What you don’t know, may hurt you – John Hughes – Ep 20

We are all familiar with the saying “what you don’t know, won’t hurt you”. Well in the world of data management, security and privacy the opposite is most definitely true.

For most of us, as our organisations become more digital, we are increasingly realising the value of our data, how big an asset it is and how important maintaining it is.

However, although we understand how valuable our data is, we actually have very little insight into what is happening to it on a day to day basis.

Ask yourself, do you know exactly what data you have across your business, do you know exactly who has access to it, where it is stored, when it gets accessed, if it even gets accessed and when it’s accessed what gets done with it?

In my time administering IT systems, or working with those that do, I’ve lost count of the amount of times I’ve been asked “who changed that file”, “who deleted that file?”, “can you tell me the files that a user has accessed and copied to a USB stick?” the answer is normally no, and it’s normally no, because our standard storage solutions can’t tell us.

Imagine a logistics company asking questions like, “who’s driving that lorry”, “who was the last person to drive it?”, “where is Fred taking that lorry?”, “can you tell me the type of lorries we have?” and been told, no, we don’t know any of that information, ridiculous right? Yet we do that with our data asset.

We have talked in recent episodes about the threat to our data security and privacy, be it policies or procedures or our people. Just as significant a threat is the inability to fully understand what is going on with our data sets, a lack of insight and analysis means it’s very easy for our data to be abused, lost and stolen without us having the slightest knowledge of it happening.

That’s our focus this week, in the last of our data security & privacy episodes, I chat withjohn hughes John Hughes of Varonis. Varonis provide data analytics and insights into how we use our data, what our data is, who is using it, what it’s used for and if it’s even used at all.

We discuss a little of the history of Varonis, why data insight is so critical, why it’s a cornerstone of our ability to meet compliance requirements and how it’s a crucial part of our defence against data security attacks.

Enjoy the show and thanks for listening.

To find out more about Varonis;

Check out varonis.com

Have a look at their excellent range of BLOGS at blog.varonis.com and of course follow them on twitter @varonis

You can also request a free GDPR data assessment via their website

If you want to learn more about any of the topics in this series, and you are in the North West England on April 5th, you can join me and a range of speakers at www.northwestdataforum.co.uk

You can find the previous 3 episodes in this series here;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

Make People Our Best Data Security Asset – Dom Saunders – Ep 19

If you’ve enjoyed this episode, then why not subscribe;
Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

Make People Our Best Data Security Asset

Losing USB sticks, leaving laptops on trains, installing malware, clicking phishing links. From maliciousness to stupidity, our people are a constant problem. In fact people are our biggest data security issue aren’t they?

Aren’t they?

We have to ask ourselves, are we doing all we can to help our people? Rather than seeing them as a security problem, have we thought about how we can make them an asset as we continually look to take on the threats to our critical data?

That’s the subject of this week’s podcast, as I chat with Dom Saunders from NETconsent.dom saunders

NETconsent specialise in the human side of technology, ensuring users are fully up to date with policies and procedures, as well as continually educated about new threats and solutions.

Our people can be a huge benefit in our data security and privacy plans. In this episode we look at why many IT policies fail, the risks that poor procedures introduce, why education is so critical and how to make sure our people are getting access to the best help they can.

We wrap up looking at 5 steps you can take to make sure your users are a data security asset rather than a risk.

To find out more about NETconsent then check the NETconsent website.

To see how other businesses have worked with their people, have a look at these case studies.

You can also catch up with NETconsent on twitter @NETconsent

This is the third show in our series on data privacy and security – if you’d like to catch the other two episodes, you can here;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

There is no doubt that there are many difficulties presented to organisations when it comes to their data.

We understand it’s an asset, something that, if we make the most of it, can be a significant advantage to us, but of course we also understand maintaining the security and privacy of it is critical.

I think it’s fair to say, as organisations and IT professionals we are becoming much more mature in our attitudes to data privacy and security and we understand more than ever the risks posed to it.

This increased level of maturity is going to become even more important, especially with significant regulation changes on the horizon and none are more significant than the EU’s General Data Protection Regulation (GDPR).

In this weeks podcast, the second part of my conversation with Global Data Protection Attorney Sheila Fitzpatrick (You can find part one here), we discuss exactly what GDPR is going to mean to us as organisations, including those organisations that are outside of the EU (including the impact on the UK).022617_1150_Besttakecar1.jpg

Not only do we look at the impacts of the legislation, Sheila also shares with us some of the initial steps you can take to start to build robust data privacy policies.

How important it is to get the foundation right. How we need to understand our data, where we get it from, how we get it and what we keep and how this is much more important, initially, than finding technology tools to deal with the problem. Build the foundation before you build the second floor!

We also explore how data privacy and GDPR is NOT the problem of IT, it’s a business challenge, IT are certainly a key part in helping to deliver security, privacy and compliance, but it not an issue to throw back at IT to solve.

I hope you’ve found these two episodes with Sheila useful in providing an outline of the problem, as well as some of the steps you can take to address it.

If you want to catch up more with Sheila, you can find her on twitter @sheilafitzp and on Linkedin.

Next week, we look at a different part of the data security challenge, People.

I chat with Dom Saunders from NETconsent as we look at how we can make our people a key asset in dealing with the data challenge.

If you want to make sure you don’t miss that episode, then please subscribe on iTunes, Soundcloud or wherever you get your podcasts.

Thanks for listening…

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Data, it’s the new oil, new gold, your Crown Jewels. We’ve all heard these phrases, but it is hard to deny that data is a fantastic asset, companies who know how to mine true value from it have a distinct advantage over their competitors and we are continually creating more of it.

However, it’s fair to say that data also comes with its challenges, we must store it all, make sure we protect it all and of course we need to make sure it’s secure.

The challenge of data security and privacy is right at the top of the list of priorities for most IT executives, and, if it isn’t already, it should be high on the list of priorities for business owners and boards as well.
Maintaining the security and privacy of our data is going to continue to be a complex problem, from the multi-faceted security threat, to the introduction of more stringent data privacy laws.

To try to help to address this, this week’s podcast is the first of a short series focussing on the twin challenges of data security and privacy. First is a two-part episode exploring the issue of Data Privacy, with my guest Global Data Privacy Attorney Sheila Fitzpatrick.

Sheila is NetApp’s Chief Privacy officer and World Wide Data Governance and Privacy Council, and has nearly 35 years of experience in the field of data privacy, so is well placed to comment on the current data privacy landscape, the challenges of managing data and the issues presented by changing regulation.

In this first part, we look at what data privacy is, what defines personal data, why it’s important to understand the full lifecycle of your data management procedure, the difference between data security and privacy, as well as an introduction to the upcoming EU General Data Protection Regulation (GDPR).

Sheila couples her huge experience of data privacy with a tremendous enthusiasm for her topic, which makes her a fantastic person to learn from. Enjoy the episode.

If you want to catch up more with Sheila, you can find her on twitter @sheilafitzp and on Linkedin.

Next week we’ll be focussing on the biggest change to data privacy in the last 20 years, the EU General Data Protection Regulation (GDPR), its impact, what it means to us and how to start to build a data privacy strategy.

If you want to make sure you don’t miss that episode, then please subscribe on iTunes, Soundcloud or wherever you get your podcasts.

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

When Public Cloud Isn’t The Answer – Matt McSpirit – Ep 16

The power, flexibility, scale and simplicity that comes with “cloud” services is something that many of us have embraced.

The ability to deliver quickly and easily, complicated application and platform infrastructures is very appealing, especially for those of us who are continually challenged to deliver solutions to business problems ever more efficiently.

Public cloud providers like Microsoft, Amazon, Google and IBM are a great answer to many of the modern technology challenges we are faced with, but, what happens when public cloud can’t be the answer to our challenge?

There are many reasons that a public cloud solution isn’t right,technical, commercial or of course, security driven, privacy and data sovereignty are concerns of many a business as they consider cloud.

What do we do? we can see the benefit, but also understand why we can’t take advantage of the solution.

The answer?

Build your own, deliver your own on-premises cloud solution. But How? how do I build my own Microsoft Azure, where on earth do I start?

Well you’ve come to the right place, in part two of my conversation with Microsoft Technical Evangelist Matt McSpirit, we discuss Azure Stack, Microsoft’s forthcoming private cloud converged solution, currently available in Technical Preview, ahead of it’s launch later this year, Azure Stack gives you all of the flexibility and deployment efficiency of Azure, with all the control, security and privacy of delivering it from your own data centre.021317_1151_EmbracingDe1.jpg

In this episode we discuss  what Azure Stack is, who it is (and is not) for, as well as how you to get your hands on it.

It’s a fascinating technology solution and Matt provides great insight into why it may be for you and how you get started finding out.

Enjoy the show.

Matt mentioned a range of resources that you can get your hands on to find out more about Azure Stack;

The Main Azure Stack page for more background and detail on the solution

Click here to access the Azure Stack Tech Preview

Check out the very informative sessions from Microsoft Ignite.

You can find Matt on Twitter @mattmcspirit

And if  you missed part one of our chat, don’t worry, it’s here .

If you enjoyed the show and want to make sure you don’t miss the next one, then why not subscribe on iTunes or Soundcloud or wherever else you get your podcasts.

Thanks for listening.

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

 

 

DevOps Hipster

IT loves a trend and right now there is nothing more hipster than DevOps, it’s a constant topic of conversation, there’s even a DevOps novel (check out the excellent Phoenix Project), but why, what is it all about, can I buy myself a DevOp?

It’s a topic that I’ve just started to learn about and thought that I’d share what I’ve found so far by way of a DevOps intro BLOG.

Let’s start with what DevOps isn’t;

You can’t buy a DevOps

It certainly is not a product, you won’t find a DevOps as a SKU from your favourite IT supplier, nope you certainly can’t go buy a DevOps.

It’s not a framework

I don’t think DevOps is a framework or a methodology either, it’s not an ITIL or Agile, it’s not a set of processes laid down that you qualify in and follow. This isn’t a criticism of those approaches, but if that’s what you want, then you won’t get that with DevOps. It can certainly be a part of a methodology, a DevOps culture in a more formal framework I would suggest is fine, but it isn’t a framework in itself.

What is it then?

If you can’t buy it and it isn’t a framework, then what it?

I referenced earlier The Phoenix Project, which is, genuinely, an IT novel that looks at the trials and tribulations of our hero Bill Palmer at Parts Unlimited, a fictional account of project delivery in business (it is much more engaging than it sounds!), A friend of mine said;

“if you’ve not read The Phoenix Project you probably don’t understand the challenges of your customers”

Now while that may be a little strong, certainly reading it has given me a whole different view of how modern businesses technology departments are challenged. In a world that changes increasingly quickly, we cannot allow our competition to be more agile than we are, delivering services faster and better and taking our customers with them.

In my opinion, it’s an attitude, a cultural shift, a different way of working, of attacking the problems we are presented with. It’s the idea of bringing together disparate groups inside an organisation to ensure the delivery of better and more timely solutions to solve the challenges that modern organisations face.

Why is DevOps even a thing?

For many of us working in IT it’s fair to say we’ve seen real changes over the last few years in how we deliver technology, be it virtualisation as a more flexible way of deploying servers and desktops. Smartphones, which have changed the way we interact with technology and consume applications or, of course, the cloud.

The way we consume cloud applications and infrastructure is possibly the final nail in the coffin of “traditional” IT deployment, we need a new server, bit of software or service, what do we do? wait 6 months for traditional IT to deliver? or do we jump over to AWS or Azure, credit card In hand and order it, having it delivered in minutes and ready to go.

These changes have moved us from a world where we were OK with an IT project taking months to deliver, to one where, if we do that today, we’d probably be looking for a new job.

It is this that has driven the need for, not only an organisations IT team, but for the entire organisation to look at new ways to react more quickly to changing business needs and challenges.

How do we make sure Internal IT doesn’t become redundant?

How do we then make sure that as an IT team, or even as an organisation, we don’t become redundant?

Let’s face it, we love the convenience of the app store or a cloud deployment, so why wouldn’t we want that in our business? Why not be able to deliver a new service with a couple of clicks, a system that is automated, built on templates, accessed by a catalogue and deployed the same way every time, it has lots of benefits, from efficiency to security, so we are all doing it aren’t we?

Well maybe not, because, it can be hard, our developers aren’t talking to test, who aren’t talking to infrastructure teams and often IT isn’t talking to the business and the business isn’t talking to IT. The more responsive our organisations need to be to challenges, the less acceptable this becomes and the more pressure IT comes under to deliver, often leading to short cuts which can lead to problems and failures.

It is this that has made IT and business sit up and look at new ways of delivering solutions and of course DevOps is one such way. An approach that allows us to speed up and de-risk project delivery, encourage better communication between what the business needs and how those deploying technology can help them to achieve it, as we all know modern IT cannot be the department that says “no” to everything.

To do that we need to embrace new practices, technologies and ways of working, but importantly, not just IT, the entire business needs to embrace this way of thinking or else it will fail.

But we don’t do development, is there a point to DevOps?

Maybe the most fascinating part of DevOps for me, Is I think it goes beyond just ways to get software delivered faster, it can definitely stretch more into the daily lives of IT departments in more “traditional businesses”.

If we look at DevOps practices, like deployment templates and desired state configurations, we can adopt them right into daily operations, the idea that my deployments are delivered against my company standard, every single time is very attractive. Think about securing data, having the ability to have a desired and secure state quickly re-applied to a machine is very powerful, both from a management and audit perspective.

Is DevOps for me?

Of course, I couldn’t say and I’m certainly no DevOps expert, but from what I’ve seen so far, the DevOps mentality certainly has significant benefit as we look to modernise how we manage and deliver technology to our businesses and in my opinion moves beyond the scope of just software development, I can see possibilities in how we run our IT in organisations of all types.

And whether it’s DevOps or something else, there is no doubt, to ensure we remain relevant to our organisations, we need to modernise our approach to IT, how we talk to our businesses, how we understand their needs and how we ensure we get solutions into our organisations quickly.

I hope these initial DevOps thoughts have answered some of your basic questions and if you want to find out more, I can certainly recommend The Phoenix Project and below I’ve pointed out a couple of other useful resources giving a range of insights into starting a DevOps practice.

Thanks for reading.. now go buy yourself a DevOp!

Microsoft Channel 9 DevOps Channel

Tech Interviews Intro to DevOps with Richard Fennel of Blackmarble

A great 20 minute video discussing DevOps from NetApp Insight (Where you may hear the quote I mentioned earlier!)

Gene Kim’s The Phoenix Project

Release your inner dev child with DevOps – Richard Fennell – Ep 14

This is the second of our series of episodes looking at emerging technology trends and this week we jump in with one of the most high profile, DevOps.

I attended an event recently ran by Microsoft partner Blackmarble discussing building a DevOps practice using Microsoft tools. There was some great stuff covered so after the event I grabbed a little bit of time with Blackmarbles’ Engineering Director Richard Fennell.

I have a fuller BLOG post talking about DevOps coming soon, but it’s fair to say that as a trend and way of working, DevOps, in my opinion, is something well worth understanding. Although DevOps was certainly born from a need to change software development and delivery practices, I personally wouldn’t ignore the topic just because you are not a developer or in IT operations, I think there is an awful lot that we can take from DevOps across all parts of our business as we look to be more efficient and effective in the way we meet challenges.

During our chat we discussed definitions of DevOps, what it is and what It isn’t and why we should look at it, what problems are we solving and we also consider some principles that we need to look at to start building a DevOps practice in our business.

Do enjoy the episode, I think Richard gives a great introduction for those looking to develop an initial understanding of DevOps and also some great practical steps you can take to get started, as I said, don’t think of DevOps as just something for software developers, the development of a DevOps culture across a business can have much more wide ranging benefit than that;

If you want to find out more about Richard, Blackmarble and developing a DevOps practice then check out the following resources;

To find out more about Blackmarble and DevOps try here

For some practical tips, try the Blackmarble BLOGS

And lastly if you want to stalk Richard on Twitter you can find him @richardfennell

If you have any other questions or comments on the show, then please leave a comment on the site or find me @techstringy

Next week is the first of two episodes speaking with Microsoft Technical Evangelist Matt McSpirit (@mattmcspirit) first up we share more DevOps love as we discuss the Microsoft view and how it’s changing their approach to the world and the following week we look in detail at AzureStack.

If you want to make sure you don’t miss it, or you’ve enjoyed this week then please subscribe to the show;

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss