InformaticaWorld, One Lesson Learned and One Cool Tool

I’m on the plane coming back from InformaticaWorld and I’m still trying to digest everything that went on this week, but two things stick out that I’d like to share. Monday afternoon I gave my presentation followed by a short Q&A session at the ILM preconference. It seemed to go well and I had some good feedback, but I was to learn on Tuesday morning that my message might not have quite hit the mark it could have, and had I known then, what I know now I would have presented things differently.

During the Tuesday morning keynote, opening the first day of the full conference, Informatica CEO Sohaib Abbasi asked the audience, “Raise your hand if you consider yourself a security expert.” I would have guessed that many, if not a majority of these professionals, would have demonstrated expertise in security and would raise their hand.

After all, these individuals play a central role in the collection and distribution of all of the organization’s data, including sensitive data. They are closer to the data within an organization then just about any other role, and there are few assets with a higher risk profile, and more in need of security – an organization’s data encompasses not only sensitive information, but much of the organization’s intellectual property as well.

To suffer a breach of this data could be profoundly damaging, including brand damage and real losses to the bottom line, so of course the people closest to the data would have some responsibility for securing it, right? Yet only a handful raised their hands, out of thousands.

How has the profession of data management matured without growing a sense of responsibility to security? It dumbfounds me, and was certainly an eye-opening experience. Next time I present to such a crowd I’ll make sure to spend some time articulating how important their role is in helping secure the enterprise as well as issue spot for privacy compliance (see my presentation for more on that topic).

At least I wasn’t alone. It was apparent in much of the messaging of the conference that Informatica shares my beliefs. Security was a reoccurring theme in many of the keynotes and breakout sessions. In particular there was focus on their new Intelligent Data Platform which includes a new data discovery and protection product that really impressed me.

Informatica has taken their existing suite of tools, combined and extended them to create a new product – tentatively named Secure@Source. It is currently in beta and, from talking to Informatica insiders, I get the impression that Secure@Source will not be the name at launch but it is was what they are using at the moment, so if you found this post via Google some months in the future it is probably called something else.

In any case, regardless of the name, this tool is likely to attract the attention of CIOs and CDOs who are already invested in Informatica but don’t have a full picture of what data they have, where it is located, how it is secured and who has access to it (Hint: that is just about everyone).

What makes this tool so unique and valuable is the way it can leverage Informatica’s data management engine. That core product contains data integration intelligence which already knows so much, including where the data originated, where it went and how it was transformed. Now you combine that information with their data masking technology, add in some data mapping, some data discovery, and an interface that gives you a visualization of the data landscape, controls to drill down into specific areas, as well as the ability to manage technical controls against any data point, and you have a management tool that I don’t think exists anywhere else.

I’m not that well versed in Informatica’s product lines, nor do I have a deep knowledge of the security tools business, but I get the sense that if Informatica can reach into the security space, with the right messaging around this tool, they could end up as a significant player in a new market for them.

Unfortunately for them, given what I saw at the conference, I’m not sure Secure@Source is going to be popular with their core data management professionals (the easiest sell for them) as that group doesn’t seem much interested in security. Not yet anyway.

However, as I’ve pointed out many times on this blog, as it becomes increasingly clear that ignorance is not a defensible position in the event of a breach and data is at risk, these guys are either going to take ownership responsibilities for security or be relegated to the bottom rung on the corporate ladder as security teams take up the slack in this area.

This one is worth watching play out.