Acme fined 1 million dollar breach for trading speed over quality.
Tightening regulations
Rapid rate of change
Expanding definitions of PII
So many vendors/platforms
Inability to change apps or database
Maany different techniques for security and privacy protection
No easy button
High cost of compliance
Are the system secure by default?
Is there legit data sharing
Implementation revocation: when user deletes data we need to delete from data base
Handle zero-day failure/attacks
Getting developers attention
Anti-patterns for PII security and user privacy
No PII here strategy
All data is PII strategy
Impossible approval process
Strategies for securing PII at runtime
People are the weakest link
Optimize for number of people that will mess up intentionally or unintentionally
Enforce the narrowest possible set of permissions
Regularly audit the permissions which will change as people change, projects change. We need to think who needs access to data, why do they need access?
For Tech
Optimize for the number of silo that will be breached
Data needs to be siloed and micro services are great for this
Keep data close to source
Monitor PII transfer
Expire data automatically
Virtualise access to master data records through layers
Trino was called PrestoSQL. Resurface is the API observability solution, it uses Trino as the query engine.
Data Centric 