What Is A Data Map?

Inaugural webcast of Tomorrow’s Jobs Today: Wisdom and Career Advice From Thought Leaders in AI, big data, The Internet of Things, Privacy, and more.

Host Rafael Moscatel picks the brains of business leaders throughout the world who are pioneering emerging technologies and leadership concepts across a variety of industries in both the public and private sectors to better understand the future of work and the incredible tools being developed to perform that work. In today’s episode Priya Keshav of Meru Data discusses the question, “What Is A Data Map?”

Full transcript below:

Rafael Moscatel:

Priya, we’re going to talk a lot about data maps today, and you have a lot to show us there. But before you treat us to kind of the bells and whistles on your product, I do want to talk briefly about why you decided to start this business. You had an excellent position for one of the big four accounting firms, and you were doing some amazing work over there for them. So tell me: Why did you take this leap?

Priya Keshav:

Data is going to be one of the biggest risks for every enterprise in the next decade or so, and that’s broader than just cybersecurity risk. And most gender councils acknowledge this and are looking to build programs in-house to manage this proactively. I felt that most of the programs so far are consultant-driven, and there was a lack of products that supported these programs in a holistic manner. And I felt that there was a gap that perhaps we could address, so we founded Maru, and it’s been an excellent journey so far.

Rafael Moscatel:

So Priya, for some of our viewers that are very new to IT infrastructure and data maps, can you give us a basic definition of what a data map is?

Priya Keshav:

Yeah, it is a bird’s-eye view of all the data within the organization. For somebody who is trying to manage the risk around the data at a very high level, it provides all the details, in terms of the number of systems, where the data originated, how it flows. And you’re able to look at which systems are riskier, versus not. You’re able to understand the security controls that you have in place. So you can bring all of the information into one single place and take a look at it for various decision-making purposes, and that’s what the data map gives you.

Rafael Moscatel:

Now that you’ve told us exactly what a data map is, can you tell us a little bit more about why it’s important in today’s climate, with all of the privacy compliance exercises that companies need to undertake?

Priya Keshav:

The best way to explain this is with an elephant story that actually one of my mentors first told me. A bunch of blind men, who had never seen an elephant before, encountered an elephant. And they were experiencing this elephant in various ways, right? So somebody touched … One person touched the trunk. Somebody else was looking at the tail and obviously had a completely different description of what the elephant was. And somebody else was touching the body and had a very different description of the elephant. That’s true in most organizations. We are siloed.

We have a very good understanding of what we are doing with the data that we see and how we are using the data that we have, but it lacks perspective, and that’s what happens in most organizations. So you have perspectives. None of them are wrong, but the perspectives are limited, from a certain viewpoint. And what data map helps in cross-functional. So it brings collaboration. It helps in establishing true trust in data because now you have a true understanding of what is going on with your data. And it’s not just for compliance, though obviously, it gives you better control over compliance efforts. But it gives you, also, better visibility into your data.

So you can’t secure what you don’t know. If your perspective is that the elephant is just the trunk, then you’re going to secure it based on that perspective. But as if you understand that it’s a whole elephant, you have a completely different vision of how your security program would be. Data map, once it’s done right and being used and adopted by an organization, can serve in so many ways that it can open up a lot of opportunities for your data within the organization.

Rafael Moscatel:

Priya, can you tell me a little bit more about how tools like yours classify sensitive data within the data map?

Priya Keshav:

Yes, of course. So this is our classification wheel, and as you know, CCPA expects you to understand the various types of information that you store in various systems, like biometric data, profile information, or credit card information, or educational information. So from the data map, you’re able to classify them into various categories, and with a click of a button, you can get to the systems that are likely to have the particular data type that you’re looking at. So for example, I clicked on the IP address and it gave me the two systems where we store IP addresses. So it’s very functional, meeting the regulatory requirements.

Rafael Moscatel:

What about data flows? How do applications like that make sense of those? Because they can be so complicated and so involved.

Priya Keshav:

Yes, so it’s very important to understand how your data is flowing. So you have to understand the place of origin and all the places that it goes to be able to truly … Both from a data governance standpoint, as well as a privacy regulation standpoint. Because if you are looking at a request where you need to delete the data, you have to understand that. For example, we’re looking at an HR process right now. So let’s say somebody got a resume from LinkedIn and sent it to Greenhouse and used Greenhouse for recruiting and then eventually, that person was hired. And obviously, their data was moved into Workday. Maybe they send some expense reports in and Concur was used as an expense reporting system.

So in this case, what happens is that if that person comes back and says, “Please delete my data,” you have to be able to understand that that person was an employee. And the fact that you probably had information about the interviews. If it is not yet past that retention period, there was probably information about their resume and the various background check that happened, as well as their employee information in Workday and every other benefit-type systems or analytics systems that it was passed onto from Workday. And the expense reporting system.

So the data flows helps you understand all the systems that are impacted, as well as exactly what type of information is flowing. So for example, Workday, in this case, is sending, as you can see, a bunch of information on a daily basis, via API, to Concur. So being able to map this is a fundamental step to being able to meet the privacy regulations.

Rafael Moscatel:

In this new environment, so many companies are being forced to do so much more with less. And I’m wondering: How do platforms like this, the Maru platform, enable those organizations to do that?

Priya Keshav:

So yes, we’re trying to … Everybody’s shifted to a work-from-home environment, and obviously, that increases security risk. And there is also a need to accelerate some of the programs towards digital programs, because there’s a need for more technology and for more and more technologies to be online, as opposed to on-prem, because of the changes that we’re just going through.

But we’re also facing budget cuts and the need to do more with less, and one of the best ways to use a data map is to understand and prioritize. Because you understand where your data is, how it’s being used, and what’s the most important as well as the biggest risks that your organization is likely to face, using the data map enables you to make informed decisions, as opposed to making decisions based on intuition. So I think there are so many different ways in which we build … And that’s what differentiates us because we don’t look at this as a privacy tool that just solely does privacy-related work, which is important.

But most organizations, with limited budgets, they’re trying to comply with the privacy program. But they’re also trying to leverage what they have to reduce their overall risk with data, to improve their security program, as well as trying to look at how effective their analytics programs are. So there are so many use cases, and truly, that’s one of the things that I think we look at it as fundamental to how a data map should work and how it should be a single tool that sort of brings everybody’s objectives together and helps them collaborate through the tool.

Simplify For Success

There is tremendous value to simplification. To quote Steve jobs, “Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it is worth it in the end because once you get there, you can move mountains.” We wanted to explore how people and companies achieve simplification in this series of posts.

Data is complex but our solution to managing data need not be complex. Can simplifying what we are doing help us to do more with less?

Simplification is a key focus for many companies and everyone understands how eliminating unnecessary complexity can lead to more successful outcomes. But achieving simplicity is hard. So why is simple not easy and obvious?

First, lack of time to simplify. Your processes or products can get more complex over time as new aspects are introduced. Or your first iteration to achieve your objectives might not be the simplest version – but you are in a time crunch to get that first product or prototype out of the door. In either case, you realize there might be simpler ways to achieve what you are doing, but you just do not have the time to step back and possibly disrupt your current state while redesigning and rebuilding a simpler and a more straight forward version. Again to quote Steve Jobs, “When you first start off trying to solve a problem, the first solutions you come up with are very complex, and most people stop there. But if you keep going, and live with the problem and peel more layers of the onion off, you can often times arrive at some very elegant and simple solutions.”

Second, a perception that simple might be inferior. Often detailed and sophisticated problems require complex solutions. A solution might feel basic or inadequate or not good enough. The thinking can be when the problem we are solving is obviously complex, shouldn’t the solution also be complex?

Finally, simplification efforts get held back by lack of clarity. Clarity around exactly what needs to done and clarity around what exactly is being done in each step of the process. Once that clarity is available, it is easier to eliminate processes or steps that are not adding value and only focus on those that are doing what needs to be done. But this is easier said than done.

So what do you think is the best way to simplify? How does your company view simplification? is the right approach to re-configuring processes to streamline and eliminate unnecessary or repeated parts of the process. Or do you see better results when you start from an innovation focused approach to simplification. Are new advances in technology or radical redesign the only way you can simplify?

If you would like to share your thoughts please let us know.

via Simplify For Success