What Is A Data Map?
Inaugural webcast of Tomorrow’s Jobs Today: Wisdom and Career Advice From Thought Leaders in AI, big data, The Internet of Things, Privacy, and more.
Host Rafael Moscatel picks the brains of business leaders throughout the world who are pioneering emerging technologies and leadership concepts across a variety of industries in both the public and private sectors to better understand the future of work and the incredible tools being developed to perform that work. In today’s episode Priya Keshav of Meru Data discusses the question, “What Is A Data Map?”
Full transcript below:
Priya, we’re going to talk a lot about data maps today, and you have a lot to show us there. But before you treat us to kind of the bells and whistles on your product, I do want to talk briefly about why you decided to start this business. You had an excellent position for one of the big four accounting firms, and you were doing some amazing work over there for them. So tell me: Why did you take this leap?
Data is going to be one of the biggest risks for every enterprise in the next decade or so, and that’s broader than just cybersecurity risk. And most gender councils acknowledge this and are looking to build programs in-house to manage this proactively. I felt that most of the programs so far are consultant-driven, and there was a lack of products that supported these programs in a holistic manner. And I felt that there was a gap that perhaps we could address, so we founded Maru, and it’s been an excellent journey so far.
So Priya, for some of our viewers that are very new to IT infrastructure and data maps, can you give us a basic definition of what a data map is?
Yeah, it is a bird’s-eye view of all the data within the organization. For somebody who is trying to manage the risk around the data at a very high level, it provides all the details, in terms of the number of systems, where the data originated, how it flows. And you’re able to look at which systems are riskier, versus not. You’re able to understand the security controls that you have in place. So you can bring all of the information into one single place and take a look at it for various decision-making purposes, and that’s what the data map gives you.
Now that you’ve told us exactly what a data map is, can you tell us a little bit more about why it’s important in today’s climate, with all of the privacy compliance exercises that companies need to undertake?
The best way to explain this is with an elephant story that actually one of my mentors first told me. A bunch of blind men, who had never seen an elephant before, encountered an elephant. And they were experiencing this elephant in various ways, right? So somebody touched … One person touched the trunk. Somebody else was looking at the tail and obviously had a completely different description of what the elephant was. And somebody else was touching the body and had a very different description of the elephant. That’s true in most organizations. We are siloed.
We have a very good understanding of what we are doing with the data that we see and how we are using the data that we have, but it lacks perspective, and that’s what happens in most organizations. So you have perspectives. None of them are wrong, but the perspectives are limited, from a certain viewpoint. And what data map helps in cross-functional. So it brings collaboration. It helps in establishing true trust in data because now you have a true understanding of what is going on with your data. And it’s not just for compliance, though obviously, it gives you better control over compliance efforts. But it gives you, also, better visibility into your data.
So you can’t secure what you don’t know. If your perspective is that the elephant is just the trunk, then you’re going to secure it based on that perspective. But as if you understand that it’s a whole elephant, you have a completely different vision of how your security program would be. Data map, once it’s done right and being used and adopted by an organization, can serve in so many ways that it can open up a lot of opportunities for your data within the organization.
Priya, can you tell me a little bit more about how tools like yours classify sensitive data within the data map?
Yes, of course. So this is our classification wheel, and as you know, CCPA expects you to understand the various types of information that you store in various systems, like biometric data, profile information, or credit card information, or educational information. So from the data map, you’re able to classify them into various categories, and with a click of a button, you can get to the systems that are likely to have the particular data type that you’re looking at. So for example, I clicked on the IP address and it gave me the two systems where we store IP addresses. So it’s very functional, meeting the regulatory requirements.
What about data flows? How do applications like that make sense of those? Because they can be so complicated and so involved.
Yes, so it’s very important to understand how your data is flowing. So you have to understand the place of origin and all the places that it goes to be able to truly … Both from a data governance standpoint, as well as a privacy regulation standpoint. Because if you are looking at a request where you need to delete the data, you have to understand that. For example, we’re looking at an HR process right now. So let’s say somebody got a resume from LinkedIn and sent it to Greenhouse and used Greenhouse for recruiting and then eventually, that person was hired. And obviously, their data was moved into Workday. Maybe they send some expense reports in and Concur was used as an expense reporting system.
So in this case, what happens is that if that person comes back and says, “Please delete my data,” you have to be able to understand that that person was an employee. And the fact that you probably had information about the interviews. If it is not yet past that retention period, there was probably information about their resume and the various background check that happened, as well as their employee information in Workday and every other benefit-type systems or analytics systems that it was passed onto from Workday. And the expense reporting system.
So the data flows helps you understand all the systems that are impacted, as well as exactly what type of information is flowing. So for example, Workday, in this case, is sending, as you can see, a bunch of information on a daily basis, via API, to Concur. So being able to map this is a fundamental step to being able to meet the privacy regulations.
In this new environment, so many companies are being forced to do so much more with less. And I’m wondering: How do platforms like this, the Maru platform, enable those organizations to do that?
So yes, we’re trying to … Everybody’s shifted to a work-from-home environment, and obviously, that increases security risk. And there is also a need to accelerate some of the programs towards digital programs, because there’s a need for more technology and for more and more technologies to be online, as opposed to on-prem, because of the changes that we’re just going through.
But we’re also facing budget cuts and the need to do more with less, and one of the best ways to use a data map is to understand and prioritize. Because you understand where your data is, how it’s being used, and what’s the most important as well as the biggest risks that your organization is likely to face, using the data map enables you to make informed decisions, as opposed to making decisions based on intuition. So I think there are so many different ways in which we build … And that’s what differentiates us because we don’t look at this as a privacy tool that just solely does privacy-related work, which is important.
But most organizations, with limited budgets, they’re trying to comply with the privacy program. But they’re also trying to leverage what they have to reduce their overall risk with data, to improve their security program, as well as trying to look at how effective their analytics programs are. So there are so many use cases, and truly, that’s one of the things that I think we look at it as fundamental to how a data map should work and how it should be a single tool that sort of brings everybody’s objectives together and helps them collaborate through the tool.