Sramana Mitra: What is the status of that capability in the Big Data industry today to be able to achieve that balance between protection, privacy, and analytics?
Ulf Mattsson: Larger companies and companies providing Big Data distributions like Cloudera and Hortonworks are actually involving third-party security companies like Protegrity to fill the security gaps. For example, Protegrity has partnerships with Cloudera, Hortonworks, IBM, Infosphere, Teradata, and other companies to satisfy these new types of security requirements.
Sramana Mitra: Are you built in to the Hortonworks and Cloudera architecture?
Ulf Mattsson: Yes, we are. It’s a very nice way to work at a small company. They provide their added value through Hadoop. Then, we put security on top of that distribution.
Sramana Mitra: I have one question that is built out of what you said here. There is this Holy Grail of personalization in pretty much every domain, some more than others. E-commerce is a domain where personalization could have a big impact on how consumers interact with an e-commerce store, but there are all sorts of personalization implications in a variety of domains. Of course, there is the trade-off between how much data you’re willing to share, how much data are you willing to let people use to personalize your offering. If you give them that data, what else are they allowed to do with that data? What is your impression of this debate? How do you foresee this unraveling?
Ulf Mattsson: Privacy is basically a sharing policy. It will require security. You need the security functionality and capabilities to be able to protect privacy. Privacy is based on a policy that you then can enforce and make sure that only the right people get that data. They shouldn’t get all data. It should be granular. Access should be based on the business need to see that data. An attacker that is hacking the system should not be able to see that data. If you look at some of the recent breaches at Target, they lost 70 million personal records. That should never happen. As you were saying, there’s a balance between how much data do I want to share and what would I get back in value and customization personalization.
Sramana Mitra: And how do I, as a consumer, restrict what the merchant can do with my data? I want personalization so I’m disclosing a lot of data, but I don’t necessarily want them to do whatever they want to do with that data. How do I control that?
Ulf Mattsson: I think there are two layers. We have seen examples where data is stolen and used for identity theft. That decides how much I want to trust my data with my favorite vendors. I think the right way forward is to have consent. If I opt out to some of it, I would not get that personalization. The foundation, I think, is you need to have data security. You need to have real data-centric security so you can enforce that type of policy and you can trust that the data will not be misused. That’s my view. It comes down to a data-centric security foundation and a policy that is controlling and monitoring what is happening with the data.
Sramana Mitra: It was a great discussion. Thank you for your time.