Security and Data: Two Sides of the Same Coin

With AWS re:Inforce starting today and Snowflake Summit coming up at the end of this month, I am just reminded how odd it is that we make such a distinction between security and data teams. Each has different conferences, different titles, different paygrades, and for some reason different tooling. They talk past each other in different languages full of terminology only those with category experience understand. But when you really get down to it, security and data are much more alike than you’d think on first glance.

While security teams like to “inventory” all of their enterprise data assets, analytics teams keep a “catalog”. Security teams want to do “data mapping” for governance reasons, while analytics teams are focused on “lineage” for correctness. Security teams will purchase a SOAR platform to develop standardized playbooks, while data teams will create DAGs using an orchestration tool. Security teams will talk to you about looking through “log files” to discover “threats,” while analytics teams will look through “data” to capture “insights.”

And things get even weirder when it comes down to vendor capabilities. Speak to a security professional and they will talk about Immuta or BigID or some new Data Security Posture Management (DSPM) vendor to help “secure” their data assets. Meanwhile at the other side of the room, data engineers are implementing Alation or Collibra or another observability tool to help drive “knowledge.” The tooling collectively referred to as the ELK Stack (Elasticsearch, Logstash, Kibana) are together used to consolidate logs into a single pane of glass with search capabilities and anomaly detection on top. Data teams, on the other hand, have been generating ETL/ELT pipelines for decades to feed data into their business intelligence tool of choice with built-in alerting systems. And funny enough, security professionals love to come together to lament over the astronomical pricing of Splunk, just as data analysts are doing the very same over their Snowflake bill.

At the end of the day, it is the job of both security and data teams to deliver value by combing through information. Just like the adage that physics is applied math, both security and analytics are just applications of different datasets. And if I were to bet, I would wager we see further convergence between the tooling utilized by both industries. We have already seen Snowflake targeting security budgets by creating a Security Data Lake with partners like Panther Labs, Hunters, and Dassana. Rubrik, originally founded as a data backup and recovery solution, now markets themselves as a Security Cloud. And although we haven’t seen it just yet, I wouldn’t be surprised to see a SIEM or log management company look to compete with the data warehouses/lakes to capture some of their value.

So, although it is true that software may be eating the world, security and data teams are just as busy eating each other.

I’d love to speak with you if you agree/disagree with anything written here. Please reach out to ryan.wexler@dell.com