Data Strategy

Strategic Data Management: Balancing Security, Accessibility, and Scalability, Featuring Saif Abid, CTO - Part 2

Esther Lai
November 7, 2023

Q: Data security is a top concern for many companies, particularly those in the financial and healthcare sectors. How can businesses strike a balance between the need for data security and the demand for data accessibility?

Saif Abid: There are a couple of different ways to approach this issue, and this is where the concepts of data governance and auditing become crucial. Data security is indeed important, and we need to address it from two angles. Firstly, we must adhere to industry best practices for data security, focusing on the principle of least privileged permissions. This means that individuals should only have access to the data they need for their specific job functions. One common mistake is granting everyone full access, which can lead to accidental data deletion or modification.

When such incidents occur, it sets us back significantly, as we have to rectify the data and deal with its consequences. On the flip side, we should also consider what specific data individuals truly require access to. Not all data should be treated equally, especially in terms of sensitive information like social security numbers (SSNs) or personally identifiable information (PII). Specialized teams with appropriate training should handle such data. To strike the right balance, data governance must be a core consideration in your data strategy from the outset rather than an afterthought.

Q: You've mentioned that many organizations initially grant everyone access to all data, which can lead to issues down the line. Can you elaborate on why it's challenging to retract access once people become reliant on it?

Saif Abid: Once access privileges are granted widely within an organization, it often becomes an entrenched practice, and employees come to rely on that level of access to perform their job responsibilities. Attempting to retract access can lead to resistance and disruption in day-to-day operations. It's a delicate process that involves not only technical adjustments but also change management and communication to ensure that individuals understand the need for more restricted access and are adequately supported in their tasks.

Q: To summarize, you've stressed the importance of considering data governance as a fundamental aspect of a data strategy. Can you highlight key steps in achieving effective data governance?

Saif Abid: Effective data governance begins with setting clear policies and procedures for data access, ensuring that individuals only have the access they need for their roles. It also involves classifying data based on its sensitivity, with more stringent controls in place for highly sensitive data. Regular audits and monitoring are essential to maintain data security. Additionally, a strong data governance framework should be integrated from the inception of a data strategy rather than being an afterthought. This approach ensures that data security and accessibility are in balance from the start.

Q: Another important consideration in terms of data security is choosing between on-premises and cloud-based data solutions in an organization's architecture. How do you typically help companies in making this decision?

Saif Abid: This is a common dilemma, especially for larger organizations, and it's tied to the concept of total cost of ownership (TCO). Total cost of ownership includes all expenses associated with a technology solution over its lifecycle. This includes initial acquisition costs, maintenance, scaling, and operational expenses. When considering on-premises solutions, it's essential to factor in all associated costs, not just the database itself. Maintaining and managing on-premises systems involves considerations such as networking and scalability as the organization grows. Additionally, if you intend to delve into big data and AI, you'll need expertise in those areas. These factors can lead to a rising TCO.

Modern cloud solutions, on the other hand, can be just as secure as on-premises systems when proper practices are in place, while offering the advantage of more predictable and scalable pricing, allowing organizations to pay for what they use. Cloud providers like Google Cloud offer a wide range of services and often work with certified partners to ensure security and prevent common mistakes. The key is to establish a solid foundation for security, networking, and access policies from the start. In the cloud, this requires upfront planning, but once those foundations are in place, organizations can focus more on their core business objectives instead of worrying about infrastructure.

When making a decision, it's crucial to evaluate the long-term TCO of both options to determine which aligns better with the organization's goals and resources.

Q: Scalability is another critical consideration when it comes to data solutions. How can organizations ensure that their data architecture accommodates growth and evolving data needs?

Saif Abid: To answer this, I'm going to rely a bit on two factors: experience and Google's philosophy. I'll explain why I go back to the TCO or the total cost of ownership. One exciting aspect of Bitstrapped is that we've done this many times. We've encountered various scales and industries, giving us a good idea of when you need something like Bigtable and when you don't. So that's one fundamental aspect. But there are other factors to consider, such as cost and various other aspects.

Our experience at Bitstrapped has allowed us to work with a wide range of companies, from startups to established enterprises, in various industries. This exposure has given us insights into the unique scalability needs and challenges that different organizations face. We've learned that one size doesn't fit all when it comes to data architecture. What works for a large enterprise might not be suitable for a smaller startup. Therefore, we approach each project with a deep understanding of the specific organization's goals, resources, and team size, allowing us to select tools and services that align with their scalability requirements.

Google's philosophy emphasizes a "pay as you grow" pricing model. This means that organizations can start small and expand as needed, without incurring significant upfront costs. Google has structured its pricing in a way that allows startups and businesses of all sizes to access powerful cloud services without breaking the bank. This approach is particularly evident in services like Cloud Spanner, which adapted its pricing model to make it more cost-effective for a broader audience. Google Cloud also offers services like BigQuery, which provides free usage for the first terabytes of data per month, catering to organizations with varying data needs.

Q: Can you highlight the significance of considering the scale and size of the project and team when planning for scalability in data architecture?

Saif Abid: It's essential to align the scale and size of the project and team with the chosen data architecture. Often, teams approach us with ambitious plans to scale and expand, but they may have limited manpower. In such cases, we take a thoughtful approach, selecting tools and services that can be managed by a smaller team effectively. This ensures that the architecture remains manageable even after our involvement ends. Scaling should not only be about the size of the project but also the people behind it. Our experience and empathy for the organizations we work with allow us to make informed choices that prioritize scalability while considering the team's capacity.

Q: In conclusion, how would you sum up the key takeaways for organizations looking to navigate the complex landscape of data security, choosing between on-premises and cloud solutions, and ensuring their data architecture accommodates growth?

Saif Abid: The key takeaways would be to prioritize data security through robust data governance practices and consider the principle of least privileged permissions. When it comes to choosing between on-premises and cloud solutions, evaluate the total cost of ownership comprehensively, factoring in all associated costs. For scalability, consider both the size of the project and the capacity of the team, selecting tools and services that align with these variables. Embracing the pay-as-you-grow philosophy of cloud providers can be advantageous for organizations of varying sizes and resource capacities. Ultimately, a strategic approach to data management can help organizations achieve the right balance between data security, accessibility, and scalability.

Article By

Esther Lai