Is your business’s data secure? How to implement data governance in an organization is one of the most important questions in tech this year. However, collecting, storing, and utilizing data effectively and safely is no easy task, especially when it comes to managing it at scale.
In this Uptech Report, we meet with Balaji Ganesan, CEO of Privacera to learn how they are helping companies with the problem of data management. It’s about storing data in a way that allows for usability without compromising on privacy regulations.
What are the data governance best practices in 2022 and how can we store data safely while still being able to utilize it for analytics purposes? These are just a few of the questions that we are hoping to tackle today.
More information: https://privacera.com/
Balaji Ganesan is CEO and co-founder Privacera, the cloud data governance and security leader. Privacera’s SaaS-based data security and governance platform enables analytics teams to access data without compromising compliance with regulations such as GDPR, CCPA, LGPD, and HIPAA.
Privacera provides a single pane of glass for securing sensitive data across multiple cloud services such as AWS, Azure, Databricks, GCP, Starburst and Snowflake. Privacera’s platform is utilized by Fortune 500 customers across finance, insurance, life sciences, retail, media, consumer industries and federal agencies/government to automate sensitive data discovery and easily manage high-fidelity policy management at petabyte scale on-prem and in the cloud.show more
Balaji was also the co-creator and committer of Apache Ranger™ and is member of its project management committee (PMC). To learn more visit www.privacera.com or follow the company on Twitter.show less
DISCLAIMER: Below is an AI generated transcript. There could be a few typos but it should be at least 90% accurate. Watch video or listen to the podcast for the full experience!
Balaji Ganesan 0:00
And having told its mandates coming up, but it’s really hard to do. It’s really hard because cloud is diverse, you are running multiple services, multiple ways of accessing data, that multiple control points and company is really struggling to meet those mandates.
Alexander Ferguson 0:21
Welcome to UpTech Report. This is our apply tech series UpTech Report is sponsored by TeraLeap. Learn how to leverage the power of video at teraleap.io. I’m excited today to be joined by my guest Balaji Ganesan, who’s based in Fremont, California. He’s the co founder and CEO at Privacera, welcome, Balaji. Good to have you on.
Balaji Ganesan 0:40
Thank you so much for having me, and appreciate the opportunity.
Alexander Ferguson 0:44
Now, Privacera, you guys are focused on the enterprise space in data security and governance platform. Actually, last time we chatted I like you said you’re helping them access and shared data responsibly. I think that’s it. You said, it helped me understand what’s the problem that you see in the space very briefly, what is that?
Balaji Ganesan 1:01
Yeah, absolutely. And I think it’s a brief sort of problem. There are three trends that we are intersecting one, most companies are becoming data driven. And the use of data is pervasive. To run analytics to understand customers to understand supply chain, to there is a shift to cloud a public cloud, which is giving rise to a modern data architecture where there are multiple services available to access the data, it’s making easier to go and access the data.
Alexander Ferguson 1:29
We like easy, everyone loves easy, everyone loves it for everyone.
Balaji Ganesan 1:34
It’s it’s available and it’s truly make going towards data democratization. But on the other hand, no data governance, which is essentially guardrails around data security privacy within has become real, it has become a board level topic in every company across industry is being impacted. And and they are being told, and the teams which managed cloud and data are being told they should make sure that they have real clear visibility on what is sensitive what is not. It makes a right people have access to write data only for their purpose and, and having told its mandates coming up. But it’s really hard to do that. It’s really hard. Because cloud is diverse, you’re running multiple services, multiple ways of accessing data, the multiple control points and companies really struggle to meet those mandates, which ends up creating friction in the data democratization journey. And this is essentially where privacy comes in as we are providing a unified data access governance layer, which helps them a get visibility on the data, but to also manage rules and policies in one place in unified place. And they can make sure that people have access to data only for the purpose they are supposed to they are entitled to irrespective of where they’re accessing the data. And they we can provide them visibility on who’s doing what, at a very fine grained level. At the end of the day. We help these data teams meet those mandates of governance and privacy while enabling true data democratization and open access. And we are at that intersection. And we continue to be in that
Alexander Ferguson 3:08
data security. It’s not a very sexy conversation. I have to be afraid. But if anything, it’s been in the headlines more and more security we’ve got originally Facebook and their issue and then T Mobile breach and the Carnival Cruise Line. There’s all these headlines, which you just stated that it’s now elevated to the board level, Hey, what are we doing with our data? Is it secure? And now this this, this focus, but help me let’s let’s take a step back for a moment. And let’s take take me back to where you started seeing this as a problem. And before you you started Privacera?
Balaji Ganesan 3:44
Absolutely, absolutely. So the the challenge of the trends I’m talking about has been going on for a while now. And and data security is not a 2021 problem. It has been there for a while. I’m trying to go back into a decade where we did our first startup koleksi secure and where the 2013 It was 2012 2013 timeframe, where we started a company called Lexa secure at the time, the data was moving from traditional data warehouses to a platform called Hadoop and big data, which was essentially came out of Yahoo. And and was being adopted by enterprises and there were companies built to provide these platforms to the modern enterprise. So the adoption was was picking up because companies had data log then in traditional silos, they wanted to open it up and they wanted to make it available to the entire organization. And but the questions around you know, in when you’re going into enterprise these questions existed, what is sensitive data? What is not? How do you make sure people only access to the data they’re supposed to? And and those questions were raised up at that time as well. Where Managing that and implementing those questions and answering those questions was really hard in Hadoop, which was not one monolithical software, which was a platform that a lot of open source tools put together, each having its own way of doing things. So what enterprise was struggling was implementing controls on who’s doing what was meant that they have to put these controls in multiple places and stitch it together, which was incredibly complex and manual. And we provided the industry first men will industry first unified layer for them to go and manage these rules in one place, and which was the foundation of our company where we saw an opportunity, how we can make the adoption of Hadoop faster and easier by providing these governance layer. And we were one of the first ones to come up with this part. So the company took off in the big data space, as big data was getting was exploding in the enterprise world, the adoption took off, and we were actually acquired by another big data platform company called Hortonworks. Edge in in like a year to prepare the quick, fairly quick, right, so we were acquired in 2014. And but we had, we had a good traction good customers. But the notion was we were sitting on the outside, we wanted to see an opportunity of influencing and working with the open source community from inside, which was what Hortonworks mission was of bringing all of the team which was working on the open source together. So we also saw an opportunity to work with these open source projects inside inside an organization more cohesively, and deliver a better experience to our customers, which has ended up being that part. Absolutely, I think open source, we’re doing a segue here, but open source in my mind, unlocks a lot of value in for the enterprises in it, it’s there’s two forms of value. One is building a community. Building a community across organization brings in a lot of value, add a lot of different perspectives in building a project in solving a common focus of solving a specific enterprise problem. And building the more broad based community, the more Val build those perspectives. And so you, it’s not just a single vendor, thinking about it, you’re you’re sharing perspectives, and you’re building those perspective comments, also builds interoperability and tools which are built on the similar open source platforms, we can talk to each other. Right. And that gives enterprises a way of not locking in, in which we used to be the traditional enterprise model, if you sell something you’re locked in, because you just cannot extract out or put something else in because we are not talking to each other. But building an open source open standards, I think is the future for us as as vendors so that we can give those options to enterprises. So I’m a big fan of open source. I’m a big fan of open source community, and the open source standards. And that’s what we liked about what works was almost mission was truly, truly open source as part of it. And we wanted to be part of that.
Alexander Ferguson 8:13
So you help be able to when they acquired xa, secure your company that you co founded, and you’re then working within Hortonworks. And you’re bringing that forth, and you’re there for two years, like 2014 to 2016 Is it? Is it in Hortonworks that you start to ponder, say, Alright, it’s time for me. I think I see another opportunity. Yeah, so
Balaji Ganesan 8:35
the journey was, the extra secure product became open source and known as now known as Apache Ranger. We also launched another open source project called Apache Atlas, which was really around metadata and classification that the analogy we had was, you have a junk drawer, you can’t find things in when it comes to data? How do you organize things into a well published, well organized drawer so that you can find your tools? And that used to be the challenge when people will just dump data in into big data? And how do you find how do you find sales data? How do you find marketing via if you don’t label it? For don’t organize? It’s hard to find. And so we were Atlas was founded at that part. So but we brought in the concept of labeling, identifying data and security, how do you then apply security to that label instead of every piece of the infrastructure they can? At Hortonworks? So we we brought together Apache Ranger and Atlas together the concept which really took off, but companies will always come back and say fantastic, you’ve solved the problem for Hortonworks platform, but I have Oracle. Teradata, I’m going into the cloud, I have data everywhere. Can we apply these policies these these concepts across the board, which triggered the notion of like what we are solving is not specific to a platform. What we are solving is truly for anything price customer data is everywhere, right? It’s not it’s not in one platform, it’s never will be in one platform. It will be everywhere it will be on premise, it will be in the cloud. And today, it is in multi cloud. So privacy was built with that foundation was how do we take those principles we worked on and what works? How do we break those principles of data, data classification, data security in terms of authorization, and apply it to a broader data universe and apply it solve it for the entire enterprise, not just for a specific ecosystem, and which is the foundation of where privacy around built. And we believe that privacy security is going to be a very critical part of the enterprise. And we’re starting to see those trends in 2016. And but we wanted to do this for the entire data ecosystem, we want to do this for the entire landscape. And that was the genesis of privacy era.
Alexander Ferguson 10:54
If you take just a second to curious for you, as a founder, as a leader. Taking a step, you start a company, and it gets acquired is exciting, you’re inside, and then you step outside again. Are you like fearless? Are you like, Hey, I’m ready. They need this. This is no problem, or was What were you feeling at that moment?
Balaji Ganesan 11:18
I think it was. As founders, we are really excited about solving a problem. It’s and we saw that opportunity and access secure to that this problem was beginning to get bigger ideas, mandates. They’re coming into these data teams were getting bigger. And, and the paradigm was shifting in terms of how companies are managing data, you just clearly thought it was just he just got you excited that problem. And in the mind that problem gets stuck, right? So in
Alexander Ferguson 11:48
the barriers to solve it, that doesn’t matter to you. So
Balaji Ganesan 11:52
yes, we had a fantastic time at Hortonworks. And ordnungs, was an amazing company. We went through an IPO and worked with some of the best minds in the valley. And so I’m truly truly honored to be part of that, and grateful to be part of that. But we believe that we were always stuck at how do we we have not fully solved this problem yet. And it gets stuck in your mind saying, Hey, we got to take another shot at you know, doing it solving for a bigger enterprise because companies will always keep saying hey, you know, we want this we want that for of it. So as a founders, you’re driven by a mission, you’re driven by around solving problems. And the journey is hard. Absolutely. And that’s the advice I always give to anybody, Jim Park is just be thoughtful about that this is a multi year journey. But as long as you have a Northstar, as long as you have a mission in mind, you can rally people around in solving that and which is what we have done in privacy
Alexander Ferguson 12:50
for your co founders. How many co founders are there.
Balaji Ganesan 12:54
So I have one co founder Don Bosco, right. And he and I started access secure and now Privacera, as well. And I’m excited. I’m excited. Again, truly honored and privileged to be working with Bosco in that way of and and others in the team. We carry forward very similar team that we had an extra secure into private sector as well. So Bergin truly privileged to work with extremely smart individuals who are solving these problems. On a holistic scale.
Alexander Ferguson 13:25
You see the problem, it doesn’t leave your brain, you’re like, Okay, you leave Hortonworks, you begin at 2016. Around middle of 2016, you decide to launch this, what did that timeline look like? I mean, just walks us through that the first couple of years, you just spend on building it out?
Balaji Ganesan 13:41
Yeah. And the first couple of years were really spent on talking to a lot of customers and building the first version of the product. And we wanted to take it slow and give you a you know, we understood the market a little bit. But things were changing at that time. And things were changing where the cloud was just about very small in 2016, was starting to pick up. There was this legislation called GDPR coming up in Europe, and and was not fairly clear on how this will shape enterprise strategies, companies were very early in that part of it. And so there was these trends shaping up so and companies were changing. And so lots of 2016, I would say up to 2018 2019 was fairly built on building working with our initial set of customers, but also
Alexander Ferguson 14:33
from Hortonworks and XA. Secure you you knew them and you’re you just go on to your next venture and they’re already ready to jump in with you.
Balaji Ganesan 14:40
Yeah, I think they’re their existing relationships and again, peep customers we were truly privileged to work with and build a relationship with but we also want to take a diamond testing out our pieces and hypothesis and anytime do that. We want to take our time so we ended up talking to a lot of customers when we have never spoken before, right so Again, and my theory has always been, it’s, it’s good to talk to people who know you. And they will, they will say nice things to you. But you want to talk to people who have never known you, and can be very objective in saying, No, it’s because it doesn’t matter. So unless you so it took a few iterations, two conversations to really hone in on what is truly a problem for them. Why are they doing certain things? Right? So is it because they’re being told to do that? Or is it because of that? So we formed a thesis, we crystallized our thesis based on those conversations that were on notion of privacy, I did not change, like, we are always on this mission of how do we help enterprises leverage data responsibly, but the nuances of that, where do we build it? You know, is it a cloud? Is it not? Is it big data? What are they specifically what and what questions they are? And trying to answer what is an immediate pain point versus a future pain point? Those come from, I would say, a lot of conversations in the initial few years. So and that’s, that’s our approach of building a company is, you know, building initially focusing on the initial part on conversations, right, without, without even going deep into the product, how you can do that part of it. So and so we took it slow. In the first few years part of it, what I would say the shift for us has been twofold, right? Going back to the three trends I’ve talked about. The cloud adoption started really accelerating in in the in the enterprise segment that we were focused on, are on the 2018 19 mark, where the adoption just starting to go through the roof. And so the cloud was there, people were migrating. But around the I would say 2018 19 Mark is just starting to see this car where every company we talked to is saying, Hey, we have plans to migrate into the cloud versus right. So was it 2016 Still was like, Hey, we will wait and watch in some companies. So the cloud adoption was starting to pick up by eight by 2018 19 GDPR. And there’s a new legislation in the US called California privacy laws, it’s called CCPA. Starting to take effect, which you know, for companies who are just based in us, GDPR, or something very European. But California privacy made it real because it addressed the rights for California customers, and every company in the US has California customers, right? So our residents of California. So practically every every blots corporation in the US start was being affected. So that started accelerating those mandates coming in where legal privacy teams started taking more weight in the organization and saying, Hey, wait a minute, we can’t be wild, wild west. And you know, you have to make sure things have to be done in a certain way. And so as a founder and a company, you you always timing is everything right? So and and, and what we will see that 2018 19 was the time when the trends we were intersecting are really started to accelerate. So companies wanted to use data, they were moving into the cloud, privacy, governance, security is starting to become real, I’m gonna say real, it’s not like it was not important before. It is real because becoming a board level topic. And budget starts appearing around, hey, we got to be serious about that there’s new legislation, the environment is getting not right around the time when, you know, Capital One got hacked in 2019. Is that’s that’s another trigger, you have this large financial company in the cloud, which got hacked into everybody who’s in AWS is starting to think can I be done? Would I be the next one. So these trends started accelerating in 2019. And we really started seeing a demand for that right to demand for the kind of work we were doing, which is really providing visibility on data at the deepest level, but also making sure you know, people have access to the right data only for that purpose and nothing more. Those notions those concepts started coming up more and more, I would say in 2018 19 times timeframe
Alexander Ferguson 19:17
with I think you said the CCPA started January 1 of 2020. Is that when
Balaji Ganesan 19:22
Yeah, and they were starting to discuss that right so in and so but
Alexander Ferguson 19:29
it’s things I’ve probably showing that say so many things, you’re in the right place at the right time in some ways.
Balaji Ganesan 19:36
Exactly. And so as startups you have to timing is market timing is is is is a lot contributing to that you can build a very great concept but if you’re early into the market, you may not make traction. If you’re too late into the market you you lose out on the momentum so timing is everything.
Alexander Ferguson 19:55
abolished. You timed this perfectly right. You had this exact in mind you knew It all would happen, didn’t you? Yeah, I wish I
Balaji Ganesan 20:02
could go and say, as I knew everything exactly, it just doesn’t turn out. But here, we are inklings of that. We were seeing that in 2016, right? We saying, hey, you know, this is going to become more real. Because then again, in Hortonworks, we, we had a driver seat talking to largest of organizations and saying, hey, everybody was saying the same thing like data is going to be our asset, we are going to invest a lot on data. But hey, how do you put guardrails on it? And how do you think about it in a different way. And the reason is that data security is not a new product. It’s not a sexy term, it has existed for two decades, and those principles have existed. But the concepts of data security was built for a very on premise database world where you could you could just be an isolated database and an application and Ireland can be an island, and you can lock this island and be that but where companies are trying to move that is they don’t want to be an island, right? So this data needs to be shared and used access by everything. And the way people used to do it before was I would make copies of this, I’ll make more islands. And, and and at some point that’s not scalable, right? So you make an island for one team and island for you stay in this islands and don’t cross. But you can’t do that. Now, you have to now figure out a way you’re building a city or town and have everybody come in and coexist. So the shifts are happening, even when we were working works is that people trying to like this traditional approaches of data, how do you cover and build that just doesn’t work anymore. It doesn’t work in big data, suddenly, it doesn’t work in cloud where you can, can put the data in one place in one estate, and invite people rather than creating and trying spending energy in highlights, but one challenge with islands is a, you spent two years creating the island. And by the time your business has changed. And so people people are like, Okay, this approach is no longer tenable. So, governance, security had to be thought through again, right. So like the traditional approaches were not working. So in, we saw those trends in one direction that led to believe the Privacera, but GDPR and California privacy is something we starting to see that it was great to see those big brand legislation, legislation, it becomes real as part of
Alexander Ferguson 22:34
it in many ways. It’s it was kind of maybe a reactive thing. It’s like well, it’s it’s sort of secure, something happens, we’ll fix it, then. But all these major breaches are bringing up the consumer awareness. And then and then when that happens, then government pays attention. And everyone’s talking about privacy. And then we were like, What are we doing? What are we doing? How do you see then? I mean, regulations can be difficult. That’d be hard. It’s like, annoying, but you think they’re there? They’re the they’re a good thing.
Balaji Ganesan 23:06
I think regulations are needed, right? So and in my journey before private Sarah or access secure, I spent quite a bit of time in the retail industry and the retail technology and stores technology and other products. And we had a regulation in retail called PCI payment card industry. And it’s essentially, regulation around how do you store payment, credit card information, and that stemmed from a breach that happened in a company called T GX in there, hackers were able to get in and get access to a lot of credit card information. And as part of it, and, and at that time, there was no regulation, there was no standard, and every every retailer was was doing their own thing, and some will do minimum some would do a maximum part of it. So and as an industry, you are as good as your weakest link. And and and so hackers were able to find, you know, retailers who are minimum security and get able to access to credit card information, and that’s game over. Right. So as part of it, so you’re dealing with 1000s 1000s of credit card. So this regulation was was an industrial forum put in and the regulate the the reason that regulation is fine, is you need a board, the carrot and the stick model. And the carrot model is standards. Regulations bring in a standard in terms of every retailer is now adopting that standard for organizations of how you protect credit card data, but you need a stick and companies will not move. In some cases if you don’t have the stick unfortunately. Right. So while regulations can be a you know, it’s not like always a great thing and because some regulations were so vague, that is hotter. interpret what you do. I think PCI was one example, which was fairly clear, they went into exact specification of how you should protect credit card data and what what are the different aspects of it. And they there is a regulatory body, which is monitoring that. And there are fines if you don’t offer, but that becomes a driver for doing the right thing that becomes a driver for today, all retailers confirmed to that on day one. And you don’t see the amount of credit card breaches that used to happen, no longer happening as part of it. So the trends have gone down, you still see hackers are still getting smarter, right? It’s always a catch up game. So it’s one regulation is not going to solve everything and all security challenges. We still had retailers getting breached. So but regulation starts putting in hygiene and standards. So if I do feel like we government has a role in building up pushing standards in NIST has a role in pushing standards and standards are important for everybody in the industry to get to a kind of common levels around protecting data in now protecting privacy and individual rights.
Alexander Ferguson 26:15
Do you see more regulations and standards coming in the near future?
Balaji Ganesan 26:20
Yes, I think what we are seeing in California is a precursor to every state adopting that we see now almost six states are adopting similar standards, and it’s coming in more. And as consumers are getting more voice. We are seeing that in Latin America, we’re seeing in Asia, these regulations GDPR kind of regulations coming up because because consumers are seeing that consumers are seeing how, you know what happens if data is not protected. And if you lose with that part of it, and they are reacting to that product set. And so individual rights is becoming is becoming paramount. So we see this regulations coming up in every part of the organization. So absolutely, yes, we will see these regulations having more teeth. And so what usually ends up happening is initially the regulation is fairly high level. And as its goes and they start adding in more teeth, and we are starting to see that in GDPR. And even in California privacy that the initial set of fines kind of trigger in the whole moment of industry changing. And these are years worth of shifts. So you’re not talking an overnight shift here. These sometimes take years and maybe a decade. But in our in our mind, we are not going to be go back into a world of no regulation, no part of it be it’s it’s a one way door. It’s one way door now. And so we are going to be in a world where just like everything else, you need to have laws and regulations and standards and and data and you know, individual protection, privacy is now becoming real as part of it. So it’s no longer a some rule or some notion that is exists in the company. It is a fundamental part of your business. Now, too, if you’re handling consumer data, you better think about privacy on day one, right? So and regulations are important. Again, to my point, unfortunately, you need a both a carrot and a stick model sometimes to make
Alexander Ferguson 28:23
that happen. I you you painted the future one way door, I like that that visual, I feel like I’m leaving the airport, you once you’re out that one next door, you can’t go back, you’re you’re done, you’re out.
Balaji Ganesan 28:32
It’s like the TSA is not going away, we’re not going back to those days where you can walk to the airplane, you know, and tend to enforce it’s not hard.
Alexander Ferguson 28:42
And anyways, I think consumers are now more aware, as you stated of this, this, this movement and their expectations for privacy for security of I’m giving you my data, and they’re gonna be less forgiving, if anything changes.
Balaji Ganesan 28:56
Exactly. And it goes to trust in brand as well. And so what organizations are realizing is is trust is is a paramount when it comes to privacy and what companies they trust to do business on. And, and we see that with Apple as a prime example of differentiating on privacy. It’s saying, Hey, we are different than the others because we are and they run campaigns on privacy as part of it. So this can become if what leading companies are doing is they’re they’re using that as a differentiator in saying hey, V. We take security, privacy, governance real and we are custodians of the data. We have done investments on it, it becomes part of your differentiators. It becomes part of building a trust with consumers and I think the next set of differentiating companies will come out of that right so it’s about using that and Apple is a prime example of how they are leveraging in their campaigns. It’s amazing.
Alexander Ferguson 29:58
Biology you Hey, appreciate you kind of painting the picture for us both. You seen it coming, you knew it was coming and a lot of people have been but we are now here and that space that we’re heading through that door can’t go back. And I think you guys are uniquely positioned to give a an approach to solving this problem. For those that want to learn more, you can go over to privacera.com That’s PRIVACERA.COM be able to request a demo. Thank you for your time. Balaji it’s good to have you on.
Balaji Ganesan 30:28
Thank you so much for the time and I enjoyed talking to you and hope to continue the conversations further. It’s an exciting time and exciting face to be in and I enjoy the conversation today.
Alexander Ferguson 30:39
We’ll see you all on the next episode of UpTech Report. Have you seen a company using AI machine learning or other technology to transform the way we live work and do business? Go to UpTech report.com and let us know
YouTube | LinkedIn | Twitter| Podcast