At your data’s service – Dave Sobel – Ep 24

I think we all accept that as individuals, businesses and organisations, the way we see our data is changing, more than ever we see it as an asset and like any asset we see it as something to treat carefully, ensuring it is stored properly, secured, protected and of course something we are getting value from.

A big part of this shift is driven by the technology industry itself, tools, technologies and services are now available that allow us to use our data in ways that previously we had not been able to.

However, it is not just that these technologies exist that is driving this change, but it is how much more readily available these tools and services now are and this is mainly due to a new breed of service providers.

This is the focus of this week’s podcast, as I’m Joined by Dave Sobel, Sr. Director of Community and Field Marketing at SolarWinds MSP.

Dave has a wide experience in the technology industry, having both operated his own service provider and now with the provider of a global platform used by service providers and end users around the world.

In this episode, we talk about how the way we use our data is changing and how this is driving not only great new opportunities for business, but also creating a new breed of service providers and platforms to support new and inventive ways for us to make the very most from our data assets.

We talk about the evolution of what we think of as a computer from mine and Dave’s shared Commodore 64 experience to modern voice interfaces and how this evolution is changing how we collect and use data. But even with this change, we look at how the data and the information is the only thing that matters, that those devices are no longer that important to us.

We also discuss how the technology conversation in organisations is changing, how today technology decisions are not just with IT, but with application and service owners who are asking how to gain more insight from the data they collect and how technology can drive success in their parts of an organisation.

Finally, we look at security, how the complex security challenge is also driving a new breed of services and the things that you should consider before you take a new service into your organisation.

Dave also shared the difference between security advice from non-experts and those that truly understand the threat, summed up brilliantly in the graphic below.

I think Dave provides a great insight into the changing data market and the part that service providers play in allowing us to do the very best with our valuable data assets.

I hope you enjoyed it.

If you want to follow Dave online you can find him on twitter @djdaveet

His company SolarWinds MSP can be found here

You can of course contact me in all the usual places.

If you enjoyed the show, why not subscribe on SoundCloud, iTunes and all other homes of podcasts.

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

What I’ve Learned About GDPR

The EU’s General Data Protection Regulation (GDPR) that comes into effect in May 2018 is a subject that has moved to the top of many a list of priorities and is going to have a major effect on how we handle personal data.

Over the last year, I’ve spoken with businesses about their data security, how to avoid data loss, leaks and insider threats. However, over the first 3 months of this year (2017) this conversation, driven by GDPR, has shifted to compliance and privacy.

However, it’s evident that not everyone is either aware of the forthcoming changes or how to build privacy and security policies to deal with the complex problems it presents.

Over the last few months I’ve been pretty absorbed in the world of GDPR and thought it’d be useful to share a few of the things I’ve learned that may help you with your own privacy and security strategy.

It’s complicated

GDPR is a complicated bit of legislation, its scope is vast and too some degree we will all be affected, whether as organisations having to sort out our compliance or as individuals whose data will fall under the scope of the regulation, we will see lots of changes.

Remember it is a complex bit of legislation, which leads to…

Good news, GDPR is not an IT problem

It’s true, it’s a legal and compliance issue, not an IT one, just because we are talking about data, an organisation cannot say, “it’s data so can’t IT just sort it out?”

Absolutely not, IT will be a critical partner for helping to deliver compliance, but only in the same way the Board, HR, Finance or anyone who touches data is going to be a key partner in maintaining compliance.

Is your organisations view of GDPR that it is only an IT problem? If it is then you need to look at how you educate them, quickly, that it isn’t!

Roughly what is it?

We’ve heard what it isn’t so what is it?

In its simplest form it is updated legislation, replacing the EU’s data protection directive, but it goes beyond updating, growing in scope and potential penalties for noncompliance.

To quote the EU ;

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

The goal of GDPR is too ensure the personal data held about us can only be used for the purposes it was gathered for and is treated with due care to ensure it is not abused by those who would wish to exploit it.

It’s privacy, not security

One of my go to people when it comes to data privacy is NetApp’s Sheila Fitzpatrick, Sheila is a data privacy attorney with nearly 35 years’ privacy experience and is NetApp’s data privacy officer and global privacy counsel.

Sheila makes the point that data security, IS NOT data privacy.

Data privacy is much wider in scope than just security, Sheila likes to use the example of a data privacy wheel, where security is just one spoke on that wheel.

When designing data privacy solutions, we should understand the full lifecycle of the personal data we collect, assess, process and use, from the minute we collect it until we finally destroy it.

If your organisation is looking at GDPR and saying, “isn’t that just more of that IT security stuff” then it’s time to educate again, it’s so much more than just security.

Will it affect me? Does it matter if I’m not in the EU?

Both valid and common questions, the answer, pretty much every time is a resounding yes. It doesn’t matter is you are inside or outside of the EU.

Location is irrelevant, if you hold data on EU citizens, regardless of where you are based, then you will fall under the scope of GDPR.

What about putting data in the cloud?

Cloud presents an interesting issue, as actually does the placing of data with any 3rd party, as the data controller, you are ultimately responsible for what happens to it. The general advice is to ensure two things, if you are passing your data to someone to process ensure that you have a clear contract in place with them.

If you are looking to a cloud provider, then ensure they have appropriate data privacy policies and safeguards in place so that you are not exposed to risk.

What should I do?

What are some steps you should be taking?

Dealing with GDPR is going to be a constant challenge so it’s important to get started, here’s where I’d start;

  • What are my current policies and are they appropriate?
  • Understand your current data, where is it, how much do I have, who has access, what does it contain?
  • Why do you have that data and why do you collect it.
  • Educate your business, so that from top to bottom people understand the importance of data privacy and the impact that this new regulation will have.
  • Deliver your GDPR compliance plan.

You’ll notice there is very little technology highlighted in those initial steps, maybe something to help you to understand your current data sets, but apart from that, it’s policies, procedures and education.

Technology will have a place, in reality, you are going to find it hard to remain compliant without some technical tools and resources to help you do it.

What have I learned?

There is lots too learn!

It’s complex, it’s not a technical problem with a “silver bullet” to fix it. It is a business legal and compliance issue.

The most interesting thing I’ve discovered though, is even if GDPR wasn’t something we had to comply with, it is something that contains such a level of good and sensible practice it is something that we would want to adopt anyway.

Because in the end, it’s all about our data, let’s keep it secure and private.

For more GDPR resources try out some of the following;

EU GDPR Site

UK Information Commissioners Office

You can also check out a friend of mine, Mark Carlton and an excellent GDPR post he recently published.

How GDPR could affect your business

I also did a series of podcasts to support a recent event that we ran, they cover GDPR in broad terms as well as looking at some specifics on data management and how to work with your people, feel free to check them out;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

What you don’t know, may hurt you – John Hughes – Ep 20

Make People Our Best Data Security Asset – Dom Saunders – Ep 19

.

Weaving a data fabric – Mark Carlton – Ep 23

Regular readers of my blog are probably familiar with the idea of the NetApp data fabric.

This fabric defines NetApp’s strategic direction for data management. How to plan, develop and deploy a solution suitable for a modern organisations data needs, not only the needs for today but also those for the mid and long term.

What I like about this data fabric approach is that it allows us to move away from thinking about “traditional” storage deployments, that you may associate with a vendor like NetApp, or It’s well known competitors’ like Dell-EMC, HPE, IBM and even the new kids like Pure, and to have a much broader data management conversation that encompasses cloud, analytics, software defined, security and privacy.

By shifting this focus, NetApp have been smart, but importantly for us as consumers of storage, they have allowed us to be smart as well, by focussing on the data and not on where it’s housed or the technology it lives on.

Recently a friend of mine from the NetApp A-Team, Mark Carlton, Mark Carltonwrote an excellent blog post “Top 4 questions about the value of the NetApp data fabric” in which he discussed the practicalities of this strategy, looking at its component parts, as well as some great examples of customer deployment.

It was such a good article, I thought I’d ask him onto this weeks Tech Interviews, so we could discuss in more detail his take on and experience of this data fabric strategy.

We not only discuss NetApp’s implementation of this, but also, and maybe more importantly, how the fabric has grown beyond a NetApp centric view and how 3rd party tools from the likes of Varonis, Veritas and Veeam are integrated into this fabric to enhance it further, making your data management solution more insightful, more complete.

Enjoy the conversation with Mark and then ask yourself, are you planning a data fabric strategy that allows you to meet your businesses ever changing needs? Because in the end, it’s all about the data!

If you want to follow up with either myself or Mark on this episode, you can find Mark on twitter @mcarlton1983 or of course me @techstringy

Don’t forget you can read Marks’ excellent blog post here “Top 4 questions about the value of the NetApp data fabric”

If you want more data fabric musings, then I wrote this piece about data fabric a little while a go, Data Fabric – What is it good for?

To make sure you catch the next Tech Interview, you can subscribe to the show wherever you get your podcasts. 

Subscribe on Android

 

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

The Future is Bright, The Future is Data – Matt Watts – Ep 21

The idea that our data is critical to the future of our organisation isn’t a new one, the focus around managing it, protecting and securing it underlines its importance to any modern organisation.

But protecting our data and ensuring we maintain its privacy and security is not the only important focus we should have.

You don’t need to look around the technology industry too much to hear phrases such as “data is the new gold” or “data is the new oil”, but like any good marketing phrase, it is based on a degree of fact.

As marketing-y as those phrases are, it would be wrong to dismiss them. The image I chose for this blog post suggests, “if the future is digital, the guy with the most data wins”,  However, I think that phrase is only partly correct.

It is certain that the modern organisation is becoming increasingly digital, transforming into one that is relying on data and digital workflows for its success, however when it comes to data, it’s not how much data you have, it’s what you do with it and learn from it that will determine who really wins.

That’s the focus of this week’s podcast as I’m joined by NetApp’s Director, Technology and Strategy, Matt Watts.

Matt is in an interesting position, working for one of the world’s largest “traditional” storage vendors and charged with helping them to develop a strategy for dealing with challenges faced by organisations in a world where “traditional” storage is seen as something less valuable.

Maybe to the surprise of many, Matt agrees, while NetApp have great products, they fully accept that the future isn’t about IOPS, Capacities and flashing lights. All that really matters is the data.

In this episode, Matt provides fascinating insights into the modern data world, how extracting valuable information from data is a significant advantage to an organisation, how 3rd party companies working with storage vendors is critical to the future of data management and how companies like Microsoft, Amazon and IBM with Watson are commoditising machine learning and artificial intelligence to a point where, organisations of all sizes, can take advantage of these very smart tools to give them insights and understanding that just a few years ago was out of the reach for all but the very wealthiest of companies.

We also look at how building an appropriate data management strategy is crucial in enabling organisations to access tools that can allow them to take full advantage of their data asset.

Have a listen, Matt provides some great information to help you to get the maximum from your data and be the person not with “the most data” but the one with “the most information from their data” that wins.

Enjoy the show.

To find out more from Matt you can find him on twitter @mtjwatts or follow his blog at watts-innovating.com (check out the article “Your Supermarket knows more about you than your Doctor) and to find out more about NetApp’s own data management strategies check out the “Data Fabric” section of their website.

If you enjoyed the show, why not subscribe to the Tech Interviews podcast;

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

What you don’t know, may hurt you – John Hughes – Ep 20

We are all familiar with the saying “what you don’t know, won’t hurt you”. Well in the world of data management, security and privacy the opposite is most definitely true.

For most of us, as our organisations become more digital, we are increasingly realising the value of our data, how big an asset it is and how important maintaining it is.

However, although we understand how valuable our data is, we actually have very little insight into what is happening to it on a day to day basis.

Ask yourself, do you know exactly what data you have across your business, do you know exactly who has access to it, where it is stored, when it gets accessed, if it even gets accessed and when it’s accessed what gets done with it?

In my time administering IT systems, or working with those that do, I’ve lost count of the amount of times I’ve been asked “who changed that file”, “who deleted that file?”, “can you tell me the files that a user has accessed and copied to a USB stick?” the answer is normally no, and it’s normally no, because our standard storage solutions can’t tell us.

Imagine a logistics company asking questions like, “who’s driving that lorry”, “who was the last person to drive it?”, “where is Fred taking that lorry?”, “can you tell me the type of lorries we have?” and been told, no, we don’t know any of that information, ridiculous right? Yet we do that with our data asset.

We have talked in recent episodes about the threat to our data security and privacy, be it policies or procedures or our people. Just as significant a threat is the inability to fully understand what is going on with our data sets, a lack of insight and analysis means it’s very easy for our data to be abused, lost and stolen without us having the slightest knowledge of it happening.

That’s our focus this week, in the last of our data security & privacy episodes, I chat withjohn hughes John Hughes of Varonis. Varonis provide data analytics and insights into how we use our data, what our data is, who is using it, what it’s used for and if it’s even used at all.

We discuss a little of the history of Varonis, why data insight is so critical, why it’s a cornerstone of our ability to meet compliance requirements and how it’s a crucial part of our defence against data security attacks.

Enjoy the show and thanks for listening.

To find out more about Varonis;

Check out varonis.com

Have a look at their excellent range of BLOGS at blog.varonis.com and of course follow them on twitter @varonis

You can also request a free GDPR data assessment via their website

If you want to learn more about any of the topics in this series, and you are in the North West England on April 5th, you can join me and a range of speakers at www.northwestdataforum.co.uk

You can find the previous 3 episodes in this series here;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

Make People Our Best Data Security Asset – Dom Saunders – Ep 19

If you’ve enjoyed this episode, then why not subscribe;
Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

Make People Our Best Data Security Asset

Losing USB sticks, leaving laptops on trains, installing malware, clicking phishing links. From maliciousness to stupidity, our people are a constant problem. In fact people are our biggest data security issue aren’t they?

Aren’t they?

We have to ask ourselves, are we doing all we can to help our people? Rather than seeing them as a security problem, have we thought about how we can make them an asset as we continually look to take on the threats to our critical data?

That’s the subject of this week’s podcast, as I chat with Dom Saunders from NETconsent.dom saunders

NETconsent specialise in the human side of technology, ensuring users are fully up to date with policies and procedures, as well as continually educated about new threats and solutions.

Our people can be a huge benefit in our data security and privacy plans. In this episode we look at why many IT policies fail, the risks that poor procedures introduce, why education is so critical and how to make sure our people are getting access to the best help they can.

We wrap up looking at 5 steps you can take to make sure your users are a data security asset rather than a risk.

To find out more about NETconsent then check the NETconsent website.

To see how other businesses have worked with their people, have a look at these case studies.

You can also catch up with NETconsent on twitter @NETconsent

This is the third show in our series on data privacy and security – if you’d like to catch the other two episodes, you can here;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

There is no doubt that there are many difficulties presented to organisations when it comes to their data.

We understand it’s an asset, something that, if we make the most of it, can be a significant advantage to us, but of course we also understand maintaining the security and privacy of it is critical.

I think it’s fair to say, as organisations and IT professionals we are becoming much more mature in our attitudes to data privacy and security and we understand more than ever the risks posed to it.

This increased level of maturity is going to become even more important, especially with significant regulation changes on the horizon and none are more significant than the EU’s General Data Protection Regulation (GDPR).

In this weeks podcast, the second part of my conversation with Global Data Protection Attorney Sheila Fitzpatrick (You can find part one here), we discuss exactly what GDPR is going to mean to us as organisations, including those organisations that are outside of the EU (including the impact on the UK).022617_1150_Besttakecar1.jpg

Not only do we look at the impacts of the legislation, Sheila also shares with us some of the initial steps you can take to start to build robust data privacy policies.

How important it is to get the foundation right. How we need to understand our data, where we get it from, how we get it and what we keep and how this is much more important, initially, than finding technology tools to deal with the problem. Build the foundation before you build the second floor!

We also explore how data privacy and GDPR is NOT the problem of IT, it’s a business challenge, IT are certainly a key part in helping to deliver security, privacy and compliance, but it not an issue to throw back at IT to solve.

I hope you’ve found these two episodes with Sheila useful in providing an outline of the problem, as well as some of the steps you can take to address it.

If you want to catch up more with Sheila, you can find her on twitter @sheilafitzp and on Linkedin.

Next week, we look at a different part of the data security challenge, People.

I chat with Dom Saunders from NETconsent as we look at how we can make our people a key asset in dealing with the data challenge.

If you want to make sure you don’t miss that episode, then please subscribe on iTunes, Soundcloud or wherever you get your podcasts.

Thanks for listening…

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss