Latest Posts

<< >>

Tackling Complexity and Security – The InformaticaWorld 2015 Big Picture

The message from IT professionals at InformaticaWorld 2015 this past week was pretty clear. Complexity is making data management tough to do these days. Cloud and mobile was, in their minds, a great boon to business. Both gave access to applications that used to be frozen on desktops. It also meant that data security was more complicated than ever and the amount and type of data rapidly expanding. New IT architectures, microservices and containers, were leading to more flexible and easier to deploy applications. The unfortunate side effect was data silos of structured, unstructured, and semi-structured data. Add to this mix machine data a.k.a dark data – data generated by

Data Masking or Encryption

Last week I gave a talk at InformaticaWorld followed by a panel discussion with Manish Gupta and John Gibel, both of Informatica. In the midst of talking about the different methods of securing test data we found ourselves in a really interesting conversation about data making and encryption. We searched around for a clear answer as to which made the most sense in a majority of use cases. In the end, we settled on “both” and “it depends”. For those of you who don’t follow software testing, let me say, you should. It doesn’t matter your role in the software development process, everyone needs to test code and systems using

Informatica Goes Private

Today, Informatica announced that it has agreed to be acquired by international private equity firm The Permira Funds and the Canada Pension Plan Investment Board. The all-cash deal, which values Informatica at US$5.3B, takes the company private. Private equity takeovers are as rare as white tigers in the IT market with mergers and acquisitions with other tech companies more common. The most recent (and dramatic) exception was Dell which was driven by founder and CEO Michael Dell. Like Dell, taking Informatica makes infinite amounts of sense. The conversion of revenue from one time capital expense to subscription based services is making it hard for technology companies, especially software companies, to

Disruption and Failure = Waste

It seems like I can’t get away from two ideas that have been widely adopted by the information technology industry – disruption and failure. The first trope says that the best company is a disruptive one. By disrupting the status quo, in markets and inside a company, you create change. The second trope is that failure is good so long as you fail fast. You see this often in companies that have pivoted. Their first business model or product has failed but they are building something else using technology and money obtained using the first idea. There are problems with this both of these ideas because of something they share

Leverage Talent through Master Data Management

Who are you? Not philosophically but digitally. What is your identity within your organization? Not just for authentication purposes but for informing others what you have to offer and what you want. This is not a trivial question, at least from a software point of view. Each of us is likely to have many different digital footprints at work. Who you are on the enterprise social network, through email, or even on external services such as LinkedIn cannot be divorced from who you are in the company directory. Your transactional work product, usually recorded in a System of Record is also a part, but an incomplete part, of the total

Tackling Complexity and Security – The InformaticaWorld 2015 Big Picture

The message from IT professionals at InformaticaWorld 2015 this past week was pretty clear. Complexity is making data management tough to do these days. Cloud and mobile was, in their minds, a great boon to business. Both gave access to applications that used to be frozen on desktops. It also meant that data security was more complicated than ever and the amount and type of data rapidly expanding. New IT architectures, microservices and containers, were leading to more flexible and easier to deploy applications. The unfortunate side effect was data silos of structured, unstructured, and semi-structured data. Add to this mix machine data a.k.a dark data – data generated by and for devices and computer systems themselves – and the data landscape has become a complicated mass of different types of data, spread throughout thousands of sites, systems, and devices. It almost makes one long for the days when all of a company’s data was in a handful of SQL databases that powered a few applications.

Teasing value from all this data had become a headache to say the least. If just finding the data an organization needs to analyze is hard, making it useful sometimes seems impossible. Data is dispersed through the organization and often quite dirty with errors or no clear way to connect data together. Thankfully, technology has advanced beyond a data warehouse where we stuff aggregate data from a few systems. We can now build data lakes – data repositories with cleansed data and prepackaged and have user-friendly query capabilities that can tie together information from many disparate systems. This has had the unfortunate effect of creating a needle in the haystack problem. Business analysts now have access to so much data that it’s easy to drown in the data lake.

The same was true of data security. Mobile devices, cloud systems, and containers have made data much more portable and, hence, dangerous. It used to be that a company could secure its network and critical databases and the data was mostly safe. The sophistication of threats has, however, increased dramatically. More important (and somewhat perverse), by making data available to many more business users, in order to get more value out of data, managing the security of data has gotten more difficult. Between complexity and security, using an organization’s data to its advantage is, in some ways, harder than it used to be.

And that was the point of many of the announcements at InformaticaWorld 2015 of course. Project Atlantic is a great example of a forward thinking product strategy. It looks to harness dark data by converting it into something useful to a human analyst. In an ironic twist, Informatica is using machine learning to transform machine data into something people can understand. Another announcement, Project Sonoma, looks to simplify the management and use of Hadoop-based data lakes. Products like this, along with user facing tools such as Rev, will make data lakes more accessible allowing business users to gain value from huge amounts of corporate data. Informatica is expecting to add streaming data to Project Sonoma in 2016 which should greatly enhance the ability to use Internet of Things and other machine data as well as streaming social media data in data lakes. Remember, getting data into a data lake is one thing, making use of it is really hard. Project Sonoma looks to take allow companies to spend more time getting value from data instead of managing it.

Finally, Informatica demonstrated a variety of technologies for securing data. Informatica has had data security products, including data masking, for a while but now have a full management layer called Secure@Source. This product provides a dashboard that shows where there are data security flaws and when policies are being violated. It’s a tool for both the DBA and security administrator which sits squarely in both the data governance and security fields of IT.

A picture emerges from this conference of a company that is very different than it was even five years ago. While Master Data management is still the core business, Informatica has made it clear that they are really the data value company. The mission is to help customers do more with data by making accessing, securing, and integrating data across the enterprise a much easier process. And this is something that IT and business users can agree that they need.

Data Masking or Encryption

Last week I gave a talk at InformaticaWorld followed by a panel discussion with Manish Gupta and John Gibel, both of Informatica. In the midst of talking about the different methods of securing test data we found ourselves in a really interesting conversation about data making and encryption. We searched around for a clear answer as to which made the most sense in a majority of use cases. In the end, we settled on “both” and “it depends”.

For those of you who don’t follow software testing, let me say, you should. It doesn’t matter your role in the software development process, everyone needs to test code and systems using some data source that mimics production data. With collaborative development, DevOps, mobile and cloud – both for and on these platforms – becoming more prevalent, the days when you could copy a chunk of production data and test away are long gone. There are too many ways that a test data set can find itself sitting in front of the wrong eyes. Those eyes might even be yours.

And this is where the debate starts. Data masking is great for securing discrete types of private data from being viewed by someone who should not and probably does not want to look at it. Encryption ensures that only authorized people, authorization given in the form of a password, can work with data at all.

Data masking helps hide specific data while making it useful for testing otherwise. Done properly, data masking not only replaces data with nonsense, it makes sure that the nonsense looks real. Encryption makes all the data unusable, including metadata, until decrypted. You can’t test with encrypted data until you unencode it.

These are, as the panel concluded, mutually beneficial approaches. If you are carrying test data around on a laptop or mobile device, you want to keep it encrypted until you need to use it. However, even after it’s unencrypted, some data may need to be masked to protect privacy. Encryption protects data from others’ eyes, data masking protects it from yours and anyone looking over your shoulder.

Developers and test data are more mobile than ever. Containers make it easy to move a development stack with test data around. Mobile devices and cloud deployments raise the risk that test data will end up somewhere other than intended. Encryption with data masking provides a complimentary approach that provides a safer environment than each individually does. It’s the belt and suspenders for test data.