SQLBits 2023 WIT Interview Series

The UnitedWeTech interview series continues by featuring the Women In Tech who are speaking at SQLBits 2023.  It was great to be a part of the SQLBits 2023 WIT Interview Series.  I talked about my upcoming session on governance and why it is important and ways to implement it. My interview can be seen here.

List of women speaking at data platform events can be found here.  

National Innovation Centre for Data: Data Strategy Report

The National Innovation Centre for Data has created a  new Data Strategy Report, compiled from last year's roundtable discussion. Download the report to read about the areas discussed and insights on the subject of data strategy.

The UK National Data Strategy Missions has 5 pillars which are aided through the new UK bodies that have been established to deal with the pace of change. The pillars are: 

• Pillar One: Unlocking the value of data across the economy 
• Pillar Two: Securing a trusted and pro-growth data regime 
• Pillar Three: Transforming government’s use of data to drive efficiency and improve public services 
• Pillar Four: Ensuring the security and resilience of the infrastructure on which data relies 
• Pillar Five: Championing the international flow of data

Various questions were considered and the report shares some key messages.

How do you build data strategy from first principles?

Key take home messages 

• First step in developing data strategy should be maturity assessment of both data and data capabilities 
• Strategy can be defensive (compliance-driven) or offensive (innovation-driven) 
• Data strategy can serve business strategy, or may become fully-fledged in its own right 
• Data strategy should be iterative

Building a data culture

Key take home messages: Three key points to discuss: 

• Ensuring wide ownership and contribution to the organisation 
• Avoiding C-suite dominance 
• Communicating and adopting data-driven culture within an organisation

To what extent should technology inform data strategy?

Key take home messages:

• Both tech and data strategy should be considered in one holistic approach
• Legacy tech / vendor lock-in should not inform data strategy
• Hierarchy should be communicated: Business -> Data -> Technology
• Data skills are hard to define and understand
• Elements of discovery and iteration are needed

Data strategy on a shoestring

Key take home messages:

• Examine business strategy for data-related objectives to develop data strategy
• Start small and iterate – bias towards action
• Become goal orientated
• Initially pick areas with less uncertainty for good case studies
• Give roles to existing staff members that have an interest in data innovation
• Use free / open-source tools to cut

Sharing data between organisations

A lot of organisations are hesitant to share their data and innovation across organisations has high value

Data skills in business and beyond

Key take home messages:

• There is a need to understand current level of skills and the level of data skills required for the roles. 
• There needs to be a connections between business skills and data skills
• Can be business specific, and is business size specific

The discussion outcomes highlighted the need for stronger definitions with maximum value being achieved from development and implementations with 

• Structures for Data Strategy development, communication and embedding
• Management tools to help guide users through the Data strategy process and;
• A community to generate, test and disseminate these.

Read the report for more details.

Microsoft Purview product portfolio

The Go Beyond Data Protection with Microsoft Purview session covered the Risk and Compliance and the Unified Data Governance portal areas. There were 5 areas discussed highlighting how these two areas have been drawn together to create a comprehensive defense-in-depth strategy. The tools help govern data and safeguard data where it lives at the data tier. As with any security and data strategy design for an organisation, each have their own unique needs. You can read more about the announcement here. The 5 areas

Identify data landscape

The start is data discovery, knowing where your data is and having a single pain of glass to view and manage the entire data estate.

Risk reduction to improve efficacy for data protection.

Protect sensitive data

This line of defence looks at putting protection policies in place. Tools here enable data to be classified and labelled with protection policies applied, rights management and encryption. Then be able to gain insights into how it is being accessed, stored and shared.

Risk reduction to prevent data leaks and data breaches.

Manage risk

This looks at potential data risks and risky behaviour to enable security teams to quickly take mitigating action. Management of internal risk with the right people, processes and training and tools.

Risk reduction against internal data misuse.

Prevent data loss

The balancing act of productivity without compromising data required proper access control, policies crated to prevent data being improperly saved , stored or printing of  sensitive data.

Risk reductions against unauthorised use of data.

Govern data lifecycle

Proactive data governance leads to better data security. The business teams are the stewards of their data following a unified data governance approach. 

Risk reductions will ensure data is responsibility democratised for the end user.

Looking at this differently this shows how the data map is central to protecting data. Microsoft Purview security best practices explains in more depth about the architecture.

Go Beyond Data Protection with Microsoft Purview

 Yesterday a lot of changes were announced for Microsoft Purview at the Microsoft security event securing your data with a multilayered defense.  Microsoft Purview is about managing data security risks across hybrid multi-cloud data estates that have a defense in depth strategy to mitigate risk. The recording can be watched at this link. The event covered

• Exciting new Microsoft Purview capabilities that will transform how you secure your organization’s data is. 
• See industry experts and analysts share how to stay ahead of threats to your data with a comprehensive, defense-in-depth approach. 
• The latest insights in data protection from Vasu Jakkal and other Microsoft Security leaders.  

The Microsoft Purview product portfolio five components for defense-in-depth approach are

Microsoft announced the public preview of Adaptive Protection in Microsoft Purview to help strike a balance between data protection and productivity. This interlinking capability detects risky users, assigns levels and dynamically applies preventative controls. This is context aware detection with dynamic controls and automatic mitigation.

The full scope of changes announced covered:

In the identify data landscape - the first is public preview new and improved and ready to use data classifiers for source code discovery, these trainable classifiers can detect partial and embedded source code across M365 files, pdfs and 90+ language file extensions, emails and teams messages. New trainable classifies can be used in auto labelling and dpl policies. In addition 23 pretrained out of the box trainable classifiers were released that cover core business categories like finance, operations  HR and more.

There are updated capabilities in Microsoft Purview data map GA of classification support for snowflake. For scanning tech meta data adding new data sources like Dataverse , Amazon Redshift and Tableau server.

The public preview of Microsoft Purview Metamodel that enhances the data map with business context about assets in your hybrid data estate.

Microsoft Purview data catalog updates include 

• GA for adding custom attributes for assets in the data map 
• business workflow support for assets updates
• ability to save and share complex queries

In summary 

Data Map - classification in MySQL and Salesforce

Data Catalog - Save and share complex queries, Creation of articles/wiki

Data Estate Insights - Data sovereignty, Movement discovery

There are 4 questions that we need to consider about data

• Where is my data
• What is my data
• Who has access to my data
• Is it properly governed

We were left with the exciting news that Microsoft are getting ready to go private preview combining the two current portals, Risk and compliance and the Unified data governance (formerly what was Azure Purview) for an end to end view . The Microsoft Purview foundation, provides that unified data map, data governance and data classification, along side, the mission critical risk and compliance to meet the requirements that the CISO suite has, and to organise things in a single place that they can collaborate on.

Resources:

Announcing Adaptive Protection in Microsoft Purview! Read the blog post here: aka.ms/adaptiveprotection/blog

Read our blog: aka.ms/MSPurviewNews

Check out our skill ing & learning paths: aka.ms/PurviewSkilling

Download our DLP Whitepaper: aka.ms/DLPWhitepaper

Digital Revolution Awards 2023 Shortlist

I am really excited to be announced as being on the 2023 UK shortlist for Outstanding Contribution to the #Microsoft community! To view all the other amazing people, I am privileged to be on the list with,  look at shortlist . Thank you goes to the 2023 judges of the digital revolution awards.