logo
episode-header-image
Jun 2022
26m 52s

Privacy is a moving target. Here’s how e...

The Stack Overflow Podcast
About this episode


 

Ever since personal information started flowing into applications on the web, securing that information has become more and more important. General security and privacy frameworks like ISO-27001 and PCI provide guidance in securing systems. Now the law has gotten involved with the European Union’s GDPR and California’s CPRA. More laws are on the way, and these laws (and the frameworks) are changing as they meet legal challenges. With the legal landscape for privacy shifting so much, every engineer must ask: How do I keep my application in compliance?

On this sponsored episode of the podcast, we talk with Rob Picard and Matt Cooper of Vanta, who get that question every day. Their company makes security monitoring software that helps companies get into compliance quickly. We spoke about the shifting sands of privacy rules and regulations, tracking data flows through systems and across corporate borders, and how security automation can put up guardrails instead of gates. 

Many security frameworks are undergoing modernization to reflect the way that distributed applications function today. And more countries and US states are passing their own privacy regulations. The privacy space is surprisingly dynamic, forcing companies to keep track of these frequent changes to stay current and compliant. Not everyone has in-house legal experts to follow the daily developments and communicate those to the engineering team. 

For an engineering team just trying to understand the effort involved, it may be helpful to start figuring out where your data flows. Tracking it between internal services may be overkill; instead, track it across corporate boundaries, from one database, cloud provider, SaaS system, and dependency. Each of those should have their own data privacy agreement—plug into your procurement process to see what each piece of your stack promises on a privacy level. 

Your DevOps and DevSecOps teams will probably want to automate much of the security engineering process as possible. Unfortunately, automating security is hard. The best path may not be to automate the defenses on your system; it might be better to instead automate the context that you provide to engineers. If someone wants to add a dependency, pop up a reminder that these dependencies can be fickle. Automate the boring stuff—context, reminders, to-dos—and let humans do the complex problem solving we’re so good at. 

If you’re looking to add an in-house security expert as a service, check out Vanta.com. Their platform monitors connects to your systems and helps you prep for compliance with one or more security frameworks. If those frameworks change, you don’t need to do anything. Vanta changes for you. 

Up next
Jul 8
Attention isn’t all we need; we need ownership too
NEAR is the blockchain for AI, enabling AI agents to transact freely across networks.Connect with Illia on LinkedIn and X, and read the original Transformers paper that Illia co-authored in 2017.Today’s shoutout goes to Populous badge winner Adi Lester for answering the question ... Show More
36m 32s
Jul 4
Why call one API when you can use GraphQL to call them all?
Apollo GraphQL lets you orchestrate APIs with a composable, declarative, self-service model. Apollo's MCP Server is now available.Connect with Matt on LinkedIn.Today we’re shouting out a Famous Question badge winner, user jkfe, for their question How to hide/show thymeleaf fields ... Show More
25m 45s
Jul 1
Programming problems that seem easy, but aren't, featuring Jon Skeet
Jon Skeet, for those not in the know, is legendary here at Stack Overflow. He even got his own Chuck Norris Facts-style jokes. Jon has graced the podcast before in the early days on episodes 4, 72, and 123.He’s so good at answering Stack Overflow questions that he appeared at Sta ... Show More
32m 34s
Recommended Episodes
Dec 2021
Security Straight Talk with Jim Alkove, Chief Trust Officer at Salesforce, and George Kurtz, President/CEO and co-founder of CrowdStrike
When it comes to IT security, there are a lot of marketing pitches out there offering bullish assessments of certain technologies, and, of course, the particular products being pitched. Really, there’s nothing wrong with marketers doing their jobs, and it’s especially useful when ... Show More
36m 12s
Jul 2021
Analyzing the Impact of A.I. and Technology on Society and Cybersecurity
Technology is advancing at pace never seen before and the newest tech, applications and widgets are being widely adopted at an even quicker rate. Just look at A.I. and machine learning tools,which are now used to identify things once thought unimaginable — whether it's to figure ... Show More
49m 58s
Sep 2023
Where to Begin With Data Governance Frameworks and How Software Can Help (Brandon Wiebe, GC & Head of Privacy, Transcend)
Brandon Wiebe, General Counsel and Head of Privacy at Transcend, offers tips about implementing data governance frameworks and how to utilize software in the process. Brandon’s company is a privacy platform that helps legal and compliance teams automate data compliance tasks. Bra ... Show More
40m 46s
Jun 2021
At the Intersection of Data and Privacy with Salesforce’s Marla Hay
So you want to build a giant enterprise platform. Great. You want mission critical and private data to flow between CRMs and other critical applications flawlessly, with no leaks, no breaches, and no compromises. You also want to build infinite user controls and optionality, and ... Show More
41m 1s
Dec 2021
Keeping Security Simple with Johanna Baum, the CEO and Founder of S3 (Strategic Security Solutions)
There is a lot of conversation among IT security leaders about engaging the workforce in order to mitigate threats. But how do security professionals actually win people over to their side? Many employees are willing to comply but what can be done to really get through to those t ... Show More
41 m
Jun 2022
Simplify Data Security For Sensitive Information With The Skyflow Data Privacy Vault
Summary The best way to make sure that you don’t leak sensitive data is to never have it in the first place. The team at Skyflow decided that the second best way is to build a storage system dedicated to securely managing your sensitive information and making it easy to integrate ... Show More
54m 5s
Feb 2021
The War with Algorithms: Why Your Next Security Strategy Includes A.I. and Machine Learning
The image of a hooded individual illuminated by the glare of a computer screen hacking into a company’s network is the classic picture of what a cyber attack looks like. The reality, though, is these attackers are almost never a one-man band, but rather a sophisticated team armed ... Show More
40m 57s
Oct 2019
Security at Splunk and Everywhere Else, with Splunk’s SVP and GM of Security Markets, Haiyan Song
You know all those hacks and data breaches you read about in the newspaper? Do you understand them? It’s fine if you don’t, most people can’t figure out exactly what all that noise means. But Haiyan Song does, and it’s a good thing because as the SVP and GM of Security Markets at ... Show More
44m 23s
Dec 2021
Providing Visibility and Context to Software Development Security with Idan Plotnik, the CEO of Apiiro
Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & ... Show More
32m 2s
Listen to millions of songs and podcasts on Anghami