continue to grow.…
 
In this episode, Sean sits down with Ben Burkert, Co-founder and CTO of Anchor, to dive into the world of certificate management and internal TLS. We explore how certificates and TLS function, the inherent difficulties in managing internal TLS certificates, and why nearly every engineer has a horror story related to it. Ben also shares insights into how Anchor is addressing these challenges and making internal TLS certificate management simpler and more reliable. Key Topics: Understanding Certificates and TLS: Basics of how certificates and TLS work. The role of TLS in securing internal communications. The Challenges of Internal TLS Certificate Management: Why managing internal TLS certificates is so difficult. Common pitfalls and challenges engineers face. Engineer Horror Stories: Real-world examples of certificate management gone wrong. The impact of these failures on teams and organizations. How Anchor is Fixing the Problem: Anchor’s approach to simplifying internal TLS certificate management. Key features and benefits of Anchor’s solution. If you've ever struggled with internal TLS certificates or are looking for a way to avoid the pain altogether, Ben’s expertise provides a clear path to overcoming the challenges of certificate management with a modern, reliable approach. Resources: https://anchor.dev/ https://lcl.host/…
 
In this episode, we sit down with Ori Rafael, CEO and Co-founder of Upsolver, to explore the rise of the lakehouse architecture and its significance in modern data management. Ori breaks down the origins of the lakehouse and how it leverages S3 to provide scalable and cost-effective storage. We discuss the critical role of open table formats like Apache Iceberg in unifying data lakes and warehouses, and how ETL processes differ between these environments. Ori also shares his vision for the future, highlighting how Upsolver is positioned to empower organizations as they navigate the rapidly evolving data landscape.…
 
In this episode, Sean Falconer is joined by Aubrey King, solutions architect and community evangelist at F5, to discuss the top 10 security issues for LLM applications. They explore critical threats such as prompt injections, insecure output handling, and training data poisoning, among others. Aubrey provides insights into why these issues arise, the attacks being observed, and the methods used to mitigate these risks. This episode is essential listening for anyone interested in the security of large language models and their applications.…
 
In this episode, host Sean Falconer sits down with Eric Flaningam, a researcher at Felicis Ventures, to explore the fascinating world of data warehouses. They dive into the history, evolution, and future trends of data warehousing, shedding light on its importance. Key topics discussed include an overview of the article "A Primer on Data Warehouses," and the definition and key characteristics of data warehouses. They also cover the historical evolution and major milestones in data warehousing, the shift from batch processing to real-time data, and the convergence of data warehouses and SQL. Eric and Sean discuss the impact of unstructured and complex data, advancements in technology and their effect on data warehouses, and the technical architecture and components of a typical data warehouse. They share real-world benefits and use cases of data warehouses, common challenges in implementing and maintaining data warehouses, and future trends and the influence of AI and machine learning on data warehouses. For further reading, check out Eric Flaningam’s article, A Primer on Data Warehouses: https://www.generativevalue.com/p/a-primer-on-data-warehouses…
 
Join us as we chat with Tim Jensen, a privacy enthusiast, about personal online security. Tim shares his journey to becoming a privacy advocate and teacher and provides insights into the common mistakes people make with passwords. We discuss why passwords have persisted for over 60 years, the issues with current password creation methods, and the balance between complexity and usability. We also explore strategies to protect personal information beyond just using better passwords. Finally, Tim shares his thoughts on future approaches to password and identity protection.…
 
In this episode Sean welcomes Brian Vallelunga, CEO and founder of Doppler, to discuss secrets management. Brian shares the journey of founding Doppler, a company dedicated to securing sensitive data such as API keys and credentials. Sean and Brian discuss the nuances of secrets management, its distinction from password management, and the importance of dedicated services for safeguarding secrets. The episode also addresses the alarming rise in data breaches, common mistakes companies make, and essential practices for managing secrets effectively. Brian offers expert advice on protecting secrets, the necessity for secret rotation, and the future of secrets management.…
 
In this episode, Sean is joined by Eric Dodds, Head of Product Marketing at RudderStack, to dive into the world of data management, data pipelines, and common data mistakes. Eric shares his insights on when organizations should transition from basic tools like spreadsheets to a more sophisticated data stack, including data warehouses and modern tooling. They discuss the challenges businesses face in data management, specifically about coming up with a common set of definitions that an organization is aligned around. They also discuss how to address these issues, and the importance of secure handling of customer data. Eric also provides an overview of RudderStack, its open-source approach, and the value it brings to managing customer data. Eric shares a ton of practical advice on building and optimizing your data infrastructure.…
 
In this episode, Kirk Marple, CEO and Co-founder of Graphlit, joins the show. Sean and Kirk dive into the world of unstructured data management, discussing the evolution and current challenges in the field. While structured data has been well-handled since the 1970s, 80-90% of the world’s data remains unstructured, with predictions of 175 billion terabytes by 2025. Despite this vast amount, companies struggle to utilize it effectively due to immature tools and processes. Graphlit was founded to address this gap, providing scalable, maintainable systems with enhanced observability to handle unstructured data efficiently. Kirk discusses the challenges in data security and privacy when building RAG-based applications. He discusses some of their exploration into PII scrubbing and also controlled access to the vector embeddings based on the roles of a user. Finally, looking forward, Kirk shares insights into the future of Graphlit and their continued focus on enhancing the accessibility and utility of unstructured data for businesses across various industries.…
 
In this episode, Jake Moshenko, CEO and co-founder of AuthZed, joins the show to explore the world of user permissions at scale. Inspired by Google's Zanzibar, AuthZed aims to tackle the challenges of authorization - a less common focus compared to authentication in the tech industry. Jake discusses the initial simplicity and subsequent complications in role-based permission models, where businesses often struggle as they scale and need more nuanced access controls. He explains the Zanzibar paper from Google and the technical challenges with implementing the approach successfully. He explains how AuthZed facilitates a flexible and maintainable permission system and how companies get started.…
 
In this episode host Sean Falconer is joined by Aaron Painter, CEO of Nametag, to explore the evolving threat and potential of AI deepfakes. They discuss the increasing sophistication of deepfake technology, highlighted by the significant rise in incidents such as the Retool hack, and how these technologies can manipulate public perception and security. Aaron discusses the development of technologies to both create and detect deepfakes, discussing the arms race that pits innovation against security. Aaron shares insights into how his company, Nametag, is at the forefront of combating deepfake fraud by protecting identity data and providing solutions for both companies and individuals to safeguard themselves. They conclude with thoughts on the future, discussing the ongoing technological advancements that are expected to play a crucial role in the fight against deepfakes, aiming to balance innovation with security in the digital landscape.…
 
In this episode we’re joined by Shubh Sinha, CEO and Co-founder of Integral, to discuss the protection and utilization of sensitive health data. Shubh shares insights from his varied career in sales, engineering, and product management, and dives into the challenges of maintaining privacy and security in healthcare. The conversation covers HIPAA regulations, the balance of securing data while keeping it accessible, and the role of generative AI in healthcare innovations. Tune in for a detailed look at how technology is shaping the future of patient treatment and data privacy.…
 
In this episode, we dive into the world of MLOps, the engine behind secure and reliable AI/ML deployments. MLOps focuses on the lifecycle of machine learning models, ensuring they are developed and deployed efficiently and responsibly. With the explosion of ML applications, the demand for specialized tools has skyrocketed, highlighting the need for improved observability, auditing, and reproducibility. This shift necessitates an evolution in ML toolchains to address gaps in security, governance, and reliability. Jozu is a platform founded to tackle these very challenges by enhancing the collaboration between AI/ML and application development teams. Jozu aims to provide a comprehensive suite of tools focusing on efficiency throughout the model development and deployment process. This conversation discusses the importance of MLOps, the limitations of current tools, and how Jozu is paving the way for the future of secure and reliable ML deployments. Resources: Jozu KitOps…
 
In this episode, we dive deep into the world of prompt injection attacks in Large Language Models (LLMs) with the Devansh, AI Solutions Lead at SVAM. We discuss the attacks, existing vulnerabilities, real-world examples, and the strategies attackers use. Our conversation sheds light on the thought process behind these attacks, their potential consequences, and methods to mitigate them. Here's what we covered: Understanding Prompt Injection Attacks: A primer on what these attacks are and why they pose a significant threat to the integrity of LLMs. Vulnerability of LLMs: Insights into the inherent characteristics of LLMs that make them susceptible to prompt injection attacks. Real-World Examples: Discussing actual cases of prompt injection attacks, including a notable incident involving DeepMind researchers and ChatGPT, highlighting the extraction of training data through a clever trick. Attack Strategies: An exploration of common tactics used in prompt injection attacks, such as leaking system prompts, subverting the app's initial purpose, and leaking sensitive data. Behind the Attacks: Delving into the minds of attackers, we discuss whether these attacks stem from a trial-and-error approach or a more systematic thought process, alongside the objectives driving these attacks. Consequences of Successful Attacks: A discussion on the far-reaching implications of successful prompt injection attacks on the security and reliability of LLMs. Aligned Models and Memorization: Clarification of what aligned models are, their purpose, why memorization in LLMs is measured, and its implications. Challenges of Implementing Defense Mechanisms: A realistic look at the obstacles in fortifying LLMs against attacks without compromising their functionality or accessibility. Security in Layers: Drawing parallels between traditional security measures in non-LLM applications and the potential for layered security in LLMs. Advice for Developers: Practical tips for developers working on LLM-based applications to protect against prompt injection attacks. Links: Devansh on LinkedIn AI Made Simple…
 
In this episode, Joice John, Senior Product Manager at Skyflow, joins the show to discuss the complexities of managing privacy and security with unstructured data. Joice explains what unstructured data is and its distinction from structured data, and then dives into the technologies that tackle these challenges. Joice discusses the unique privacy concerns and significant security risks unstructured data poses, highlighting why they're especially tough to mitigate. Sean and Joice also discuss the support modern data lakes offer for secure unstructured data management, alongside Skyflow’s solutions for overcoming analytics challenges and protecting sensitive customer information.…
 
Loading …

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

 

icon Daily Deals
icon Daily Deals
icon Daily Deals

راهنمای مرجع سریع

در حین کاوش به این نمایش گوش دهید
پخش