Month: October 2022

The Evolution of the Chief Data Officer: Data Point of Authority

Posted on by Yaniv Yehuda

According to LinkedIn (Sep 2022) there are 152,000 Chief Data Officers globally, serving companies across all business segments.

What is the role of Chief Data Officer?

The role of the CDO (Chief Data Officer) was largely introduced to the market by banks and insurance companies, following the 2008 credit crisis. The crash that occurred drove a demand for a C-level role to ensure data integrity and enforce full transparency for regulatory and risk management. This new role would also foster the growth of greater decision making related to artificial intelligence, machine learning, and smart analytics.

Today the CDO, and database compliance in general, necessitates determining what types of information the enterprise will capture, retain and exploit for different purposes, as well as how to best store and process data that most benefits the organization.

S/he understands the business value of various types of data and can convey to data stakeholders the best ways integrate business needs with better data management.

Many CDOs have become innovators, driving the business toward digital transformation and pursuing new methods for revenue generation by harnessing data-driven wisdom.

In 2020, dynamic pricing made news headlines as very common products such as toilet paper and hand sanitizer suddenly changed dramatically. More common examples of dynamic pricing are airline prices, rideshare surge pricing and rental rates that change hourly. It’s all based on demand and driven by data. As a result, organizations today have a growing number of data-savvy consumers that check for updates daily, if not hourly.

For these reasons, Chief Data Officers frequently work closely with Chief Marketing Officers (CMO)s, to not only drive better pricing, but to use data for better customer online experiences and interactions, with the ultimate goal to drive more sales.

CDOs also generally work closely with Chief Information Officers (CIO), a position that supports the company by maintaining processes for collecting, storing and accessing the data. And, while it is easy to see how there may be overlap in the responsibilities of these two positions, CDOs are ultimately responsible for not only compliance, but also for data quality.

As artificial intelligence, and business intelligence in general, play greater roles in organizations’ success, CDOs’ responsibilities have also expanded significantly to include collecting, storing, ensuring quality and appropriate dissemination of the data. Some of the ways they do this are below:

  • Using advanced technologies to collect from multiple sources
  • Developing and maintaining data warehouses
  • Creating systems that ensure data integrity
  • Establishing corporate policy for data governance practices
  • Broadening access to data via internal systems
  • Ensuring data protection and privacy regulations are adhered to

Although the CDO, and data governance in general, arguably grew the most at the turn of the 21st century, especially related to compliance regulations after the great recession of 2007, the last bullet point above carries with it its own set of issues. In May of 2018, consumers across the planet were suddenly awash with emails from companies sharing updated “privacy” policies due to Europe’s new General Data Protection Regulation (GDPR). American companies that sold only domestically found little respite as the state of California followed suit that same year with their own California Consumer Protection Act (CCPA). Both of these new laws required strict adherence by companies to safeguard consumer data and establishing new “rights” for consumers, including the rights to:

  • Opt-out of the sale of personal information
  • Delete personal information collected by the company
  • Know about the data collected and how it’s used/shared
  • Exercise privacy rights without discrimination by companies

New privacy laws and the Chief Data Officer’s role

These new laws placed a heavy load on CDOs internationally, changing the way companies were permitted to handle their own, internal consumer data. From first-party cookie tracking to online shopping carts, businesses’ methods for handling data and communicating with their customers faced sudden difficulties.

As software development teams sought to ensure they were compliant with privacy laws, competitive pressures also required new ways to expand and increase the capacity for quicker software releases. That continues to be the case today. As a result, manual governance of database changes has become a real challenge and serious concern. Ensuring data security and safety, while avoiding unnecessary data duplication and rework, requires automation.

CDOs have become companies’ data authorities and do much more than ensuring data compliance with regulatory bodies; they are necessarily focused on leveraging the right technologies and solutions, enabling them to supervise and monitor the growing significance of data management, especially as it relates to software.

How can database compliance help?

DBmaestro, provides a 360° view of all data components. It starts with DBmaestro’s Source Control product (DBM-SC) that manages all changes made to database code, structure or content across all teams. The DBmaestro DevOps product ensures end-to-end CI/CD processes are secure, fast, safe and fully governed. DBmaestro reduces the load on the CDO by adding smart, automated and audited processes that accelerate feedback loops between developers and DBAs, saving time and eliminating costly rework and downtime.

To see more on superior governing of database changes and processes, click here.

Database DevSecOps: The importance of the “Sec” in DevOps

Posted on by Yaniv Yehuda

In the 2022 Accelerate State of DevOps Report, more than 22 billion records were exposed because of data breaches. The lack of security that led to these data breaches would have been prevented through the introduction of security automation at every step, as more and more companies are learning. (Interestingly, the 2019 State of DevOps Report informed readers that “elite” teams deploy several times per day. It is perhaps a harbinger of the growing trend toward automated security, that by 2022 the Accelerate Report no longer reported on “Elite” teams, the standard for previous years.)

While every DBA and Dev team may want to move faster and be more agile, running faster isn’t necessarily wise if you’re doing so with limited vision. And the lack of DevSecOps automation has universally caused a few key fallout outcomes, including:

  • DBAs have become the single point through which changes flow.
  • Database professionals must prioritize integrity and security over the Devs need for speed.
  • DBAs and database teams are frequently viewed through the lens of strict/rigid/slow data professionals who take too much time to deploy.

What is DevSecOps

DevSecOps is not primarily about setting up processes that combat operational errors. DevSecOps is about safe and secure collaboration across teams. Changes to the database are considered one of the riskiest and slowest processes in all of software development. Therefore, tried and true DevSecOps tools, ensuring database security compliance, is crucial.

The sheer magnitude and variety of tools, especially considering architectural variations, challenges database systems and environments to work coherently. Several teams working in silos, all handling different projects, often unaware of shared database elements, makes moving to corporate continuous integration and development a necessity.

A secure DevOps process requires increased team collaboration, extended beyond the development team. Data architects and DBAs must join forces with the security team and accumulate their value starting in the early changes design phase. While securing databases used to occur at the end of the development cycle, only reviewing and certifying after testing, continuous integration and deployment have removed that window. As a result, “DevSecOps” (a term credited to Neil MacDonald of Gartner in 2012) literally placed “security” in the middle of DevOps.

In 2019, with Dale Gardner, Neil MacDonald published “12 things to Get Right for Successful DevSecOps” where he offers the pragmatic advice that mechanization and DevSecOps automation tools are key to securing your data (e.g. #5 “Train developers on secure coding, but don’t expect them to be security experts”). Along those lines, #8 on his list is, “Implement stronger version control on all code and components.” This one step enables developers to check their changes in a common repository during the development process. It also ensures that everyone has the latest version of changes, as well as the “who,” “what” and “when” audit trail of all changes.

With a great source control tool for the database in place, continuous integration is possible, automatically testing changes at the point that they’re committed (and ensuring that they’re not breaking changes). Besides, if DBA and Dev teams are deploying scripts manually, it’s not only a threat to the system but an inefficient use of their time.

Five key takeaways that make “Sec” work

  1. A clear definition of roles and responsibilities… The common practice of granting access by login + password heavily increases corporate risk. Roles can be managed and access can be granted by specific responsibility (e.g. environment(s), database(s), schema/projects). Dedicating permissions to specific roles maximizes flexibility, but also ensures the user’s credentials always match what he or she is supposed to do – with a full audit trail.
  2. Making any change apparent, transparent and applicable to everyone is crucial. It avoids conflict and ensures the streamlining of database releases. It also enables, again, a full audit trail and monitoring of changes. This essential governance empowers all automation as well as safeguards the DB release processes.
  3. Applying a corporate “Sec” policy has never been easier. Using DevSecOps enables automated qualification of changes, made with secure automation, verifying that there is no violation of coding rules, policies and pre-identified practices.
  4. Dry-running the code first ensures that the broken code never actually gets to your database.
  5. The marriage of Source Control and DevSecOps for the database, means ending configuration drifts, partial updates, running a CI process to ensure changes can be implemented safely, and then releasing them to different environments.

How to implement database security

Implementing security and compliance should be done as early as possible in any automated or DevOps process. DevSecOps will enable you to make sure you can provide a secure application to your customers while assuring the quickest time to market and a well ironed-out process. Issues will either be prevented early or efficiently reported back to development with a short feedback loop. The overall process will become more secure, effective, and less costly due to the prevention of reworked solutions and reduced downtime.

DBmaestro helps companies make DevSecOps plans go live. Schedule a demo today