Making Data Better

Hosted by Lockstep Consulting Pty Ltd

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

Jul 2024

Language

EN-US

About the show

Making Data Better is a podcast about data quality and the impact it has on how we protect, manage, and use the digital data critical to our lives. Through conversation and examination, George Peabody and Stephen Wilson look at data's role in risk management, at use cases like identification, lending, age verification, healthcare, and more personal concerns. Privacy and data ownership are topics, as are our data failures.

Listen to episodes

16 recent

July 28, 2024Episode 1639 min

EP16: Data, Governance, and Public Service: Ian Oppermann

The focus of computer technology historically has been on the manipulation and communication of data and information. Yes, there’s always been the monstrously obvious admonition of “garbage in, garbage out” when speaking of data. But as our dependence on data grows, the issues of data quality, of making data better, have grown in importance and complexity. Data, it turns out, is endlessly nuanced.Government Data Generation and UsageGovernment has an enormous interest in data. It is an issuer of data when it assigns account numbers, for example, to its citizens to ease service delivery. It is also a considerable consumer of data in order to establish policy, measure program efficiency, support planning, and, just as with any business or individual, for decision making of all kinds.But this isn’t simple. The term “government” masks the fact that multiple agencies exist, each with its own goals, never mind data handling policies and procedures. Sharing data across industries is as nuanced as data sharing between enterprises or even more so. Understanding how governments think about the data they consume and generate is key to long term data security and online identity.Talking with Data Expert Ian OppermannIn this fascinating and stimulating conversation, Steve and George discuss these topics with Ian Oppermann, the former data director for the state of New South Wales, a director for Standards Australia, and advisor to multiple startups.Ian shares his insider’s knowledge of government agency priorities and the fact that sharing data across agencies is “extraordinarily hard.” Just at the BeginningStandards Really Really MatterIan’s participation in ISO standards development comes from his insight that data sharing requires very crisp definitions, detailed use cases, and specific guidance for each use case based on privacy and data custodianship requirements. And he points out that we are just at the beginning.For example, the latest ISO standards tackle the basics of terminology definition and use cases, ISO 5207, and guidance of data usage, ISO 5212. These standards do address the use case of AI but even at this stage the standards address the basics. People MatterAs with many technology management concerns these days, the concerns are rarely about the tech itself. They’re about people, too. Here’s Ian:“If you want to use [data] for important purposes, you actually need people who know and understand what data is, who know and understand what data governance is, and who know and understand how to actually use the data for appropriate purposes and then put guidance restrictions or prohibitions around the data products you create.”Ian concludes with:“But [for] the general use of data, we're only just beginning to understand the power, the complexity, the mercurial nature of data and starting to build frameworks around it.”Take a listen if you care about data management and governance in large organizations. We are just at the beginning of getting this right.

June 30, 2024Episode 1539 min

EP15: Money in the Metaverse with Dave Birch

Dave Birch is an authority and an ambassador for identity systems. And a great conversationalist. With co-author Victoria Richardson, he’s just published Money in the Metaverse: Digital assets, online identities, spatial computing and why virtual worlds mean real business. (US link here).In this discussion with Steve and George, Dave introduces the book and takes us into their thinking about secure, private transactions in the metaverse. Or metaverses as he points out because it will be a multi-metaverse world. Dave doesn’t let the slow evolution of 3D hardware or its high price stand in the way of his enthusiasm. We’ve seen similar transitions before, ones that drive ubiquity and precipitous hardware cost declines so it's time to get out ahead of what's coming.Much of the conversation is relevant to today’s concerns, in advance of widespread metaverse adoption. So take a listen.A note on their book.Even if you are slightly skeptical (or more) about metaverse breadth or arrival date, Money in the Metaverse is a very worthwhile read as it discusses so many of the essential components and concerns that apply in today’s world. The challenges, and solutions, to identification and privacy are examined at depth. Victoria and Dave have used the bright light of use cases, stories, and tech from our current situation to explore identity infrastructure that works in the real world and, according to them, may work better in the metaverse.

May 20, 2024Episode 1428 min

EP14: Steve Wilson on NAB Digital Next Podcast

Lockstep's Steve Wilson just appeared on the NAB Digital Next podcast with host Alysia Abeyratne. NAB has kindly allowed Making Data Better to repost the podcast here.If you want to understand how to untangle the knots we’ve tied around identity and identification online, take a listen.Alysia asks important questions and Steve provides really crisp answers and explanations on:The evolution of digital identityVerifiable credentialsCommentary on Australia’s Digital ID legislation.

May 8, 202432 min

EP13: The Future of the Cloud: Confidential Computing with Mike Bursell

How do we protect data while it’s actually in use? And how can we prove it?Up until now, that’s been nearly impossible. We’ve addressed securing data in flight and at rest. When done right, they are strong protections. But what about when the data (and code is data, too) is actually in memory or being processed? And how much more complex does that become when everything is in the cloud?Confidential computing addresses this weak, and hitherto unsecured, concern. In this episode of Making Data Better Steve and George speak with Mike Bursell, executive director of the Confidential Computing Consortium and author of Trust in Computer Systems and the Cloud, a brilliant examination of trust in digital system.Confidential computing gives enterprises a way of securing their operation’s data and code in the face of rising threats and compliance demands. It provides attestation, the ability to prove in an auditable fashion how data has been handled, right down to the metal. Mike’s clear that this is the future of computing. We already know the future is in the cloud. Now it needs to be secured. He’s hardly alone in that view. Indeed, Microsoft already uses confidential computing to protect its multi-billion dollar payment processing transaction system.So take a listen. Confidential computing makes data better.

April 22, 2024Episode 1215 min

EP12: Our Quick Hit on How Hard Security Deployment Really Is

In this Making Data Better episode, Steve and George discuss the multiple challenges of making better security approaches available and, critically, used by relying parties and suppliers. This is a hugely non-trivial problem. Functional product features nearly always receive priority over basic security. IoT manufacturers compete on features and cost where even a single dollar’s worth of cryptographic hardware impacts competitiveness. With incentives as they are, taking steps to secure digital operations will continue to be viewed as a cost of doing business, a cost to be minimized if not avoided. The answers are multiple but a huge market shaper is regulation. Regulation shapes how competitors prosper, or not, by focusing incentives on safety. That’s worked for automobiles; it’s worked for aircraft. We believe the internet needs similar treatment (remember the phrase “Information Superhighway”?). Regulation can remove the cost avoidance temptation and establish the minimum capabilities for all parties. And, as we discuss, ubiquitous participation is essential.We are also bullish on the business model that could emerge around verifiable credential sharing. So take a listen!

March 29, 2024Episode 1145 min

EP11: The Internet Bends Toward Privacy: Michelle Finneran Dennedy, PrivacyCode

Privacy has been a major casualty of the Internet. Twenty five years ago Silicon Valley leading light, Sun’s CEO Scott McNealy said we “have zero privacy. Get over it.” And that has been the truth ever since and the profits basis for AdTech behemoths Google, Meta, and more.The good news is that, in the quarter century since advertising became the Internet’s business model, few have gotten over it, including powerful national and regional regulators.In this wide-ranging discussion with Steve and George, Michelle Finneran Dennedy, CEO of PrivacyCode, Inc. and Partner at strategy consulting firm Privatus.Online speaks to this shift toward restoring online privacy and what her company is doing to streamline implementation of privacy enhancing practices.In this Making Data Better episode, Michelle addresses:The immorality of Data Subject Access RequestsEthics vs. zero trustThe impossibility of privacy regulation complianceAdTech’s shifting modelThe liability tornado about to strike data hoarding enterprisesThis is an important and exciting conversation. Take a listen.

March 7, 2024Episode 1033 min

EP10: The Key Role of the Data Provider - Cindy Printer, LexisNexis Risk Solutions

A key actor in risk assessment is the data provider. These commercial operations aggregate and analyze the data produced by governments, enterprises, individuals, and even other data providers. All to feed today’s insatiable appetite for understanding who it is we are dealing with online. In this Making Data Better episode, Steve and George are joined by Cindy Printer, Director, Financial Crime Compliance and Payments, at LexisNexis Risk Solutions. The company is a major data provider to government and enterprise; Cindy focuses her work on financial services firms and their need for regulatory compliance.We discuss the granular nature of the data LexisNexis Risk Solutions offers its customers and the breadth of sources used to meet their needs. It’s astonishing.Cindy makes the point, one we heartily agree with at Lockstep, that risk is specific, a concern for each individual entity and that the data required by each entity varies based upon its specific concerns. And that’s why LexisNexis Risk Solutions tunes the data services it provides to the industry segment and individual firm.Sitting on top of such vast data resources and knowing the complications associated with deriving meaning from it all, LexisNexis Risk Solutions also provides analytical services that saves an enterprise from having to analyze the data itself.This is a great conversation if you want to understand the data provider role, the scale of its operations, and its priorities. So take a listen.

February 26, 2024Episode 914 min

EP9: The Bigger Step: Want a Single Digital ID?

In this quick take, Steve and George discuss the idea of a single digital ID through a review of the proposed bill currently in front of Australian legislators. We being by comparing that approach to two very different models: India's Aadhaar program and the "shadow IDs" as employed by commercial data providers. We are excited by the steps Australia is taking to secure the online activity of its citizens. This is serious work with many of the required elements for success already in place. And connecting those elements into a strong chain will be challenging.We conclude with a discussion on the quality of the data feeding into any system performing identification. How do you know that the data is authentic when it is presented through plaintext? Like chip cards and passkeys, we posit that device-bound data is required for secure online interactions.This concern isn't just about what's happening in Australia, of course. The problems of data authenticity and how to integrate a new digital attribute into KYC processes are non-trivial. So take a listen and get in touch.

February 10, 202416 min

EP8: A Big Little Step: Australia Shifts from Digital Identity to Digital ID

Australia's online security community - government, banking, and providers - has made a major, deliberate move. Over the last year, the term "digital identity" has been replaced by "digital ID" in government and industry publications and press releases. Steve and George unravel this deliberate linguistic shift from the amorphous 'digital identity' to the more concrete and pragmatic 'digital ID', and understand why this nuanced change is more than mere semantics. It's a shift that promises greater clarity in technology, legislation, and personal identification. Tune in and explore a future where proving who you are online is not just more secure, but refreshingly straightforward.Why does this matter? As Steve and George discuss it in this episode of Making Data Better, it accurately shifts the focus of policy and technical work on to the quality of the data used for identification purposes. It frees everyone from the impossible tasks of representing our "identities" digitally. Through our discussion, we celebrate the strides made by Australia in addressing the advancement of digital identity systems—a contrast to the comparatively uncoordinated, market-driven efforts seen in the U.S. Steve and George conclude with their perspective on how to secure digital IDs using device-assisted presentation. Plaintext presentation is the enemy. It gives hackers endless opportunities to copy (via data breaches) and replay (via fraud) that data. There is a straightforward solution that we have done before: marry the cryptographic strength of how chip cards are secured to the convenience of smartphone presentation and we have the opportunity to remove breach incentive by making our digital ID data better.There's plenty of work ahead but there's great power in what could be an uncontroversial, technically practical, achievable approach. So take a listen.

January 29, 202437 min

EP7: Confidential Computing: Protecting Data and Code in Use

Data provides the basis for how we make decisions. An enemy of security these days, from our point of view, is plain text. We need better than that. We need device-assisted support for proving where data comes from and how it's been handled. We need systems that keep data (and code) from being altered without cause, that give us the ability to trace the change history of data. Confidential computing is a new compute paradigm that provides a hardware-based foundation for running code and the data it manipulates. It safeguards data and code (it's all data; it's all code) in its most vulnerable state: while it's being processed. In this episode of Making Data Better Steve and George are joined by Anjuna's Mark Bauer to dive into this new model's high impact on security and low impact on cloud app development. Mark dissects the mechanics behind this approach including how it strengthens the software supply chain through hardware-based attestation. He addresses its fit in modern cloud infrastructure including Kubernetes, data loss prevention (DLP), API scanning and more. The conversation addresses the initial major use cases for confidential computing. High risk environments including defense, banking, and healthcare are obvious. Not so obvious is securing multi-party data sets in the cloud for machine learning and AI-based applications. So take a listen to this episode of Making Data Better and learn how hardware-based security can harden the cloud.