Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Play next
Kasriel Kay: From Data Governance to Data Enablement image

Kasriel Kay: From Data Governance to Data Enablement

S1 E26 ยท Straight Data Talk
Avatar
0 Playsin 8 hours

Kasriel Kay, leading data democratization at Velotix, joined Yuliia and Dumke to challenge conventional wisdom about data governance and catalogs. Kasriel argues that data catalogs provide visibility but fail to deliver business value, comparing them to "buying JIRA and expecting agile practices." He advocates for shifting from restrictive data governance to data enablement through policy-based access control that considers user attributes, data sensitivity, and business context. Kasriel explains how AI-driven policy engines can learn from organizational behavior to automatically grant appropriate data access while maintaining compliance, ultimately reducing time-to-insight and unlocking missed business opportunities.

Recommended
Patrick Thompson: From Data Quality to Decision Quality - Building Structured Systems in an AI-First World image
Patrick Thompson: From Data Quality to Decision Quality - Building Structured Systems in an AI-First World
S1 E25 ยท Straight Data Talk
00:44:30ยท27 days ago
Kir Tititevsky: Modern Streaming Architecture Transforming the Service Bus image
Kir Tititevsky: Modern Streaming Architecture Transforming the Service Bus
S1 E24 ยท Straight Data Talk
00:43:05ยท2 months ago
Serhii Sokolenko: Building a Python-First Compute Platform for Data Engineers image
Serhii Sokolenko: Building a Python-First Compute Platform for Data Engineers
S1 E23 ยท Straight Data Talk
00:55:44ยท3 months ago
Andrii Yasinetsky: Building an AI Startup & Reshaping Healthcare, AI Democratization and Changes It Brings to Tech Jobs and World Economy image
Andrii Yasinetsky: Building an AI Startup & Reshaping Healthcare, AI Democratization and Changes It Brings to Tech Jobs and World Economy
S1 E22 ยท Straight Data Talk
00:58:55ยท3 months ago
Jess Kyle: How Communication, Empathy, and Trust Transform Data Work image
Jess Kyle: How Communication, Empathy, and Trust Transform Data Work
S1 E21 ยท Straight Data Talk
00:58:17ยท4 months ago
Deepti Srivastava: Systems Thinking for Enterprise AI image
Deepti Srivastava: Systems Thinking for Enterprise AI
S1 E20 ยท Straight Data Talk
00:56:33ยท4 months ago
Bogdan Banu: From Zero to Data Platform in Startup image
Bogdan Banu: From Zero to Data Platform in Startup
S1 E21 ยท Straight Data Talk
00:56:18ยท4 months ago
Jason Touleyrou: How to Make Data Governance Work in Organizations image
Jason Touleyrou: How to Make Data Governance Work in Organizations
S1 E18 ยท Straight Data Talk
00:55:32ยท5 months ago
Richard He: The Cost of Inaction for Data Teams and Data Platforms image
Richard He: The Cost of Inaction for Data Teams and Data Platforms
S1 E17 ยท Straight Data Talk
00:55:16ยท5 months ago
Paolo Platter: From 10 Years of Data Consulting to Creating Witboost - A Platform that Scales Enterprise Data Products image
Paolo Platter: From 10 Years of Data Consulting to Creating Witboost - A Platform that Scales Enterprise Data Products
S1 E16 ยท Straight Data Talk
01:03:26ยท6 months ago
Amy Raygada: Data Consultancy in 2024: Navigating AI Hype, Org Silos, and Drive an Impact image
Amy Raygada: Data Consultancy in 2024: Navigating AI Hype, Org Silos, and Drive an Impact
Straight Data Talk
00:56:33ยท6 months ago
Danilo Sato: AI Readiness image
Danilo Sato: AI Readiness
S1 E14 ยท Straight Data Talk
01:00:13ยท7 months ago
The Hidden Costs of Modern Data Stack image
The Hidden Costs of Modern Data Stack
S1 E13 ยท Straight Data Talk
01:06:03ยท7 months ago
Scott Hirleman - Cost Managment in Data image
Scott Hirleman - Cost Managment in Data
S1 E12 ยท Straight Data Talk
01:01:49ยท8 months ago
Daniil Shvets โ€“ Data Science is more a business activity rather than IT image
Daniil Shvets โ€“ Data Science is more a business activity rather than IT
S1 E11 ยท Straight Data Talk
00:58:20ยท8 months ago
Eric Broda & JGP: Implementing Data Mesh and Beyond image
Eric Broda & JGP: Implementing Data Mesh and Beyond
Straight Data Talk
01:03:03ยท9 months ago
Sayle Matthews - Reflection on Google BigQuery Cost Changes After 1 Year image
Sayle Matthews - Reflection on Google BigQuery Cost Changes After 1 Year
Straight Data Talk
01:07:41ยท9 months ago
Michael Toland - How to Make Data Products Work in the Enterprise image
Michael Toland - How to Make Data Products Work in the Enterprise
S1 E8 ยท Straight Data Talk
01:02:26ยท10 months ago
John Grubb - Making FinOps Work Like an Engineer image
John Grubb - Making FinOps Work Like an Engineer
S1 E7 ยท Straight Data Talk
00:58:04ยท10 months ago
Jean-Georges Perrin - Make Open Data Contract Standard (ODCS) Work image
Jean-Georges Perrin - Make Open Data Contract Standard (ODCS) Work
S1 E6 ยท Straight Data Talk
00:56:33ยท11 months ago
Transcript

Introduction of Guests and Their Backgrounds

00:00:00
Speaker
Hi everyone, it's Yulia and Damki from StrayDityTalk and today we're happy to ah host Kastriel from VelodX. Kastriel, please jump introduce yourself.
00:00:12
Speaker
Well, guys, it's a really great to be here. Thank you for the opportunity. um So yeah, Kassriel Kay, born and raised in Johannesburg, South Africa, currently leading what we'd like to call daily democratization at Velotics.
00:00:26
Speaker
It's a buzzword, but we're going to get into it, I'm sure. And I'm just looking forward to there to the next conversation with you guys. Yeah, thanks so much. Very excited to have you here. yeah gar thank you Thank you for joining.

Controversial Views on Data Catalogs

00:00:39
Speaker
i'm mean like um So basically we got connected with you over the b LinkedIn and i saw this article of yours about why data catalogs do not work.
00:00:51
Speaker
ah Wow, now you're now you're accusing me of saying some and pretty ah pretty hectic stuff. Well, not accusing, I'm stating in the facts.
00:01:01
Speaker
um So listen, i just just ah to say it upfront, I very much agree with you because it's like buying the data catalog and expecting data governance in place is the same as buying Jira and expecting agile ah you know i ideal practices say in the company. This is very much how I feel about it as well.
00:01:24
Speaker
ah What basically triggered me a lot ah about your article is um you said things like we achieved visibility with catalog a data lineage, but we didn't achieve value.

Measuring Value in Data Governance

00:01:41
Speaker
This is so spot on for me, but I was wondering how do we measure value from this kind of tools and can we measure value from data governance world?
00:01:55
Speaker
and So that's a very, very good question. um And to to just to reiterate the point that I was really going through with with the with data catalog article was I hear a lot from people in the industry that we're currently just trying to understand where where our data is.
00:02:12
Speaker
And then my follow up question is, with all due respect, that's a great ah aspiration, but then what? So now you know where data is. Doesn't mean you just give it to everybody. What do we do then?
00:02:22
Speaker
So you put huge amounts of money into a catalog, which is a very, very important foundational step. but it doesn't give you get you anywhere closer to being able to you know reduce time to insight and those things which we'll get into now about where how do we put an our ah ROI or or value on a data catalog. So that's something which I also hear a lot from some data governance, people in the data governance industry is that they struggle to get buy-in from their stakeholders for data governance initiatives, data management initiatives, use whatever title

Changing the Data Governance Narrative

00:02:55
Speaker
you want. and
00:02:56
Speaker
The reason I believe, um and this is something which I've said to a number of people and we've we've managed to actually get them over the line with this with this approach, is that when we speak about the word governance, it automatically brings up the this idea of restriction, of and data governance people being ah the bad people.
00:03:16
Speaker
And and but the previous article I wrote is actually titled, ah if you work in better governance, this is why everyone probably hates you. And the soon as we change change the narrative to bad being, how do we give access?
00:03:32
Speaker
to everyone or almost everybody and how do we do this quickly. And what does this result in? and It's very simple what it results in. We have to go to the business side of an organization to run that ah ROI.
00:03:44
Speaker
That ROI is very simple, is how much time do we reduce time to insight? How many opportunities do we miss because we don't get data quick enough because it's all tied up in this red tape? Understandably, we need to be compliant. We need to have regulatory things. We have internal regulatory regulation. We have geomapping locations, ah regulations, but the end of the day, there's an opportunity on the table, this decision needs to be made, and that decision needs to be backed up with data. And the people making those decisions can't get access to data quick enough to derive those.

Reducing Time to Insight for Business ROI

00:04:16
Speaker
So the second you start to understand how much
00:04:20
Speaker
opportunity you miss or how much opportunity you can actually take ah take and with having quick access to data and and saying that we're not we're not using data governance, it's data enablement or data catalysation.
00:04:35
Speaker
or something like that data activation, then you've got a listening ear from dish shit the stakeholders because they understand that we are, this program, governance program, whatever you want to call it, is directly affecting the bottom line of this business.
00:04:53
Speaker
You said something very interesting there, I think, which is um that you know um when you're in data governance, it's it's easy for people to hate you, right?
00:05:04
Speaker
And I think theres there's some truth to that, but there's also a threat in there that I like to pick out a little bit, which is um the choice of defaults that you make, right? So do you open up all your data by default or do you close it off by default?
00:05:21
Speaker
And then... Yeah, was thinking maybe you can speak a little bit to to the ups and downs of that. One thing I'm thinking of, for example, is if you open up everything, then obviously you can easily get a kind of data swamp or you have a lack of definitions.
00:05:37
Speaker
Whereas if you close it off, you know you get the upper side opposite effect. Like you said, there's there's it's very hard to make decisions based on um data. So i was wondering what your experience is

Complexities of Data Access

00:05:48
Speaker
with that. Yeah, for sure. It's a very, very good question. First of all, it needs to be stated that there isn't a hard and fast rule.
00:05:55
Speaker
It's also important to remember that some organizations have a lot more sensitive data or PII than others. And this challenge is not saying that everybody struggles with. A lot of organizations struggle with it. And as we see, especially ah in the EU with the you know the impending EU Data Act and what that's going to mean for IoT and third party data and all that kind of stuff.
00:06:17
Speaker
This is eventually going to be ah challenge that everybody is going to have to take into account, which is we have data which is considered sensitive and how do we act with it? And for us, and my my vision is that it's not a yes or a no, it's about a how, because a very important element to remember is yes with the advent of AI and bots and all this stuff.
00:06:40
Speaker
this is a the The request and sharing of data is a transaction between two people. And people are different. And each person has their own way of doing things and their own emotions and their own thought process, et cetera, et cetera.
00:06:52
Speaker
And when it comes to sharing data with other people within the organization, I would like to take into account as much as possible other variables, not just their role, but their attributes, who they are, what they're doing in the company, and what projects are they working on, where their location is, and and then also take into account the sensitivity of the data that we have.

Approach to Data Access Based on Sensitivity

00:07:15
Speaker
And when we marry those two, it takes the whole question of do we tie all up or do we make it a free-for-all and backtrack afterwards when it comes to order time? It's not about that. It's a completely different model, which is saying,
00:07:28
Speaker
we can grant access to pretty much anybody. We just need to understand how we do it and what masking or PETs do we apply to that data to allow people to have data.
00:07:40
Speaker
And they going back to the data governance question, It's not about yes or no, but about how. So that's really the approach that that we take I take to allowing allowing people to have access to data, ah sensitive ah data, especially within the BFSR industry where there is a lot of sensitive data.
00:07:58
Speaker
And you know it all sounds all laissez-faire now, and it sounds you know all way like a political utopia. But there are regulations that we need to make sure that we are we are first and foremost, ah adhere to.
00:08:11
Speaker
So when we talk about sharing of data, to all that in mind, and being compliant, but yeah making sure you know that the clients of the organization feel comfortable is safe with the sharing practices, but and this is something which is done it it can be done.
00:08:27
Speaker
That's a lot, I'd say. Yes. In a sense, so um again, you know, we are representing here two vendors, right? I'm representing Math Head, obviously, you know, and despite being the host of the podcast and you are representing Velotex, obviously.
00:08:51
Speaker
So um coming from Google Cloud background, and then I can say I'm a Google Cloud girl, They have analytics hub and this is the closest I can think of.
00:09:02
Speaker
Plus there is Google BigQuery IAM permissions, which is super granular. Like today, i um i'm I'm not sure how it's set up in Azure Clouds, but you can achieve a lot.
00:09:13
Speaker
Plus the policies ah that can propagate, including ah analytics hub. um How do you guys... How would you position yourself?

Integration Challenges with VelodX Systems

00:09:24
Speaker
So, I mean, at least I couldn't understand where you guys sit, how
00:09:33
Speaker
easy, how difficult to implement this, what would you guys cover, what kind of databases, ah how do you yeah how do you navigate about that? So you're asking for the whole sales pitch is what you're saying to me?
00:09:48
Speaker
Well, you know, maybe not salesy, but yeah, think, yeah, go ahead. so yeah, 100%. So that the the the starting point, I guess, is that organizations have invested hundreds of thousands, if not millions, probably most of the time millions of dollars or euros or pounds into the data ecosystem.
00:10:12
Speaker
Big tools, big players, your Microsofts, your IBMs, your Oracles, really big tools who me and my wildest dreams don't want to compete with, do not want get in a boxing match with, et cetera, et cetera.
00:10:25
Speaker
But with all of this ecosystem comes a number of challenges. And the first thing I would say is, and this is to anybody listening when we talk about, truly when we talk about a new product, especially in an environment like the data world.
00:10:43
Speaker
like Exactly. there are There are very, very big players and people have invested a huge amount of time in the infrastructure in overcoming ah shareholder, stakeholder and opinions, so they finally managed to go data governance and implemented ah sign know you could get a implemented, catalog implemented.
00:11:01
Speaker
And the first thing we have to be very careful about is not to insult or make redundant the work and effort that people have put in. That's my number one objective, and because otherwise it'll get you chucked out pretty quickly.
00:11:13
Speaker
But um to tell you a little bit about what we're doing, what our vision is, I'm going to say quite simply, so We built Velotics on, i would say, what I would call a pretty stubborn truth, which is organizations don't suffer from a lack of data.
00:11:29
Speaker
That we have lots of. They suffer from an inability to use it fast, safely, and meaningfully. The data's there. We've got all the stacks. We've got everything in our stack. We've got all the lakes. we've got or we just you know but We've got everything we need.
00:11:42
Speaker
But when it's time to act, We make a decision within the company, how are we going to take this company forward? Are we going to buy? Are we going to sell? Whatever it is, people are still waiting for access to data, and they don't have the data at the at their fingertips to be able to do this.
00:11:56
Speaker
So the real question is obviously how? what's What's the vision? What's the logic behind this? And it goes as follows. So what we're saying is that we want to take... dynamic policy-based access control.
00:12:09
Speaker
That's a very big word. But we call it PBAC, so policy-based access control. And we're applying it just across the entire data stack. When say entire data stack, I mean from warehouse to BI to to ai to and everything in between, and structured and unstructured.
00:12:27
Speaker
Not application. We deal on on the database level. We do obviously seem to reintegrate Salesforce and a couple of others, but we' we're more in the database space. What we're actually doing is we're not just asking if somebody should or shouldn't have access to data.
00:12:46
Speaker
We're asking about how we can enable them to have access to data.

Introduction to PBAC at VelodX

00:12:51
Speaker
And that's the whole P-back logic. The P-back logic is we have a policy. we have a We have a logic behind what what access we're going to give.
00:13:00
Speaker
we're We're taking into account of not just the person's role, so we're moving away from the role-based access. we are We are saying, ah why we ah we want to understand the attributes of this person. And based on the attributes of the person, married with the sensitivity, that sensitivity rating, which we are able to apply every single data set, whether it's irrespective of its location, we're able to make some very, very precise and granular recommendations.
00:13:27
Speaker
So what privacy enhancing techniques we apply to database sets for that specific request. So if I tie all together, we're enabling people to request access to data, whether you're using an existing workflow, whether it's ServiceNow, email chain, whatever the company is using.
00:13:44
Speaker
I don't want to rip out and replace. Once you've requested access to data, goes to the data data and owner, and we are able to make recommendations about what permissions should be applied to this data to enable them to have access and to still allow it to be compliant to whatever regulation the organization needs to be complying with, whether internal, external.
00:14:05
Speaker
That doesn't matter to me. And what we're able to do is then we're able to apply those privacy-enhancing techniques on the database level. So wherever Yulia, for example, consumes this data, she will have access or visibility to the to the data that she had been given permission to see.
00:14:21
Speaker
And most of the time, she wouldn't even notice that there's some data which is not there because it's been hidden, it's been redacted, or whatever it is. And what this essentially does is it's allowing people to have access to the right data at the right time for the right business use case.
00:14:37
Speaker
Domka, do you have a question? Because I'm ready to jump in. Oh, yeah yeah, yeah, No, definitely. There are lots of questions. I think this is this is super interesting in in terms of a shift, right? And so the first thing i think is is maybe good to expand a little bit on is if you if you can maybe tell people. So the default kind of approach here is is to have role-based access controls, right?
00:15:03
Speaker
know Maybe you can speak a little bit about um how how would you say that roles differ from policies? And then as a next step, what I always find one of the most, basically the hardest part of setting this up is how do you then define this for an organization? Like defining roles and and teams and and hierarchies in organization is usually or already very hard.
00:15:28
Speaker
I can assume that that setting a policy is maybe a little bit easier the way I think of it in my mind, but it's still going to be very hard to set it up correctly.
00:15:39
Speaker
I would add, just I would add, because I think it's very much, I have the same question, how do you actually define which people in the end? but it's It's not even the group of people in policy, because you mentioned that you work If this a person, let's say from the marketing and they allocated, let's say in Germany, they are entitled to have access to ah data originated in in Germany, right?
00:16:07
Speaker
And these that is applicable for marketing. how do you How do you navigate that on top of the policies and IAM roles? So, guys, very, very, very good questions.
00:16:17
Speaker
And we're going to start with the end. And we'll see to our policies. There is generally within an organization, one or two or three people who have what we call that tribal knowledge about what we do when someone requests data.
00:16:36
Speaker
There's generally those people. Let's start with that. in the In the event that there isn't, we can talk that in a second. Now, what we want to do is, I don't want to, it's not about taking a policy which a external auditor necessarily the legal department has drawn up and and make and then copy pasting that and say, okay, let's put this into action.
00:16:58
Speaker
What we're doing is we're learning from the way the organization currently grants access, that creates a policy. And then we're able to send it to legal or whatever it is. And we can always now, we can now compare where we are in relation to how it does our actual access differ from what we have set out to do.
00:17:19
Speaker
And then with that, Velocity is also able to put the two together and be able to say, okay, so to realign ourselves or to get ourselves aligned with the what we've set out, we need to do this, we to do that. Or if a new regulation has come out and we need to adjust access for 2,500 people, 3,000 people across multiple platforms, well, we can facilitate that um with the click of a button.
00:17:43
Speaker
So what we're what we're doing is is learning from the behavior and creating policies based on that behavior so we can then basically check um if that's matching.
00:17:56
Speaker
Any questions on that bit?
00:18:00
Speaker
How do you learn it? How do you learn it? Now, so how do we learn it? so I've gotten this far with without mentioning the word AI because it's not it's not AI.
00:18:12
Speaker
The inception of Alertics was way before the AI bubble. and Some very, very good LLMs,
00:18:22
Speaker
and AI, whatever you want to call it, but not a GPT style. it's say It's a, it's a, it's an LLM, which is hosted on the client.
00:18:33
Speaker
We have no access to it. I don't use it to learn from one organization, apply it to another. And. That NLM is what's learning and understanding what permissions are being applied.
00:18:44
Speaker
And that's what creates the the nos what feeds into the policy engine. We're also connected to the IAM. So we understand who's who in the zoo. We understand the join and move a lever. We understand as people move through the organization.
00:18:56
Speaker
And we've also created at the same time data sensitivity repository, so to speak, where we've gone through, we've either aggregated existing data catalogs that the organization has.
00:19:08
Speaker
We don't

AI in Data Access Policy Creation

00:19:09
Speaker
replace people who've invested good money into them and they do a great job at what they do, but there are often gaps. You've got certain tools which are good for certain stacks, but then you've got, I don't know, a good example was have worked a client who was using a certain, not too bad enough, anybody using a certain data catalog, but the S3 buckets were absolutely not covered.
00:19:29
Speaker
black hole for them, real regulatory nightmare, et cetera. So we can fill in all the gaps, assign sensitivity ratings to all data sets. Well, it's the organization decides what the sensitivity. um but ah I'm not a i but a legal advisor.
00:19:44
Speaker
and But once we understand who's you in the zoo, and once understand the sensitivity of the data, we're able to start to learn from those, the access granting as it happens, create those policies, and then we can always go back and match them in a constant state of you know, comparing and contrasting the policies the organization has set forth and the real way that people are actually doing today, giving access and what that lands up the result of all of this is that very, very quickly we're aligning to regulation that the company has and it's very quickly becoming a place of quick access granting, giving people access to data quickly because it's this, we're constantly moving, the constantly adapting, constantly moving.
00:20:26
Speaker
And so and so the would you say that the policy engine in this case is is kind of your secret sauce that you bring to the table? Because the policy is what gives the data owner the understanding or the reasoning behind the permission that is applied.
00:20:44
Speaker
and It's giving them the... the tools and the explanation of what is of what is what is possible. the The one challenge that Gator Stewards have is understanding the intricacies of every single tool within the stack and what PETs it supports and what what what kind of masking it supports.
00:21:02
Speaker
And with the aid of Velartix, we are able to bring that straight to them and say, OK, we're looking to apply and these permissions in this BI tool. and It supports B, and C in terms of PETs.
00:21:17
Speaker
This is the permission that we we would say you should apply. Yes, no, and or would you like to make your own? So we we're removing that stress of understanding every single tool. And we're also removing that the question of,
00:21:31
Speaker
We want to now there's a new tool out that we want to be one investor, but the government is saying, you know what? It's a headache. um we look We don't know. but We don't have the cap capacity to onboard this tool and to manage it and to manage the the the data management within it.
00:21:44
Speaker
And just come to me. We'll take care of that because for us, our technology agnostic. I don't care what what where your data is. Buy the tool, use it, implement it. We'll govern the data for you or manage the access for you.
00:22:00
Speaker
And you just have have a great time and make lots of money. I've got a question. Hit me. So first of all, i already want to see the demo. so Just sounds too good to be true.
00:22:12
Speaker
no honestly, that sounds fantastic. And I can see the application in big organizations. The question is, how do you guys deploy? So is it like a tenant or agent in client's environment?
00:22:25
Speaker
And if so, there is a lot of sensitive data that you guys have access to. So that that's the question you just asked now is the question that goes through anybody's mind when talk about any software implementation is,
00:22:41
Speaker
How long is it going to take to get this thing off the ground? And how many fires am I going to have to put out ah for how long? Because we know the reality of so software implementation.
00:22:53
Speaker
It's never 100%. That's why we have SLAs. um But that's a very, very big factor that people take into account. So we designed Velotics from the ground up.
00:23:07
Speaker
to be almost a plug-and-play solution, where we have two models. There's an on-prem, and there is a SaaS model. Some people may go, what on-prem?
00:23:18
Speaker
But yeah, a lot of your big financial services organizations are very cautious, and they want everything locked down under lock and key, and we support that.
00:23:29
Speaker
And when it comes to the question of privacy, everything is hosted on there on their servers. I don't have any access to the the data.
00:23:42
Speaker
I don't have access to... It goes... There is a... Throughout the discovery process, I do have, but then it gets... It all gets destroyed and sent back to the...
00:23:52
Speaker
to the ah the data the owners. So we don't store any data. and We need to discover, obviously, so we need to create connect. But after that, and it's also only it's only only scan metadata. We're not going through row by row by row.
00:24:08
Speaker
It's to understand what kind of data Is it a phone number? Is it an email? is it a custom Is it a custom data style that we're looking for?
00:24:19
Speaker
You know, that's something which comes up a lot is that organizations have something which is not standard. And the big problem is that they can't identify that asset across their data database or databases. But how do you understand it from the metadata?

Engineering Challenges with Non-Standard Data

00:24:32
Speaker
Because how do you understand that this is telephone number from the metadata?
00:24:36
Speaker
So how do we, now that is another part of very, very cool engineering. which we're able to do. And if you really want to get into it, that's going to have to bring in the VP product. Also, I'm not sure how much I'm supposed to say because that's very much SQL secret sauce in terms of the understanding of what understanding ah what data is. But essentially, we are able to understand. we but provide custom tagging and to to fields which are non-standard or even um you know, would say unstructured data within unstructured data. So text fields within a Excel spreadsheet where it's not just a phononome, but it's sentence.
00:25:16
Speaker
ah We're able to identify certain words, numbers, phrases or something within within that as well.
00:25:26
Speaker
That's interesting. Pretty cool though. Pretty cool. Tom, could you have question?
00:25:36
Speaker
You want to see down? No, sorry. I was just sound just thinking. thinking and You can hear my my my brain get the call working. and there's a but there's there's There's a lot of different stuff I'm i'm thinking about. so um One
00:25:56
Speaker
thing i'm I'm thinking about is just the the immensity of of connections. Right? So... Let's say i work a lot with with ETL tools where you extract data from all kinds of sources. You want to load them into your warehouse, right?
00:26:14
Speaker
um You usually hand that over to ah ah separate tool because they can set up all the connections to these different platforms that you need. You don't want to do that for like 500 platforms yourself.
00:26:27
Speaker
In this case, I assume there's something similar, right? Like if you want to see both S3 buckets as well as your IBM systems, as well as, i don't know, maybe financial or payment systems, that requires a lot of integration. And

Integrating Various Data Sources

00:26:48
Speaker
correct me if I'm wrong, but I do believe you said...
00:26:51
Speaker
older organizations data right so how do you make sure of that like where does that what's the scope of that where is it that's an excellent question excellent question and and this you know you're you are you you kind of alluded to this in the previous question and and um be as frank open and honest is that that is the biggest kicker in the implementation.
00:27:12
Speaker
What do I mean is that all we're asking for is the connection. we need to, it's getting the right person from the engineering team, or wherever it is, to be on the phone with my engineer and to make that connection.
00:27:25
Speaker
That is often our biggest challenge and often we end up just flying over to the office sitting down and down with the guys and getting it done because once the connection's done then then we're good to go then everything's flowing um but know it sounds like oh it's such an easy fix but it's not such an easy fix but at the same time when you've done your done your Not to get into the sales part of it, but when when you've done your sales process correctly, but you've met your owner it but you've mapped your news where you've mapped your your stakeholders in this process, then that is is relatively easy.
00:28:05
Speaker
A lot of times when people are struggling with with implementation of a product is... because we didn't get the right people in the room from from the beginning. but you managed We managed to get someone listening and and they had budget, so they bought it, but they're not listening say to the right person. And then the implementation takes a very, very long time. So I do my very best.
00:28:27
Speaker
to to bring the right people in the room to before we sign anything, to make sure we've got the right people in the right place, that when you sign on that dotted line, we can get to work um straight away. But so yes, the connections, and there there are a lot. But also, it's not ah it's not about all or nothing, there's a process, especially when we see, um we're seeing now a lot of movement towards um a defederated or unfederated and a data ownership model from organizations.
00:29:01
Speaker
And what that essentially is saying is that every department within the organization will have a data steward or data owner or something like that. And they are responsible for gar garaging access and decision-making on the data for that particular department.
00:29:15
Speaker
And that's generally where we start is we find a business case within the marketing department or within the sales department or whatever it is. And we start there and we work on couple of data sources and generally these departments will only have a number of data sources as opposed to the entire organization. We start there and then we build up and we um um and it's ah it's a process.
00:29:37
Speaker
and And I think to anybody who else is in, you know, who's trying to sell software is nobody buys perfection. Perfection doesn't exist that way.
00:29:49
Speaker
Maybe be my wife, I'd say she's perfect, but besides for that, besides for that, you know, no days into nobody sells perfection and we're looking for what what can we increase? How much productivity can we increase or profit, blah, blah, blah. And based on that, that's a decision that we can say, yes, let's go forward.
00:30:09
Speaker
But to say we're going to get 100%, we're going to connect to every database, we can. is it feasible? Depends on the organization. No, it definitely makes sense. Yeah. You know, like um we we are also in this game.
00:30:23
Speaker
ah We boast in data observability and data phenops. And sometimes like there are possible savings at 80% of clients, let's say compute. and But the low hanging fruit will represent 50%.
00:30:40
Speaker
And the rest, like 30% of reduction, going to take a year to implement. So do we know do we really want to focus on it? i mean, there is a possibility, but how much ah is it that pressing? Yeah, I know what you're saying.
00:30:57
Speaker
um Listen, I get a question, Kaz. um We talked a lot about data products. you and ah Sorry, about your product. I want to understand how you guys navigate around data contracts.
00:31:14
Speaker
Because you know data contracts were supposed to solve this problem, if I may say. Who can have access to it? or like I'd assume you would ingest this data into your system.
00:31:28
Speaker
basic but you want to Just draw draw a picture bit more when you speak about data contracts. draw draw me ah Draw me a picture. Oh, this is the the I guess everyone on LinkedIn has their own picture about data contract.
00:31:42
Speaker
But the this the thing is, there is such a hype and belief, I'm not sure if it passed already, that data contracts basically can solve ah the policy, data quality, everything about you know problems around data.
00:32:02
Speaker
ah and access as well. Who can get access to it? Who owns it? Do you guys, so I assume you guys work with larger clients who could potentially benefit from data contracts a lot.
00:32:15
Speaker
Have you encountered clients who have implemented data contracts and how do you work with them? Do you ingest this piece of data? Things like that. If you haven't, it's also, you know, people can also tell. That makes sense. I get what you're saying. So the...
00:32:31
Speaker
It ah connects to the previous question about you know how the product is set up and the idea is that it's very, very much API based. It's very, very strong API. And as I started off this whole conversation, that's not about replacing. So if there are data contracts, we're able to leverage those, we're able to use those, and we're able to also enter those contracts and if we need to and enable them to be more flexible within those within there how they sharing how they are sharing the data.
00:33:00
Speaker
and As I already mentioned, those data we have to look very carefully at those data contracts. Do those data contracts contain any PIR? If they don't, then we don't even have this discussion because let everyone have it. it's we have to be the The discussion really starts about when we start to question, are we sure that the data that is being shared in these contracts safe?
00:33:24
Speaker
um Are we sure that the that the data pipeline behind this is managed correctly? And that's kind of where we also where where we spend a lot of our time, is making sure that the data that is being shared is is is safe. you know and but When you mention this, in mate it makes me and reminded me of a client that we're speaking to in the pharmaceutical industry.
00:33:47
Speaker
And i had to learn very quickly about the pharmaceutical industry because the ICP and the and the titles that I was going for in in BFSI mean something completely different in the pharmaceutical industry. And I had to learn very quickly about the flow of data and in the pharmaceutical industry as opposed to the banking industry.
00:34:06
Speaker
And what so when you use whatever what am I getting at is that when you talk about a data contract, I think it has to also be contextual. Because within, for example, a pharmaceutical company, often when they're receiving, let's say, clinical data trial ah information, that data is already being masked.
00:34:22
Speaker
but the So I don't know, one of the big bigger giants, I don't know if we have copyright or not to say yeah to say any of these guys' names, but they're receiving clinical and clinical trial data from all the vendors, from all the clinics that they've been doing.
00:34:36
Speaker
By the time they receive that data, it's already been masked. The people for us in the pharmaceutical industry are the vendors, are the clinics who are right actually gathering that data.
00:34:47
Speaker
So what am I saying is that data contracts do come into play, but sometimes they don't come into play. It all depends on what is going through that contract. And that needs to be understood.
00:34:59
Speaker
I think it's very powerful powerful because once you come in, you also but understand the actual picture, how data has been shared.

Ensuring Data Access Compliance and Security

00:35:07
Speaker
And I think this is one of the um competitive advantage because not all the organization actually know who accesses the data and which data has been accessed. Maybe there is discrepancies.
00:35:20
Speaker
i be very I would be incredibly brutal, and i would say that most organizations don't. Obviously, there are those who have got it right, but this is what we see. ah seeing I'm talking in general, and and to any of the any of the people that I've spoken to the last two or three years who have not talked to this, we've commiserated about this together, about that that challenge of you know, people in governance and in management and eight data architects where they are doing their damnedest to make sure that they understand who has access, where is the data?
00:35:51
Speaker
We try to bring down card costs. Do we have duplicate data all over the place? got the business screaming for, for we want AI, want AI, and the guy that's saying that, you know, the the The model of structure, architecture, understanding of our data is not ready for that.
00:36:04
Speaker
and And this is this is this is where what it's all about is getting is is helping people to cross that bridge.
00:36:15
Speaker
No, that sounds good. And actually very helpful. i i I can testify from the clients I saw. it's kind of It's kind of funny, actually. like It made me think of that um oftentimes ah oftentimes in these and these movies, you see like someone extracting all the data from a from a system, putting it on a USB drive, and then maybe they're captured by law enforcement because it was clear that you know their name was written all over it and they were the ones that extracted it. And I'm i'm always thinking, like how is any ah none of the organizations I worked for was able to have that kind of insight into
00:36:55
Speaker
who's accessing your data, one, and two, like how how can you access all of it like in in one go? So it definitely sounds like fiction. like fiction or sitting For sure, and I would say you're spot on with the analogy. but For us, there is an element of it that that we we we can do. So anomaly detection in terms of people abusing data.
00:37:20
Speaker
you know We're seeing a lot ah ah lot of download from Slowflake, more than what we normally expect to see from this client. What's going on? um And that's already those those are and really, really good.
00:37:33
Speaker
and this indicate yeah Yeah, exactly. and that's that's So that's also like a security aspect, you would say. oh yeah of the yeah and And, you know, I want you actually want to go back to something and get your that your guys' and i did thoughts on this is that You asked me what space do we play in, et cetera, et cetera. And my question is, when we say space, do we need to have a a particular niche? When I say niche, does it have to be a DSPM or a data catalog or an IAM tool?
00:38:06
Speaker
do Do we feel that that the industry in general is is looking to put things in buckets and whenever we speak about a solution, we as humans are trying to anchor it to choose something think that as close as we we know.
00:38:18
Speaker
Because mean, through this discussion, I think it's fair that we're touching on something which is quite unique. I'll be honest, that um we have one or two competitors, but this isn't it isn't like the data cataloging space or the data warehouse space It's quite unique. And the biggest challenge I would say we have is is the education, is the knowledge around, is is the awareness around something like this. And yes, Gartner's described our niche as data security platform, but that's not something which is on the top of people's tongues.
00:38:47
Speaker
So, you know, in your in your experience, when we talk about these things or talking about something new, what advice would you give people about how how to how to package it all?
00:38:58
Speaker
Do we need to tie it up to something that people already know? workco comes to mind. You certainly need to understand which which solution your clients use along ah because they need to benchmark. When when I was doing sales of mass head like two years ago and people were not aware about observability, they were asking we're using like Datadog.
00:39:21
Speaker
Is it guys the same? You need to to build that into their frame model like... like Certainly you need to come up as it was in your niche so they could the broader market could ingest it.
00:39:35
Speaker
And then Gartner Quadrant helps a lot. If there is a Gartner Quadrant, and then the people normally need something from there. So that would be, a you what you just mentioned now very interesting point, which we'll have to do another episode where I can give the the feedback, but I'm doing some research now about, you know, matching keyword searches to the Gartner Quadrants and Forrest and all those guys, because I have a sneaky suspicion that in certain parts of our way industry, the data industry,
00:40:13
Speaker
Organizations and businesses are looking for specific solutions. They're querying, they're searching, they're Googling. But those solutions do not go necessarily by the name or the category that the Magic forest Quadrant has has provided.
00:40:27
Speaker
For example, most people don't search. I

Communicating Unique Product Value

00:40:30
Speaker
can speak from from experience. Most people don't search for DSP. The the the the level, the hit rate on DSP is very, very But if you look for people who are looking to decrease cloud spend, safety trading AI models, and join your mover, leave automation, that's where you start to see very high hit rates, basically on the use cases ah ah of of of our application. And i would I would suggest often that it's the same with with many others, unless the solution that a product provides is very
00:41:05
Speaker
very very vertical. But I mean, we saw recently with Sayera, one of the DSPMs, they just raised another $300 million dollars in in funding. And the DSPM vertical is quite narrow, but it's very clear and very distinct of what they do.
00:41:21
Speaker
So people get it. and And so I think that what what the the takeaway is, is that it's not necessarily about the category always. It's about how simple and distinct your offerings to communicate.
00:41:36
Speaker
What do you think? That's a question. Very nice. soon So listen, um
00:41:44
Speaker
Basically, you come on top of the cloud ah clouds and data providers, like data warehouses. How do you keep up with these data providers? and I mean, like, how do you keep up with giants like um Google Cloud, AWS, Azure? Because they have this knowledge just already.
00:42:05
Speaker
Basically, it's a matter of how they surface it to their ah users, right? and And listen, i've been asked I've been asked this nasty question lots of time. This is first. And the second is also at these well-established governance platforms, catalogs, you name it, you know, ocean lakes, whatever.
00:42:26
Speaker
There are so many solutions out there. Do you remember but this ah explosion all the on on all of the lineages five years ago? Who wasn't building the lineage? Because it was so impressive. ah Now we have this...
00:42:39
Speaker
you know, all lineages all over the place and they basically have access to the same data sources you are targeting for. One of the vendors recently bought um smaller player who is also observing the access policies and everything in your environment. I'm not promoting anyone here.
00:43:02
Speaker
ah The market is there, the use cases are there. How do you ensure growth over the years? Like, aren't you scared of these bigger players?
00:43:15
Speaker
So the thing is with the bigger players is we actually see ourselves as a partner. I don't compete with Microsoft Purview.
00:43:26
Speaker
I don't. And if we take this, and we you know we can speak on, as honestly I'm speaking, I hope that guys from other companies would say the same, is that Microsoft, as gigantic as they are, as and excellent as as they are, Purview has its limitations. Every tool has its limitations.
00:43:43
Speaker
So does ours. And I'm not here to to overlap with Purview. I'm here to take care of where the gaps are. And a very simple thing with Purview,
00:43:55
Speaker
we There isn't that sensitivity rating that we can apply across the, even if you stay within the Microsoft vertical, there are certain features or elements that we have to be able to get our clients to where they want to be, where the other tools don't.
00:44:13
Speaker
And it's not a silver bullet, but we've... So we keep up to date, first of all, have a person the office whose job is to research and to keep up to date with all the with all the updates. And obviously to do what we do, we have to be and know on the level of Microsoft. We also are, we also are, we also, we also,
00:44:32
Speaker
um you know part We had partnerships with these guys, Microsoft, Google Cloud, yeah AWS, um and they us and they recognize us for the role that we play.
00:44:43
Speaker
And they don't see us as competition. Even someone like Big ID, we have have a relationship with them, we have relationship with them. Yeah, because Big ID is about telling you where the issues are. Velodix is about, they also tell you where issues are, but it's about how we can fix them or how we can we can we can move forward.
00:45:01
Speaker
And the thing is is that when it comes to software in general, not everybody feels the same pain. Not everybody needs to buy your, just because your product is excellent doesn't mean they need to buy it.
00:45:12
Speaker
And i'll it happens ah happens from, you time to time where I'll turn around to a prospect and say, i appreciate your time, but I don't see your need for this. I know it's shiny and it's cool and it's fantastic, but you don't warrant it.
00:45:27
Speaker
And I think that's also a very, very important thing to be able to say is, but when somebody does need something, so someone doesn't need something. and um And I think the biggest thing is about how we keep how you keep how we keep up is making sure that we that our integrations are good because people are buying more products, people integrating more things, and we want to keep ou ourselves in that place that we can but we're not stunned.
00:45:51
Speaker
We can always connect and help them with it with a new platform. to To me, this is, of course, I understand it totally. I think it's it's a totally valid point. And maybe this is more about the um the industry as ah as a whole, right? So what I see in this is that there is, yes, there is a need for composability, right? You need these different elements to put your specific puzzle, your unique puzzle for your organization together.
00:46:23
Speaker
But at the same time, there are so many tools that we we can't really expect an organization to put all these, or especially a data team in an organization, to put all these pieces together. And so I guess my question is, like why wouldn't it make sense to have this maybe as part of a data catalog? and And if that's the case, why are these data catalogs not working on it?
00:46:50
Speaker
So it's ah that's a really good question. And i would first of all start by saying that when we work on a product, et cetera, I always look at it from the business side of things.
00:47:02
Speaker
Yes, you ah you need just mentioned dead lineage, and that was ah the was really hot. one but My question is about was data lineage something which data engineers decided was needed or did the business decide that was needed?
00:47:15
Speaker
and And for for us, that's that's always the driving force is what does the business need and how can we enable the technology that the business has to do that? And I think that catalogs are sometimes go with the same direction is that we do some We do one thing and we do it well.
00:47:36
Speaker
We do other parts of it ah other parts of the data ecosystem well, we're talking for the catalogs. And it's not about being able to do everything. We can't sell silver bullet. doesn't exist.
00:47:48
Speaker
So the data catalog guys are almost staying in their lane because they're excellent at what they do. um And that's why we partner with them, because we can take the work they've done and take it the next step forward. And ah hear this time and time and time again from people, is that People like to build the puzzle themselves. They like that tool. They want to take that tool they want to put it together so it works for them.
00:48:13
Speaker
And people, especially the larger organizations, you're... tool is not going to just fix or help with everything. It's going to solve an element of the bigger strategy and the bigger picture that they're trying to do. So I think that catalogs are doing what they do best and are developing within that range, within within that that field.
00:48:32
Speaker
ah But they're understanding that they as as most of these tools are, they're understanding that there's different stages to this process and everybody has their role to play.
00:48:43
Speaker
Kaz, that was a yeah fantastic closing. Thank you so much for joining us. It was a great pleasure to work. Thank you, Rekman. No, I mean, I learned so much, such an interesting approach and such a, also a big market, I'd say. And knowing the problem, like clients do not understand which data being used, who is downloading all of their data and then deleting it.
00:49:10
Speaker
Yeah. like Yeah. Yeah. So that was pretty cool. Thank you so much for joining. Thank you for opportunity. Yeah. Yeah, it's really great to have you. And maybe as a last check-in, where can people find you, follow you? Is there a new article topic maybe in the makings already? There most definitely is. So ah you'll find me LinkedIn, K-A-S-R-I-E-L-K-A-Y.
00:49:36
Speaker
spent most of my life there. um The next article um is going to be surrounding Snowflake snowflake and Databricks. um And the... challenges surrounding um the thousands of groups and roles that people are overwhelmed with within those two tools. and Also, we just had Snowflake, the Databricks Summit a couple of weeks ago.
00:49:58
Speaker
Some interesting releases there and know what that means said what means going forward. So that's sir that. And then for our EU friends, we've got some thoughts and surrounding the the new Data Act and the IoT.
00:50:11
Speaker
and people being able to request access to their IoT data. What is that going to look like for

Kastriel's Future Works and Topics

00:50:18
Speaker
organizations? How do we manage that? How do we enable that? So yeah, check me out, follow, and it's enough to connect with service listening.
00:50:26
Speaker
Yeah, super interesting. I know I'm definitely going to check out that um Snowflake Databricks article. i'm I'm literally working on Snowflake roles today. So it sounds very, ah very interesting.
00:50:37
Speaker
Thanks again. Thank you.