What is a Data Mesh

Data Mesh is a relatively new architectural approach to data management that is gaining popularity among organizations that want to break down silos and create a more agile and scalable approach to data.

At the core of Data Mesh are five key principles: Domain-oriented decentralized data ownership and architecture, Self-serve data infrastructure as a product, Federated governance, Data as a first-class citizen and Continous Feedback.

The 5 Principals of Data Mesh

The first principle, Domain-oriented decentralized data ownership and architecture, is about assigning ownership of data to the domain teams that create it. These teams are responsible for defining the data’s structure, quality, and use. By giving domain teams control over their data, organizations can break down silos and create a more agile approach to data management.

The second principle, Self-serve data infrastructure as a product, means treating data infrastructure as a product, just like software. This involves creating a platform that allows domain teams to easily access and use data infrastructure, including tools for data discovery, access, quality control, and processing. By empowering domain teams to manage their own data infrastructure, organizations can reduce bottlenecks and speed up the process of delivering insights from data.

The third principle, Federated governance, is about creating a governance framework that is distributed across the organization. This means establishing policies, standards, and best practices that are shared across the organization, but are also flexible enough to allow for local variations. By creating a federated governance model, organizations can ensure that data is managed consistently across the organization, while still allowing for local autonomy.

The fourth principle, Data as a first-class citizen, is about treating data as a strategic asset that is critical to the organization’s success. This involves creating a culture that values data-driven decision-making, as well as investing in the tools, processes, and people needed to manage data effectively. By prioritizing data as a first-class citizen, organizations can create a culture of data-driven decision-making that can drive innovation and growth.

The fifth principal, is promoting continuous improvement through feedback loops. This principle involves establishing feedback loops to continuously improve the data mesh architecture, data products, and data infrastructure. It involves gathering feedback from data consumers and producers to identify data friction*, areas for improvement, and using this feedback to refine the domain-oriented data ownership, data product management, and self-serve infrastructure. This principle enables the data mesh to evolve and adapt to changing business needs and technological advancements.

Note*: From the perspective of Data Mesh, data friction is an important concept because it helps identify the areas where data silos and bottlenecks exist in an organization. By understanding the sources of data friction, an organization can take steps to reduce or eliminate them and create a more efficient and effective data ecosystem.

By following these five key principles, organizations can create a more agile and scalable approach to data management that is better suited to the demands of today’s digital landscape. Data Mesh is not a one-size-fits-all solution, but it provides a framework that can be adapted to fit the unique needs of any organization. As such, it is becoming an increasingly popular approach to data management among organizations that are looking to break down silos and create a more data-driven culture.

Data Mesh and Security

While Data Mesh is an effective way to improve data management and access, it’s important to consider the potential security implications of this approach.

One of the main concerns when it comes to Data Mesh and data security is data access. With self-serve data access, it’s important to ensure that only authorized personnel can access sensitive data. Access control policies must be implemented to govern access to data across domains. It’s important to have a clear understanding of who is authorized to access what data and under what circumstances.

Another security concern when it comes to Data Mesh is data integrity. With a decentralized data ownership model, data quality and consistency can be a challenge. It’s important to have a robust data quality program in place to ensure that data is accurate, complete, and consistent across domains. Data Mesh also relies heavily on automation, which increases the risk of data errors and inconsistencies. It’s important to have proper checks and balances in place to ensure that data is not compromised.

Finally, federated governance is another area of concern when it comes to Data Mesh and data security. Federated governance allows individual domain teams to govern their own data, which can lead to inconsistencies in data management and security practices. It’s important to have a unified governance framework in place that ensures consistent data management and security practices across domains.

Implementing a Data Mesh

Implementing Data Mesh can be challenging, but it offers many benefits, such as faster time-to-market, improved data quality, better data governance, and increased innovation. It requires a cultural shift towards decentralization and collaboration, as well as a significant investment in technology and infrastructure.

To get started with Data Mesh, organizations should identify their data domains, assign data ownership, and define their data products. They should also create a self-serve data platform that allows data teams to work independently while ensuring compliance with organizational policies and regulations. Finally, they should implement federated governance to ensure that each domain has control over its data while still maintaining compliance with organizational policies and regulations.

Good luck 🙂

February 23, 2023February 24, 2023

What is a Data Steering Group and Why have One?

Introduction

Data is an essential resource for any organization. Without accurate and timely data, organizations cannot make informed decisions or optimize their processes. To ensure that the data within an organization remains relevant and useful, a Data Steering Group may be established to provide guidance and direction. In this post, we will discuss what a Data Steering Group is and why an organization may want to have one.

Section 1: What is a Data Steering Group?

Definition: What is a Steering Group

A Steering Group, also known as a Steering Committee, is a group of individuals responsible for providing strategic direction, oversight, and decision-making for a specific project, initiative, or organization. The group typically includes representatives from various stakeholder groups and serves as a central point of communication and coordination to ensure the success of the project or initiative.

A “Data Steering Group” is a team of individuals within an organization responsible for setting and governing the data strategy, ensuring that data is used as effectively as possible. The group typically consists of representatives from across the business and will include roles such as Chief Information Officer (CIOs), Chief Technology Officers (CTOs), line-of-business heads, or departmental heads. In addition to technology experts, members of the Data Steering Group should also have broad business knowledge and experience. This ensures that decisions on data usage are taken with the wider context in mind.

The primary role of a Data Steering Group is to provide guidance on data initiatives, taking into consideration both short-term needs and long-term goals. It is responsible for setting data strategies and policies, including developing standards that ensure the quality of data. It also works to ensure compliance with relevant data security and information privacy regulations, such as GDPR and CCPA. In addition to this, the Data Steering Group is tasked with identifying opportunities for data-driven innovation, developing plans to implement them, and ultimately determining which initiatives should be pursued and which should be abandoned.

The Data Steering Group is typically chaired by a senior executive in the organization (such as a CIO or CTO), who will set the agenda for each meeting. Members of the group bring different skillsets and expertise to bear on decisions about how best to use data within an organization. Working together, they can create effective data strategies that benefit the organization as a whole.

In summary, a Data Steering Group is an important part of any organization and can be invaluable in helping to set data strategies that are both effective and compliant. By bringing together individuals with different skillsets from across the business, it can provide valuable guidance on how best to use data for the benefit of the organization.

Section 2: Why have a Data Steering Group?

A Data Steering Group (DSG) is an important organizational tool for ensuring data quality and security. It provides a forum for stakeholders from across the enterprise to come together and make informed decisions about data management issues. The DSG is responsible for setting the data governance strategy and ensuring it is aligned with the organization’s overall business objectives.

The benefits of having a Data Steering Group are numerous. By providing a forum for stakeholders to collaborate, the DSG can help ensure that all data initiatives, or business cases, are compliant with applicable regulations while also improving data quality. This improves trust in data-driven decision making and helps teams produce more accurate results. Additionally, the presence of an oversight body like a Data Steering Group leads to greater accountability for mistakes and ensures that important issues are addressed quickly and effectively.

Organizations such as Google, IBM, GE, Microsoft and Intel have implemented successful Data Steering Groups with positive outcomes. These organizations have seen improved data quality, more effective processes for data governance and compliance, and better alignment of data initiatives with business objectives.

In summary, having a Data Steering Group can provide significant benefits in terms of data quality, compliance, and alignment with business objectives. Organizations that have implemented DSGs have seen successful outcomes and results from their efforts. With the right stakeholders and commitment to collaboration, a Data Steering Group could be highly beneficial for any organization looking to optimize the management of its data resources.

Therefore, creating a Data Steering Group is an important step in ensuring proper data management in any organization or company. The DSG provides an oversight body that ensures data initiatives are compliant with applicable regulations and that data quality is never compromised. With the right stakeholders in place, a Data Steering Group can be an invaluable tool for improving data governance and achieving better alignment with business objectives.

Section 3: How to establish a Data Steering Group

The first step to establishing a Data Steering Group is to identify the stakeholders from within the organization who should be part of it. The group should include leadership from IT, operations, finance, marketing, and any other departments that are heavily reliant on data. Additionally, stakeholders outside the organization such as customers or vendors may need to be involved depending on the scope of the data initiatives.

Once all necessary stakeholders have been identified, a charter can be created which outlines the governance structure and objectives of the Data Steering Group. This document should clearly establish roles and responsibilities for each member as well as objectives for guiding data projects through their lifecycle. It should also include metrics that will measure progress towards these objectives in order to ensure accountability across the board.

Finally, the Data Steering Group needs to be effective and remain relevant over time. This can be done by regularly reviewing the charter and metrics to ensure they are still aligned with the organization’s objectives, addressing any changes that may need to be made. Additionally, ensuring open communication among all stakeholders is key for a successful Data Steering Group. Regular meetings should be held in order for members to share updates on their respective initiatives as well as discuss any potential obstacles or opportunities that have arisen. By doing this, the Data Steering Group will continue to make meaningful contributions in guiding data projects through their lifecycle and helping shape the future of an organization’s data-driven decisions.

Conclusion

Having a Data Steering Group is an effective way to ensure data quality and governance are managed in an organization. The group provides the oversight needed to manage data, identify issues, and make decisions that will improve data management practices. With the right resources in place, such as a Data Steering Group, organizations can have confidence that their data is well-managed and secure. Furthermore, having a Data Steering Group can lead to improved decision-making and greater efficiency within an organization. Organizations should consider establishing a Data Steering Group in order to reap the many benefits it has to offer.

February 2, 2023February 3, 2023

How to secure non-production data: A Guide.

INTRODUCTION

Production data and non-production data are very important to an organization of any size. And sometimes real production data makes it to non-production data in databases. That is one of the reasons why securing the data is so crucial. In this post, we are going to explain what production data and non-production data are. Then we’ll show you how to secure non-production data.

PRODUCTION DATA VS. NON-PRODUCTION DATA

Before we talk about securing non-production data, let’s discuss what production data and non-production data are and how they differ.

PRODUCTION DATA

Production data is the data that is the business. Every organization, whether a startup or a big multi-national company, has critical data. For a bank, the customer data and the transactional data are production data. And for an e-commerce giant, the production data is the product catalog, the user information, and the transaction. This kind of data is secured with the best systems available. But any data taken by a hacker can cause both reputational and financial losses.

NON-PRODUCTION DATA

Non-production data is generally used for testing and development purposes. In an ideal scenario, it should be fake data, but it should emulate real data. Suppose your production database contains 10 million records. That means the test database should also contain 10 million records. One thing to note is that only the action load and performance testing can be done. But sometimes the developers and testers require real production data. And in such cases, they are given a subset of the data, which is generally replicated. This is the reason why securing non-production data is so important. Even if this subset of production data is stolen by a hacker, it can cause havoc in the organization.

DIFFERENCES BETWEEN PRODUCTION AND NON-PRODUCTION DATA

Every organization uses databases. The data is the main part of the business, and in most cases, it’s the business itself. Now, whether this data is stored for internal purposes (like data on all the employees) or for external purposes (like the catalog of an e-commerce site), it is all considered production data. Every developer needs to work with databases to develop applications. They cannot work on production data, as they can corrupt it or, in worst-case scenarios, delete it. So, all developers work on non-production data from non-production databases. This data generally consists of fake records that replicate the original production database. But in some cases, it contains some real data, as the developers need to check the real structure of the records. The testers testing the database or application work on both production and non-production data because they need to test the application before it goes live in production to real-world users. They also test the production data the way an end user experiences it once the release goes through to production.

SECURING NON-PRODUCTION DATA

As discussed earlier, the non-production data used by developers can also contain sensitive production data. These records can be sensitive records like credit card details, bank details, and even Social Security numbers. The exact data is not required by developers, but they at least need the structure of the database and the schema of the record. Now, before giving the data to developers or testers, it’s important to mask sensitive data through data masking.

DATA MASKING

As the name suggests, we mask the original data before handing it to the developers or testers. In this process, the company first decides on the sensitive data that cannot go to the non-production database. The perfect masking needs to be done in a manner where the original data doesn’t go to the developer. But the data should have some meaning—a zip code should be a valid one. Some of the methods used for masking are shuffling and multiplier. In shuffling, the names are changed, so John becomes David and vice versa. And in multiplier, a random number is added to numeric data like dates. So, 12/31/2010 becomes 13/11/2019. Data masking is generally done with the help of tools, which we will look into in the next section. These tools mask data in two ways: static masking and dynamic masking. In static masking, the production database is used to create a static database, which contains masked data. This masked data is then used by developers and testers. In dynamic masking, whenever the developer or tester makes some query to the production database, a proxy service receives the request. It gets the real data from the production database but converts it to dummy data by masking it. And then it returns this masked data to the developer or tester.

DATA MASKING TOOLS

Here are some of the top data masking tools available.

ENOV8 TEST DATA MANAGER

The Enov8 Test Data Management platform speeds up your development & testing process by identifying where data security vulnerabilities reside inside your databases, rapidly remediating those risks, through masking, to avoid breaches and automatically validate PII compliance success. It also comes with IT delivery accelerators for example: Data provisioning (DataOps) automation, Data Mining & Test Data Booking features. Enov8, geared for the larger enterprise, is probably the most “holistic” or feature rich solution.

ORACLE DATA MASKING AND SUBSETTING

Oracle Data Masking and Subsetting is a solution from a top provider that also runs on non-Oracle databases. It completes the masking in very little time. Besides masking, it also helps remove duplicate data in testing and development databases. The only drawback is that since it comes from a top vendor, it’s costly. For pricing details, you need to contact Oracle directly.

INFORMATICA PERSISTENT DATA MASKING

Informatica’s persistent data masking tool is again a solution from a top vendor. It is created with big enterprises in mind and helps set data masking from a single location. That means the administrator can set the masking from a single place. It also supports a huge volume of data to mask, which is not possible with small solutions. It is again costly because it is an enterprise product. But Informatica offers a 30-day trial period.

K2VIEW DATA PRODUCT PLATFORM

K2View’s Data Product Platform is one of the top data masking products on the market, and it does both static and dynamic masking. K2View not only masks traditional data but also records PDFs and images. In fact, it even masks the original image by blurring it. Because of the cost, it is most suitable for large organizations.

DATPROF

DATPROF’s data masking tool has a state-of-the-art algorithm, which not only masks the data but can also generate a lot of dummy data from it. Besides traditional data, it also supports XML and CSV files. It has an easy-to-use interface and can create templates, which can be used later. The drawback of these templates is that they can be created on a Windows machine only. It does support a large number of records.

ACCUTIVE DATA DISCOVERY AND MASKING

Accutive Data Discovery and Masking is a top tool that also does data discovery of sensitive data. This is done automatically and can use preconfigured keywords. Or keywords like “credit card” or “Social Security numbers” can be added by the administrator. Besides this feature, the masked data is consistent across multiple destinations. Like if the masking of Rohit is done to John in the development database, then it is the same in the testing database. Also, data can be moved between multiple kinds of databases. It can be moved from an Oracle database to a MySQL database, or from a flat file to a MySQL database. The UI is very easy to use, and they have one of the most cost-effective products.

CONCLUSION

In this post, we first discussed production data and non-production data, as well as the differences between them. Then we reviewed how to secure non-production data through the process of data masking. This process masks sensitive data from the users of non-production data. We also looked into the top tools available for data masking.

AUTHOR

This post was written by Nabendu Biswas. Nabendu has been working in the software industry for the past 15 years, starting as a C++ developer, then moving on to databases. For the past six years he’s been working as a web-developer working in the JavaScript ecosystem, and developing web-apps in ReactJS, NodeJS, GraphQL. He loves to blog about what he learns and what he’s up to.