Data Security and startups : Make the ends meet
Submitted by Shadab Siddiqui (@shadsidd) via Zainab Bawa (@zainabbawa) on Friday, 12 July 2019
Technical level: Intermediate Session type: Lecture Session type: Short talk of 20 mins
Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. Many resource-strapped startups gauge their commitment level to security by assessing the financial expense to the company. Instead, the recommendation is to define security spend by a company’s possible exposure risk.
In this talk, I will provide a framework for implementing data security for startups. This framework is based on the following premise:
- Build controls rather than guard data in database , data pipeline and microservices
- Risk assessment where tradeoffs can be re-evaluated as fast and frequently as the business grows
- How to have governance with least processes and maximum automation to provide better security posture and culture within the organization.
In a nutshell, a deep dive view on how can we make data security not a road blocker/friction in organization while making sure security stand tallest.
I will cover the following in my talk:
- Ground realities of data security
- Data security and how to implement it without compromising the organization’s growth
- How to secure databases the right way
- How do have security in data pipeline
- Security within microservices
- How to be GDPR ready from data point of view
- Metrics to track and evaluating how your company is doing on data security parameters.
Shadab has led Black Ops teams err.. Information Security teams as a specialist with unicorns like Ola, Flipkart and large scale Internet firms like Adobe. An engineer by heart with out of the box thinking.
He has good hands-on experience in E-commerce, payment gateways, mobile security, logistic product, Digital signing, Container/Infra Security, plugging security as part of SDLC to name and few others.
He has bootstrapped security engineering team multiple times from scratch. He has experience around building security automation, building real-time detection of attack anomalies, evangelizing security, compliance, cryptography and making sure the product security is kept the tallest.
Currently, he heads Information security, Privacy and Trust @Hotstar