Partially Redacted: Data, AI, Security, and Privacy

Sam Sternberg, Customer Programs Lead at Skyflow, joins the show to discuss the world of privacy and security at scale within large enterprises. We explore the complex infrastructure, regulatory challenges, and evolving technologies that these giants face in protecting customer and employee data. From managing expansive data infrastructures and international privacy regulations to securing data in the cloud, both multi-cloud and hybrid cloud and harnessing AI, we provide insights and best practices for safeguarding sensitive information.
Check out the episode to delve into the technology and people-centric approaches to privacy and security within the data landscape of large organizations.Topics:
When we’re talking about a large enterprise, can you paint a picture for what the infrastructure of these companies might look like? How many databases, servers, and people are involved?
What are the fundamental differences between data management in small to medium-sized businesses and large enterprise organizations, especially concerning security and privacy?
How does the scale and complexity of data infrastructure in large companies impact their ability to maintain data privacy and security effectively?
What are the main regulatory frameworks that enterprise companies must navigate, and how do these impact data management strategies?
Large enterprises often have extensive data lakes and warehouses. How can these organizations ensure the confidentiality, integrity, and availability of their data in such environments?
With the increasing adoption of cloud services, how should large enterprises approach cloud security and privacy concerns, especially in multi-cloud or hybrid cloud environments?
Could you share some best practices for securely managing customer and employee data, considering the unique challenges faced by big companies in this regard?
How has the adoption of artificial intelligence and machine learning impacted data security and privacy practices in large organizations, and what precautions should they take when implementing these technologies?
Many large enterprises operate globally. How does managing security and privacy requirements across different countries and regions impact their strategies and challenges?
What emerging trends or technologies do you foresee having a significant impact on data security and privacy in large enterprises in the near future?

In this episode, Ram Muthukrishnan, Senior Product Manager at Skyflow, joins the show to delve into the fundamental aspects of data protection.
Ram demystified key concepts like redaction, masking, and encryption, shedding light on their significance in the world of data protection. Ram walked us through the practical applications of these techniques and their role in ensuring data privacy and security in today's digital landscape.
Topics:
Why is it important to protect sensitive customer data?
What are the key differences between redaction, masking, encryption, and tokenization as data protection techniques?
How does data redaction work, and in what scenarios is it typically used?
What’s it mean to mask data and what are the different approaches?
Can you break down the basics of encryption for our listeners?
What are the primary differences between symmetric and asymmetric encryption, and when should each be used
Tokenization is often associated with payment data. Could you explain how tokenization replaces sensitive data with tokens and its advantages?
When does it make sense to use tokenization versus something like encryption? What advantages or disadvantages are there to tokenization?
Access control is a critical aspect of data protection. How does it work, and what are some best practices for implementing effective access control measures?
How can organizations balance the need for data security with the requirement for data accessibility by authorized personnel?
Are there any common misconceptions or challenges when it comes to implementing these data protection techniques?
What are some emerging trends or technologies in the field of data protection that we should be aware of?
Resources:
Confidential Computing and Secure Enclaves with AWS's Arvind Raghu
Secure Multi-Party Computation Explained with Skyflow's Liz Acosta
Homomorphic Encryption with Skyflow’s Avradip Mandal

In this episode, we dive into the realm of cloud security with Merritt Baer, Field CISO of Lacework. Together, we look at the complex tapestry of perceptions surrounding on-premises security versus the cloud, shedding light on why some still view on-prem as the safer option.
Merritt lends her expertise to dissect the trade-offs that companies face by remaining in the traditional on-premises sphere rather than embracing the potential of the cloud. We explore the security considerations unique to the cloud-native world, offering insights into what it takes to navigate this transformation securely.
Whether you're a seasoned professional or just beginning your cloud journey, this episode will expand your understanding of cloud security, uncovering the pros, cons, and crucial factors to ponder when venturing into the realm of cloud computing.
Topics:
Why do people think on-prem is more secure?
What are the tradeoffs a company is making when they refuse to move to the cloud?
What are the new challenges facing a company once they’ve moved to the cloud from a security perspective that perhaps they didn’t face in the on-prem world?
Does the cloud reduce or increase your security risk footprint?
Does the type of talent and team look different?
How are cloud-native security tools and platforms different from traditional on-premises security solutions?
How do you manage security at this kind of scale?
As organizations adopt multi-cloud and hybrid cloud strategies, how do you recommend they maintain consistent security measures across different cloud environments?
What are some emerging security threats in the cloud landscape, and how can organizations proactively defend against them?
What is keeping CISOs up at night?

In this episode, we explore the world of General Data Protection Regulation (GDPR) Catawiki’s Data Protection Lead Paul Breitbarth. We cover GDPR's history, business essentials, compliance significance, and the art of harmonizing business objectives with regulatory demands.
Paul breaks down key GDPR components, emphasizing their role in safeguarding data privacy. From data handling to breach notification, listeners gain insights into essential compliance steps.
The heart of the conversation revolves around the challenge of balancing business goals with GDPR rules. Practical strategies are discussed, including privacy-conscious approaches and effective data protection policies. This episode is a guide for businesses and individuals navigating GDPR's complexities, offering actionable insights for responsible data management and privacy protection.
Topics:
What was the immediate impact on businesses when GDPR came into effect? How did the world respond?
What are the main requirements of a business when it comes to GDPR?
What are the key rights granted to individuals under GDPR, and how can they exercise these rights?
What are the technical requirements?
What are some common challenges businesses face when implementing GDPR compliance?
How has GDPR influenced the handling of data breaches and security incidents?
What are the fines for non-compliance?
What does it mean to be compliant?
Can you really be 100% compliant? Is that realistic?
How can a business navigate GDPR compliance, balance all the needs, and still do business?
What are the responsibilities and obligations of data processors and data controllers under GDPR?
Are there any recent updates or amendments to GDPR that businesses should be aware of?
What’s the future of GDPR?

In this episode, Ray Everett, Head of Privacy and Data Protection at Avellino Lab, joins the show to discuss the rise of the privacy officer. The conversation delves into the essential role of privacy officers, providing listeners with a comprehensive understanding of their responsibilities and the challenges they encounter. Ray offers practical advice on effectively finding and hiring privacy officers, as well as initiating and managing successful privacy programs. This episode is a must-listen for anyone seeking to navigate the ever-evolving landscape of privacy protection.
Topics:
How has the privacy landscape changed throughout your career? What are some of the big changes from when you started to today?
Can you describe the role and responsibilities of a Chief Privacy Officer? How has this evolved over time?
What does this function end up looking like within a large organization? Who’s on the team?
When should a company be building a privacy function? How do they know they need it?
When a company decides to establish a privacy officer role, what factors should they consider in determining the scope and authority of the position?
How does one go about finding a qualified privacy officer? What skills, qualifications, and experience should be sought after?
What sets a great privacy officer apart from an average one?
Let’s say I’m a founder and I realize I should hire a privacy officer and build a privacy function, but I have no experience with it, I just know I need to do it. Where do I start? How do I know what to look for in a potential candidate?
During the hiring process, what specific interview questions should I be asking? What kind of positive or negative signals should I be testing for?
Even when privacy organizations exist, they are often under-resourced and under-appreciated. What are your suggestions or thoughts on how a privacy officer can work with an organization to prevent this from happening?
What’s the typical career path for someone looking to move into privacy? What do you recommend for those listening that might want to build a career in privacy?
What are your thoughts on the future of the privacy officer? Will they own more budget, have more authority?
Resources:
Ray Everett LinkedIn
International Association of Privacy Professionals

In the podcast episode Jodi Daniels, Founder & CEO of Red Clover Advisors, and Justin Daniels, Legal and Corporate Counsel at Baker Donelson, share valuable insights on privacy and security considerations in product development. They discuss the common mistakes made and the crucial questions to ask when designing new products, emphasizing the need for proactive data protection.
Jodi and Justin delve into core principles and best practices for integrating privacy-by-design, highlight the risks of neglecting privacy and security during product development, and explore ways to balance innovation and functionality with privacy and data protection requirements. They also address the importance of ingraining privacy and security throughout the product life cycle and provide guidance on evaluating the privacy and security implications of emerging technologies like AI.
Topics:
From your point of view, what do you think is the biggest mistake or oversight people make when building new products when it comes to privacy and security?
What kind of questions should I be asking myself when designing a new product when it comes to data protection?
What are the core principles and best practices for operationalizing privacy-by-design when developing new products?
What are the potential risks and challenges associated with neglecting privacy and security considerations during the product development phase?
How can organizations effectively balance the need for innovation and functionality with the requirements of privacy and data protection?
What steps can companies take to ensure that privacy and security are ingrained throughout the product life cycle, from design to deployment?
Are there any specific regulations or standards that companies should be aware of when it comes to privacy and security in new product development?
What are some of the privacy and security challenges facing companies interested in generative AI?
When it comes to any kind of new technology, like AI, how can individuals and businesses evaluate the privacy and security implications before integrating them into their operations?
What are some common misconceptions or myths surrounding privacy and security in AI, and how can they be addressed?
Resources:
Data Reimagined: Building Trust One Byte at a Time

In this episode, Rachael Ormiston, Head of Privacy at Osano, joins the show to discuss the impact of generative AI on privacy. We covered a wide range of topics, including Rachael's initial impression of ChatGPT and the risks associated with generative AI. We also explored Italy's recent ban on ChatGPT, the measures that can be taken to mitigate risks and protect privacy, and how businesses and organizations can leverage generative AI responsibly without infringing on people's privacy rights.
Furthermore, we delved into the role of policymakers in regulating the use of generative AI to ensure privacy protection, as well as the ethical considerations that should be taken into account. Rachael provided valuable insights on how individuals can protect their privacy in the age of generative AI and the steps they can take to safeguard their personal information. Finally, we discussed the future of generative AI, highlighting the need to harness its potential while ensuring that privacy remains a top priority.
Join us in this enlightening conversation as we navigate the intersection of Generative AI and privacy, gaining valuable insights from Rachael Ormiston's expertise.
Topics:
What was your first impression of ChatGPT?
How can generative AI impact privacy, and what are some of the risks associated with it?
Recently Italy became the first western country to ban ChatGPT, why did they do this?
What might this mean for other countries?
What measures can be taken to mitigate the risks of generative AI, and how can we ensure that privacy is protected?
How can businesses and organizations leverage generative AI while ensuring that they don't infringe on people's privacy rights?
How can policymakers regulate the use of generative AI to ensure that it doesn't infringe on people's privacy rights?
What ethical considerations should be taken into account when using generative AI, and how can we ensure that it is used responsibly?
How can individuals protect their privacy in the age of generative AI, and what steps can they take to safeguard their personal information?
What is the future of generative AI, and how can we harness its potential while ensuring that it doesn't pose a threat to our privacy?

In this podcast episode, Jimmy Fong, Chief Commercial Officer at Seon, discusses online fraud and the role of Seon's fraud prevention tool. Jimmy covers common fraud patterns, evolving tactics, and the challenges of distinguishing legitimate user behavior from fraudulent activities. He shares Seon's journey, emerging fraud patterns, and best practices for security. Jimmy emphasizes collaboration and information sharing, highlighting the potential of generative AI in fraud prevention.
Topics:
How does online fraud work and why is it such a concern for online businesses and consumers?
What are some common fraud patterns that individuals or businesses should be aware of when conducting transactions online?
How has fraud patterns changed over time?
How do fraudsters typically exploit vulnerabilities in online systems to carry out their fraudulent activities?
Why fraudulently submit demo requests to a business? What is a fraudster attempting to do?
What are the challenges and complexities involved in distinguishing between legitimate user behavior and fraudulent activities?
How did Seon start?
Are there any notable trends or emerging fraud patterns that you've observed recently? How should businesses adapt to stay ahead of evolving fraud tactics?
What are some best practices that individuals and businesses can implement to enhance their overall security posture and minimize the risk of falling victim to online fraud?
How important is collaboration and information sharing between businesses, industry associations, and law enforcement agencies in combating online fraud? Are there any notable initiatives in this regard?
In your opinion, what does the future of fraud prevention look like? What role might generative AI play on both sides?
Resources:
Seon
SEON Cat & Mouse Podcast

Manny Silva, Skyflow’s Head of Documentation, joins the podcast to share his journey of tinkering with generative AI systems and building a private GPT trained on internal Skyflow documents.
Manny discusses his first impression of ChatGPT, how he got interested in this space as a technical writer, and the non-obvious insights he gained along the way. He addresses common misconceptions about GPT, particularly regarding privacy and security. Manny explains the concept of creating a private GPT and explores the reasons why organizations would want to implement it. He provides valuable insights into effectively integrating a private GPT into existing workflows and systems, along with the challenges and considerations companies should be aware of.
Manny shares best practices for training and fine-tuning a private GPT to ensure optimal performance and accuracy. He delves into the impact of his work at Skyflow and the enhanced productivity observed in the field. Finally, Manny looks ahead to future advancements and trends in the field of private GPTs and discusses their transformative potential in the realms of documentation, product launches, and marketing.Topics:
When you first saw ChatGPT, what was your first impression?
As a technical writer, how did you get so interested in this space and start tinkering with the Open AI platform and APIs?
What are some of the non-obvious things you learned as you dove into this?
What are some of the common misconceptions you’re seeing when it comes to GPT, in particular when talking about privacy and security?
What’s it mean to create a private GPT and why would someone want to do that?
How can organizations effectively implement and integrate a private GPT into their existing workflows and systems?
What are some common challenges or considerations that companies should be aware of when building and utilizing a private GPT?
What are some best practices and strategies for training and fine-tuning a private GPT to ensure optimal performance and accuracy?
Can you describe what you built at Skyflow that leverages private GPT?\
What kind of impact are you seeing in terms of yours or other people’s productivity?
Looking ahead, what advancements or trends can we expect to see in the field of private GPTs, and how will they continue to transform the way we work with documentation, product launches, and marketing?
Resources:
Privacy-First AI: Harnessing Snowflake and Skyflow to Customize GPT
Generative AI Data Privacy with Skyflow GPT Privacy Vault

In this episode, Ashley Jose, a product lead at Skyflow with a decade of experience in SaaS product management, explores the importance of data governance in today's data-driven world. He discusses the impact of growing data on business decisions and highlights the key components of an effective data governance framework.
Ashley addresses misconceptions, explains the evolution of data governance, and its intersection with data privacy regulations. He also explores how data governance works within Skyflow's data privacy vault approach.
Ashley addresses common misconceptions about data governance and dispels myths surrounding the topic. He then delves into the evolution of data governance in the face of big data and technological advancements, highlighting both new challenges and opportunities. He explains how organizations must navigate privacy regulations like GDPR and incorporate them into their data governance strategies.
Drawing on Skyflow's expertise in data privacy vaults, Ashley explains how data governance functions within their approach. He demonstrates how this approach addresses challenges related to controlling access to sensitive data.
Ashley provides practical advice for engineers and technical professionals looking to enhance their involvement in data governance initiatives.
Topics:
How has the growth of data that businesses store, process, and analyze impacted how they make business decisions?
Can you explain what data governance is and why it is important in the context of today's data-driven world?
What are the key components of a comprehensive data governance framework?
What are the main challenges organizations face when implementing effective data governance practices? How does data governance impact engineers and technical teams directly? What role do they play in ensuring successful data governance?
What are some common misconceptions or myths about data governance that you often come across? How would you address them?
With the rise of big data and advancements in technology, how has data governance evolved over the years? Are there any new challenges or opportunities that have emerged?
How does data governance intersect with data privacy and compliance regulations, such as GDPR or CCPA?
In the context of Skyflow and the data privacy vault approach to the management of sensitive data, how does data governance work?
How does a data privacy vault help address some of the challenges with controlling access to sensitive data?
Are there any emerging trends or technologies in the data governance space that you find particularly interesting or promising?
Do you have any practical advice or recommendations for engineers and technical professionals who want to enhance their understanding and involvement in data governance initiatives within their organizations?
Resources:
Introducing the Skyflow Data Governance Engine
Data Access Control with lakeFS’s Adi Polak
The Partially Redacted 2022 Year in Review with Skyflow’s Ashley Jose