LetsTalkAboutData

Let's Talk About Data
How can businesses realise a competitive advantage implementing regulations on #Mainframe platforms?
Dez en route #Barcelona
Q2: What are the biggest gaps for firms in preparing for #GDPR? Is there an opportunity here for new #technology? @dez_blanchfield @evankirstel @Kevin_Jackson @CAMainframe
http://www.via-cc.at...

Kevin L. Jackson - MWC19/ RSAC19
A2. Data classification. It only gets harder from here if you don’t classify your data based on contractual requirements, data sovereignty, PII, sensitivity and regulatory requirements.
Evan Kirstel at #MWC19
Each organisation works differently. In some, enterprise architects may be directly responsible for ensuring #GDPR #compliance. In others, architects may not have even been invited to the party. So the first thing for architects to do is buddy up!
Kevin L. Jackson - MWC19/ RSAC19
A2. You also need classification in order to effectively use SIEM. Check out https://www.ca.com/u...
Evan Kirstel at #MWC19
You must prioritize which #GDPR requirements to tackle first!
Craig Mullins
I agree with @kevin_jackson - how many orgs even know what all their data is (lack of metadata) to know what must be in compliance with GDPR. That is a big task to tackle!
Christopher Penn #THINK2018 Speaker
Data identification and unification. Virtualization of data to put everything in a seemingly local interface will let data architects find and identify data faster.
Jeff Cherrington
@Kevin_Jackson Kevin, what constraints are mainframe data centers facing when attempting to classify the unclassified accumulation of data from the decades the mainframe has been in use?
Dez en route #Barcelona
- so many companies are still seeming to struggle with just developing a basic Vocabulary and Language to even discuss the issues - I think for many just starting the conversation is a major 1st step ;-)
Dez en route #Barcelona
- and of course there's the fact that we now only have 55 left to actually get compliant ;-)
Chip Mason
@craigmullins Identifying and classifying data is the best first step to GDPR compliance. You need to know where your risk might be.
Kevin L. Jackson - MWC19/ RSAC19
@craigmullins managing the #Metadata is harder than managing the data!
Jeff Cherrington
Days until GDPR goes into effect https://howmanydayst...
Tripp Braden
Its about not having the right people focused on the critical activities, priorities and budget for the #GDPR challenge
Craig Mullins
@Kevin_Jackson If only people had adopted and actually used Metadata Repositories like CA Repository!
Christopher Penn #THINK2018 Speaker
from a marketing perspective, pivoting from PII to behavioral data is also a major step needed. Reduce dependence on collected data from customer records.
Marcel Mitran
Data classification and life-cycles are incredibly complex and living beast. In general you need to trade-off agility and innovation for control and management. Less than ideal!
Jeff Cherrington
Classifying data is critical for privacy, articles 25 & 32, and for right to access, article 15, right to be forgotten, article 17, and right to data portability, article 20
Ravi Patil
A2. Hoping firms do not wait for major fines to be levied before taking action on #GDPR.
Chip Mason
And don't forget, GDPR is not limited to EU companies. Many US companies have signed Commerce Dept Privacy which puts them under the regulation
Shira Rubinoff
basic overview - for those unsure...\ : According to GDPR orgs must: 1) only process data for authorized purposes 2) ensure data accuracy and integrity 3) minimize users identity exposure 4) implement data security measures
Tripp Braden
The larger elephant in the room is who will be held responsible for missing deadline, the CEO, Board or CIO?. Will their stock price take a hit? #GDPR
Tony Flath
Craig @craigmullins on the metadata point do you see converged data being more efficient and what role does #blockchain play here? @kevin_jackson #LetsTalkAboutData
Christopher Penn #THINK2018 Speaker
@TrippBraden That's a huge elephant. Everyone with P&L responsibility has a stake in #GDPR compliance.
Craig Mullins
@TmanSpeaks There may be more metadata available for converged data
Craig Mullins
@TmanSpeaks Not really sure how blockchain could help us to identify and classify all of our existing data
Shira Rubinoff
stats indicate that 65% of organizations will fail to meet GDPR deadlines - @TrippBraden who is responsible? I believe that the responsibility will vary per organization - but the finger will be pointed across the C- channels
Bud Walder
maybe an opportunity for a new GDPR insurance policy!
Tony Flath
big gaps all over! Totally an opportunity to modernize for example move to the #cloud for the love of god, please move to the #cloud as part of the #GDPR migration plan. Amazon have been pumping it out there #GDPR as are other big #cloud providers #LetsTalkAbout
Shira Rubinoff
@kwwalder will happen - similarly to having a Cyber insurancy policy
Elena Carstoiu
Chip, #GDPR is for all companies around the world that handle personal #data of European citizens. It doesn’t really matter if they signed anything or not. How will EU inforce it, that’s another discussion 😏
Tony Flath
@craigmullins I was just more future thinking and effective data management with global #metadata but I'd leverage you and Dez on that front! #LetsTalkAboutData
Chip Mason
@TmanSpeaks AMZ has a great solution, but for mainframe, no need to move the data. Keep it in place and identify risk of PII with CA DCD https://www.ca.com/u...
Craig Mullins
@Kevin_Jackson Interested to learn how Kevin?
Shira Rubinoff
Biggest gaps are budgets - as well as time factors. There are many areas the companies have to tighten up on - in order to get there budgets have to be allocated first
Craig Mullins
@Kevin_Jackson Certainly looking-forward but not really helpful for identifying and categorizing existing data - perhaps I was focusing my thoughts too narrrowly
Chip Mason
@TrippBraden Consensus seems to be that as long as you can prove 'significant effort' there will be leniency on compliance. But if you have a breach: the hammer will fall!
RADAR
Meeting the 72-hr notification timeframe will be a real challenge for US orgs, as most US laws allow for 30-45 days or even more vaguely "most expeditious time possible." 72 hrs will feel like a sprint in comparison! Automation can streamline the process.
Tripp Braden
@evankirstel Maybe a ready, fire, aim strategy might be more appropriate give the current status of their planning
Kevin L. Jackson - MWC19/ RSAC19
@jcherrington The challenge is in enforcing enterprise IT governance.
Dez en route #Barcelona
Q4: How has #datasecurity and #dataprivacy regulation shaped the digital economy? @dez_blanchfield @evankirstel @Kevin_Jackson @CAMainframe
http://www.via-cc.at...

Evan Kirstel at #MWC19
#GDPR as a wider opportunity to transform the way that you handle data and manage risk and compliance, and can serve as a catalyst that will put your org in better shape to compete in the digital economy!
Christopher Penn #THINK2018 Speaker
Risk mitigation is the name of the game. Savvy companies need to think in terms of MVD: Minimum Viable Data. What's the least you need to be effective, rather than store & secure everything?
Kevin L. Jackson - MWC19/ RSAC19
A4. Data privacy is the new Y2K! Deal with it now or suffer greatly. #LetsTalkAboutData http://cainc.to/CGvL...
Craig Mullins
Tech advances at a rapid pace and legislation is always in danger of lagging behind
Christopher Penn #THINK2018 Speaker
The more #DarkData you have lurking in digital filing cabinets, the greater your operating costs, storage issues, and most of all security problems you have. #DarkData is company enemy #1.
Natalia Godyla
@cspenn Great perspective! Less is more.
Craig Mullins
One thought is that regulation might slow digital transformation
Kevin L. Jackson - MWC19/ RSAC19
A4. Effective action begins with data classification and digital rights management technology http://cainc.to/cNpN...
Priya Dewan Doty
@cspenn Which is why, with 70% of corporate data sitting on mainframe systems; it seems like ignoring that would make the risk profile increase!
Craig Mullins
To my way of thinking, #dataprivacy and #datasecurity regulations are needed to make us do the right thing instead of rocketing ahead at the speed of technology
Christopher Penn #THINK2018 Speaker
@craigmullins #DigitalTransformation would just be shaped by regulation, same as eCommerce reshaped with local tax laws, no?
RADAR
Privacy by design and by default has already seen an impact on how wearable technology and #IoT devices are developed and marketed. The public is getting savvy to privacy issues, and putting their money where their values are. #privacybydesign #gdpr
Chip Mason
@cspenn is it the data that should be minimize or the access? Least Access Policy enforcement should take precedence over convenience of IAM perhaps
Christopher Penn #THINK2018 Speaker
@cmason_CA Least Data. Hackers can't steal what doesn't exist.
Jeff Cherrington
@cspenn Industry stats show that data centers hold as much as 50% or more DarkData. Guilty -- I know there are data sets of PII lingering under my HLQ in test & QA from decades ago....
Tripp Braden
@cspenn All those things are true, but dark data may also be the source of ultimate competitive advantage and opportunity identification.
Craig Mullins
I am not a Luddite... I just think more thinking is needed before adoption
Christopher Penn #THINK2018 Speaker
@PriyaDewan Unquestionably re: 70% of corporate data on mainframes - and with fewer folks who can operate them well, greater security risks.
Chip Mason
@craigmullins Perhaps. But today, many cars sell because of safety, and Apple thinks privacy will sell phones. Different way of looking at the issue!
Christopher Penn #THINK2018 Speaker
@TrippBraden I sure hope so. @TrustInsights is kind of banking on that :)
Shira Rubinoff
Data is viewed as knowledge and power - the more of it you have the better off etc.. tough securing and storing has been a very big issue in the past year - Too many data breaches to count from some of the largest and most trusted companies out there. Much more
Shira Rubinoff
focus has to be put on data strorage and security
Chip Mason
@cspenn Data is an asset (ask Facebook) Of course, one should remove unneeded data, I agree 100% with that
Craig Mullins
@cspenn Yes, good point. The speed of technology is getting ahead of us as a society and government is needed to assure reasonable adoption
Christopher Penn #THINK2018 Speaker
@cmason_CA That's a great perspective. Security & privacy are to data what safety features are to cars. Initially competitive advantages, and then mandatory minimum features for a viable product.
Tripp Braden
I'm not sure it really has, lots of talk but as we see with Facebook many of these organization aren't concerned with what is the best interest of their users.
Jeff Cherrington
@craigmullins It's an axiom that technology goes through three stages: 1) make the darn thing work at all, 2) make the thing profitable to sell, and (oh, crap!) 3) make the bloody thing secure. We are suffering that curve with IoT right now -- building botnets from thermostats
Elena Carstoiu
Least #data won’t cut it, must be combined with least access as well! #GDPR
Craig Mullins
@craigmullins ...we need good governance enacted in response to reasonable regulation to assure proper technology adoption that benefits society
Shira Rubinoff
It's not a one size fits all problem - specific security and thought needs to happen with each company before an implementation plan
Christopher Penn #THINK2018 Speaker
@TrippBraden Facebook is very much concerned with the best interest of its users and customers - the ADVERTISERS. We public folks are the product, and we don't count.
Mark Lynd 🎙
I would put @Shirastweet post directly above in BIG BOLD LETTERS. As data privacy largely becomes a risk mitigiation isseu for many companies. How much to spend protecting versus the potential damages. Then insure the rest. This often works out poorly for consumers.
Tripp Braden
As Yoda would say Don't Try do! Until organization pay a larger price or consumer leave their platform about these issues. It doesn't seem rules matter to these people
Craig Mullins
@jcherrington Yes! And unfortunately the last step (no. 3) usually requires government coercion via regulations and legislation
Tony Flath
A4) loaded question, Dez.... to date the internet has opened up service providers too public data from the public on #cloud platforms with the providers demanding user sign off on their data, well what a mess to date look at FB #GDPR required #LetsTalkAboutData
Shira Rubinoff
@TrippBraden FB API allowances were too loose and did not disclose their breach for a 2years. Unfortunately users were quick to click through user agreements -allowed all sorts of access to their data. A stop and pause is needed and tight security implemented
Tripp Braden
@cspenn Exactly, a breech in trust is just another bump along the road to increasing profits
Craig Mullins
Has anybody given some thought to how the immutability of transactions in blockchain is incompatible with the right to be forgotten in GDPR?
Christopher Penn #THINK2018 Speaker
@craigmullins Maybe Right to Be Forgotten will be a flag in the chain - you cannot use this transaction?
Shira Rubinoff
@mclynd YES - In flashing lights! :)
Kevin L. Jackson - MWC19/ RSAC19
@craigmullins IMHO The right to be forgotten will eventually lose in court
Mark Lynd 🎙
With @Shirastweet on this item, as FB has been called out too many times and tends to take any user agreements/consents to the very edge and some times further. They are not alone!
Shira Rubinoff
@mclynd seems to be the trend with "larger than life" companies. The hammer has to fall on one of these big companies for the others to take it all seriously
Marcel Mitran
#dataprivacy and #datasecurity will heighten the value of #data. The ability to harness that value with agility and ease will be key to driving better business outcomes and competitive advantages.
Mark Lynd 🎙
@craigmullins - That will be an interesting problem to solve, as it is likely that multiple parties will try to solve that problem with blockchain and they will probably take different paths. Immutability could end up have powerful legal concerns regarding GDPR and Consents.
Craig Mullins
@Kevin_Jackson Another issue to be decided in court perhaps: can the EU legitimately claim the right to govern its citizen's data that exists outside the EU?
Mark Lynd 🎙
@Shirastweet - No doubt about it. FB is only the beginning, but their defiance seems to be sparking a lot of discontent.
Tripp Braden
@Shirastweet Exactly, they were. I can't believe they didn't know it when they did it.Many gained from these loser standards
Shira Rubinoff
@mclynd very true - largest "monster" out there - views above it all. However people and are taking notice -- change has to happen