Category Archives: Data Governance

Best Kept Secrets for Successful Data Governance

data governance

Best Kept Secrets for a Successful Data Governance

If you’ve spent some time studying and practicing data governance, you would agree that data governance is a challenging yet rewarding endeavor.  Across industries, a growing number of organizations have put data governance programs in place so they can more effectively manage their data to drive the business value. But the reality is, data governance is a complex process, and most companies practicing data governance today are still at the early phase of this very long journey.  In fact, according to the result from over 240 completed data governance assessments on http://governyourdata.com/, a community website dedicated to everything data governance, the average score for data governance maturity is only 1.6 out of 5. It’s no surprise that data governance was a hot topic at last week’s Informatica World 2015.  Over a dozen presentations and panel discussions on data governance were delivered; practitioners across various industries shared their real-world stories on topics ranging from how to kick-start a data governance program, how to build business cases for data governance, frameworks and stewardship management, to the choice of technologies.  For me, the key takeaways are:

  1. Old but still true – To do data governance the right way, you must start small and focus on achieving tangible results. Leverage the small victories to advance to the next phase.
  1. Be prepared to fail more than once while building a data governance program. But don’t quit, because your data will not.
  1. Why doesn't it fit?!One-size doesn’t fit all when it comes to building a data governance framework, which is a challenge for organizations, as there is no magic formula that companies can immediately adopt. Should you build a centralized or federated data governance operation? Well, that really depends on what works within your existing environment.
    In fact, when asked “what’s the most challenging area for your data governance effort” in our recent survey conducted at Informatica World 2015, “Identify roles and responsibilities” got the most mentions. Basic principle? – Choose a framework that blends well with your company‘s culture.
  1. pptLet’s face it, data governance is not an IT project, nor is it about fixing data problems. It is a business function that calls for people, process and technology working together to obtain the most value from your data. Our seasoned practitioners recommend a systematic approach: Your first priority should be people gathering – identifying the right people with the right skills and most importantly, those who have a passion for data; next is figuring out the process. Things to consider include: What’s the requirement for data quality? What metrics and measurements should be used for examining the data; how to handle exceptions and remediate data issues? How to quickly identify and apply security measures to the various data sets?  Third priority is selecting the right technologies  to implement and facilitate those processes to transform the data so it can be used to help meet  business goals.
  1. Business & IT Collaboration“Engage your business early on” is another important tip from our customers who have achieved early success with their data governance program. A data governance program will not be sustainable without participation from the business. The reason is simple – the business owns the data, they are the consumers of the data and have specific requirements for the data they want to use. IT needs to work collaboratively with business to meet those requirements so the data is fit for use, and provides good value for the business.
  1. Scalability, flexibility and interoperability should be the key considerations when it comes to selecting data governance technologies. Your technology platform should be able to easily adapt to the new requirements arising from the changes in your data environment.  A Big Data project, for example, introduces new data types, increased data speed and volume. Your data management solution should be agile enough to address those new challenges with minimum disruption to your workflow.

Data governance is HOT! The well-attended sessions at Informatica World, as well as some of our previously hosted webinars is testimony of the enthusiasm among our customers, partners, and our own employees on this topic. It’s an exciting time for us at Informatica because we are in a great position to help companies build an effective data governance program. In fact, many of our customers have been relying on our industry-leading data management tools to support their data governance program, and have achieved results in many business areas such as meeting compliance requirements, improving customer centricity and enabling advanced analytics projects. To continue the dialogue and facilitate further learning, I’d like to invite you to an upcoming webinar on May 28, to hear some insightful, pragmatic tips and tricks for building a holistic data governance program from industry expert David Loshin, Principal at Knowledge Integrity, Inc,  and Informatica’s own data governance guru Rob Karel.

Get Ready!

Get Ready!

“Better data is everyone’s job” –  well said by Terri Mikol, director of Data Governance at University of Pittsburgh Medical Center.  For companies striving to leverage data to deliver business value, everyone within the company should treat data as a strategic asset and take on responsibilities for delivering clean, connected and safe data. Only then can your organization be considered truly “Data Ready”.

Share
Posted in Data Governance | Tagged , , , , , , , , , , , | Leave a comment

(Re)Thinking Data Security Strategy

Data Security Strategy

Rethinking Data Security Strategy

Data security is usually something people only think about when they get hacked, a place they do business with gets hacked, or they lose their credit card or wallet. It is just human nature to not worry about things that you cannot see and that seem to be well at hand. Instead I would suggest every company (and person) take just 15 minutes once a month to think about the below items that need to be part of their data security strategy.

Data security is a complex issue with many facets. I will skip past how you create and use passwords as that is the one area that gets a lot of focus. With the now well accepted use of SaaS and cloud based technologies by companies and people in their personal lives it is also time that people take a few moments to consider just how their data is secured or in some cases at risk.

Data centric security. Traditionally enterprise security has focused on access issues. What can be accessed from where and by who. The problem with this often walled garden approach is that when it comes to data these technologies and procedures do not take into account the common use cases of data usage. Most data security programs are also really outdated in a world where the majority of companies are using systems they do not own or directly manage (e.g. SaaS, Cloud, Mobile) or all the different types of data that are being created by people, systems and applications. Many enterprise security strategies need to move from focusing on access to include data usage and the ontology of data being used.

Question: Does your company have a modern enterprise security strategy or a walled garden approach?

Data about data. Long ago to make it easier to store, search and retrieve data people figured out that adding descriptive information about what is in the data file would be useful. Metadata is the actual term and it is no different than the labels people would put on a file to hold papers before we started moving everything to software based storage. The problem is that metadata has really grown and it can provide ways for people to learn a lot of personal, business and proprietary information without even getting access to the underlying information file. The richer the meta-data the more business or personal risk is created by possibly exposing information without actually exposing the underlying data.

Question: Are you accidentally exposing sensitive information in your metadata?

At rest data. The reason they use to say keep your tax records for 3 years and then destroy them is because people stored everything in file cabinets, drawers, or under a mattress. Some people do still like physical records but for most people and companies data is stored electronically and has been for a long time. The addition of SaaS and cloud based solutions adds a new wrinkle because the data is stored somewhere that you do not necessarily have direct access. And in many cases the data is stored multiple times if it is archived or backed up. Even when data is deleted in many cases it is not really gone because with the right technology data can be recovered if it was not fully deleted off the storage system that was used.

Question: Do you know where your data is stored? Archived? Backed up?

Question: Do you know how you would dispose of sensitive data that is no longer needed?

In flight data. No, this is not the Wi-Fi on the airplane. This is literally the data and meta-data that as they are being used by applications in the regular course of business. The issue is that while the data is being transmitted it could be at risk. This is one reason that people are warned to be careful of how they use public Wi-Fi because any decent hacker can see all the data on the network. (yes, really is that easy). Another enterprise issue that often needs to be dealt with is data cleaning in order to reduce duplicates or errors in data. A problem that occurs is how to do this with sensitive data that you do not want the developers or IT staff actually seeing. (e.g. HR or financial records).

Question: How does your company safe guard transactional and in flight data?

Question: Does your company use data masking and cleansing technology to safe guard in flight data?

Data Security Strategy

Rethinking Data Security Strategy

Data. Yes, the actual data or information that you care about or just store because it is so easy. I would recommend that companies look holistically at their data and think of it across it’s lifecycle. In this approach the data risks should be identified for how it is stored, used, transmitted, exposed internally or externally, and integrated or accessed for data integration. There are some new and interesting solutions coming to market that go beyond traditional data security, masking, and cleansing to help identify and access data security risks in the area of Security Intelligence. The concepts of Security Intelligence are solutions that are meant to create a measurement of security risk and identify issues so that they can a) be addressed before becoming a big problem b) automated procedures can be put in place to improve the level of security or bring solution up to the desired level of security .

One example is a new solution from Informatica called Secure@Source, which is just coming to market. This is a solution that is meant to provide automated analysis for enterprises so they can determine data risks so they can make improvements and then put in place new policies and automated procedures so that the desired level of data security is maintained. There have been similar solutions used for network security for years but these newer solutions while using similar approaches are now dealing with the more specific issues of data security.

Question: What is your company doing to proactively assess and manage data risk? Are you a good candidate for a security intelligence approach?

Data security is an important issue that all companies should have a strategy. While this is not meant to be an all encompassing list it is a good starting place for a discussion. Stay secure. Don’t be the next company in the news with a data security issue.

Share
Posted in Architects, Big Data, Business Impact / Benefits, Cloud Computing, Data Governance, Data Integration, Enterprise Data Management, Master Data Management | Tagged , | Leave a comment

Data Governance Maturity at Your Organization?

Data Governance

Data Governance Maturity

If you are a Healthcare provieder, having a complete view of your member’s data will improve your service. The more detail you have on each member, the more effective you can be at providing the service they deserve.

It is probable that all of the information on a member is stored in several different systems – so getting the complete picture can be difficult. In addition – controlling access to this information is an important part of any organization’s overall strategy. And finally – data assets become more valuable the more you use them. If three divisions of an organization all share information about their interactions with a customer, the organization as a whole is better able to service the customer, at lower cost and with high customer satisfaction.

Data governance is used by organizations to exercise control over processes and methods used by their data stewards and data custodians in order to improve data quality. Data governance is a control that ensures that the data entry by an operations team member or by an automated process meets precise standards, such as a business rule, a data definition and data integrity constraints in the data model. A data governor uses data quality monitoring against production data to communicate errors in data back to operational team members, or to the technical support team, for corrective action.

How far along in the Data Governance journey is your organization?

  1. Is your organization currently unaware of Data Governance?

There is minimal focus on data quality or security, data isn’t prioritized in any meaningful or actionable way, there is no measurement around data governance and it isn’t managed.

  1. Is your organization in the initial phases of Data Governance?

Data Governance is primarily grassroots driven by a few passionate individuals, rules are implemented in an ad hoc fashion, with policies or standards are part of functional requirements in an IT project, which is only considered successful if the IT release is considered successful.

  1. Is Data Governance at your organization repeatable?

For these organizations – data governance is still grassroots, but gaining attention at the IT management level. There are documented IT governance and standards driving metadata resuse and improved collaboration across IT projects. The success is measured primarily on improved IT efficiencies. This is typically managed through a pilot project.

  1. Defined Data Governance

This is lead primarily from senior IT through adoption of competency centers and centers of excellence. Project leadership is primarily through IT, but there is business involvement. The success is measured on operational metrics at a project level.

  1. Data Governance that is Managed

The Data Governance program is sponsored by business leaders, initiated as part of a broader strategic enterprise information management program. Data Governance will live through multi-phase, multi-year efforts but measured based on the success of the program.

  1. Optimized Data Governance

There is top-level executive sponsorship and support. Data governance is embraced as a self-sustaining core business function managing data as a corporate asset. Success is measured on the total impact to the business, not just confined to specific programs or strategies.

 
There is a fantastic site (http://governyourdata.com/ ) that is an open peer-to-peer community of data governance practitioners, evangelists, thought leaders, bloggers, analysts and vendors. The goal of the governyourdata community is to share best practices, methodologies, frameworks, education, and other tools to help data governance leaders succeed in their efforts.

One of our customers, UPMC has a great blog post on their implementation of a Data Governance council and the challenges they faced making it a priority in their organization.

To figure out where on the continuum of data governance maturity – there is a Data Governance Maturity Assessment Tool through the governyourdata.com site. A maturity assessment level sets current gaps and strengths and paves the way for defining a successful strategy. The process of assessing an organization’s maturity should include interviews of relevant business and IT staff, business risk surveys, business analyst time and activity analysis, and other techniques. Once your assessment is completed – you can identify the appropriate steps you need to plan for to develop an Optimized Data Governance approach for your organization. Where does your organization stand?

Share
Posted in Data Governance, Healthcare | Tagged , , , , , , , , | Leave a comment

The Emergence of the Analytical (Data Ready) CEO

OaklandI remember being an A’s fan during the Moneyball era. When my wife and I saw the movie, we kept asking each other do you remember going to this game or that game. Prior to the movie, neither of us knew what was taking place in the A’s back office. All we knew was it was hard not to want to be part of this team with such a low payroll, kids drumming at every game, and irrepressible will to win even though the odds were stacked against them.

CEO leadership is needed to push analytics thinking

CurveJust like what happened during Moneyball, I am increasing finding that analytics do not happen in a vacuum. Leadership is needed to push analytical thinking. There needs to be an orientation to analytics and this needs to come from the top for an enterprise analytics approach to take hold and to grow. Clearly, not all organizations need to have their chief analytics officer reporting directly to the CEO, but there needs to be bias to use data rather than gut feel. And this bias needs to be set at the top of the organization. Otherwise, organizations end up with enterprise fiefdoms of information.

Last week, I was sitting with two IT leaders for a major mutual fund company. I was talking to them about the importance of analytics. While both agreed with me, they said that some managers prefer to use their intuition and experience versus data. Imagine that—the most data centric type of enterprise has managers preferring intuition over data. However, CEOs are starting to act as change agents here. Marc Benioff says, “I think for every company, the revolution in data science will fundamentally change how we run our businesses. Our greatest challenge is making sense out of data. We need a new generation of executives to understand and lead through data”.

Brian Cornell is a great case study

TargetOne of the leaders of the analytics vanguard is Brian Cornell. “Analytics have been a central part of Cornell’s approach”. When he headed Sam’s Club, he used analytics to improve the unit’s customer-insight system. The results were so good that Wal-Mart moved all of their analytics teams under Cornell. According to Stuart Aitken, Cornell does not just look at the data. He goes beyond the data and asks hard questions of customers and those on his team. Cornell method involves taking the clues he gathers from customer conversations and using analytics to look for broader patterns that would reveal problems and opportunities.

Cornell’s emphasis on analytics was a key reason why Target board’s hired him. His record with analytics is amazing. This included his ability to use data to expand in house brands and reverse sales declines at each company that he worked for. At Sam’s Club, for example, he made it into the fastest growing division of Wal-Mart. Presently, Cornell is using data and analytics to look for areas where Target can reestablish it’s right to win.

Change moment for CEOs

shutterstock_227713873 - CopyWe are clearly at a change moment for CEOs. In the past, CEOs and their managers relied on backward facing reporting to drive forward facing performance. But today, timely data exists to drive forward facing performance—especially, if the analytics are placed on top of them to show connections and predict near term impacts. Whether it be for the front office or the back office, with great data—data which is trustworthy and timely—it is possible for CEOs and their leadership teams to be the captain of the ship. It is possible with great data and a willingness to dig into what the great data represents to see the business icebergs ahead and to take action not only corrective action, but as well, to make use of the opportunities and trends that they represent. Clearly, with great data, analytical CEOs and their teams can develop strategies that can be the basis for new approaches to winning businesses.

Parting remarks

So how can you become the analytical leader that your enterprise needs? To point you in the right direction, here are four practices that will fuel your strategic use of data. The linked research combines the latest research from the Economist Intelligence Unit and a global survey of IT professionals and C-level executives. From this research, the connection between the strategic use of data and financial performance will become absolutely clear.

Related links

Solution Briefs

Next Generation Analytics

Related Blogs

Big Data: The Emperor may have their Clothes on but…

Should We Still be calling it Big Data?

Analytics Stories: A Banking Case Study

Analytics Stories: A Pharmaceutical Case Study

Analytics Stories: An Educational Case Study

Analytics Stories: A Financial Services Case Study

Analytics Stories: A Healthcare Case Study

Major Oil Company Uses Analytics to Gain Business Advantage

Is it the CDO or CAO or Someone Else?

Should We Still be calling it Big Data?

What Should Come First: Business Processes or Analytics?

Should Analytics Be Focused on Small Questions Versus Big Questions?

Who Owns Enterprise Analytics and Data?

Competing on Analytics

Is Big Data Destined To Become Small And Vertical?

Big Data Why?

What is big data and why should your business care?

Author Twitter: @MylesSuer

Share
Posted in Data Governance | Tagged , , | Leave a comment

Are You Ready for IoT Data Integration?

Are You Ready for IoT Data Integration?

Are You Ready for IoT Data Integration?

As the Internet of Things (IoT) continues its explosion, the numbers of practical applications are beginning to rise. Many consider this space to be all about devices that communicate. In reality, it’s about massive amounts of data, and how we manage and analyze that data.

For example, drones fly over a cornfield to gather data that will determine the effectiveness of irrigation. This process collects gigabytes of data that can be analyzed to determine where the farmer needs to address issues that reduce the yield of the field. In another example, an MRI gathers massive amounts of data in a single scan that are analyzed along with past diagnoses and outcome data to determine what’s going on now, as well as what will likely go on in the future, based upon patterns that it sees in the scan. In yet another example, a jet engine produces data during a flight that, when analyzed using predictive analytics, lets the pilots know that it’s about 5 hours away from a complete failure.

The use cases for IoT are expansive. They are all data driven, and just like applications that produce data, care must be given as to how the data is integrated with other systems. Thus, the two most important concepts of IoT include data integration and data analytics.

These days, anyone who builds IoT systems needs to understand a few new requirements for IoT data integration technology:

First, the volume of data will increase significantly, and the speed with which the data is transmitted will be near-time or real-time streaming. Message-based data integration approaches may not scale well using older data integration approaches.

Second, at the same time, the data quality must be checked at rest and in flight, and must be placed in a data store where it can be analyzed. Typically, immediately. Bad data ruins the value of IoT. Considering that devices produce all types of data in all types of unstructured states, the ability to place policies to perform data quality checks and data governance is an imperative.

Finally, in many instances, data integration approaches and technology will have to combine data on the fly. For instance, the ability to assign rankings for level of irrigation out of an existing database, using data gathered in real time from the drones flying overhead.

IoT meshes nicely with both cloud and big data. Indeed, most IoT applications and data will find that they are more cost effective when hosted in the cloud. Real time data analytics that allow us to gather value from IoT systems come directly from emerging big data technology.

IoT is changing the game as to how we gather and deal with real-time data. It’s changing our lives, in terms of having a better relationship with technology, and finally gives us the data to proactively solve problems.

Key to making IoT work is having a sound data integration strategy and technology implementation. If IoT is in your future, now is the time to figure this out.

Share
Posted in Data Governance | 1 Comment

Healthcare at Informatica World 2015

Healthcare at Informatica World 2015

Informatica World 2015

If you follow me on LinkedIn than you already know that there is no place I would rather be than in front of a client – virtually or in person. There is simply nothing that energizes me more than gathering the insights from client advocates. With this said, it will be no surprise that Informatica World makes me giddy; like a kid in a candy store – over 1500 clients telling their stories and sharing valuable lessons learned.

For healthcare alone, over a dozen payer and provider organizations have volunteered to share their use cases, their stories and their lessons learned. The array of brands represented is second to none; i.e. Kaiser, UPMC, Cleveland Clinic and Humana.

Beyond sessions, clients ask for more opportunities to network with peers and get hands on with the next releases of products and we listen!

  • Healthcare cocktail reception Tuesday evening
  • Healthcare Industry breakfast Thursday morning
  • Hands on Labs with industry specific content
  • Partner technology showcase

A complete list of healthcare sessions + a few you hot topic sessions is below. I look forward to seeing you in Las Vegas next week!

Informatica World 2015 - Healthcare

Informatica World 2015 – Healthcare

 

 

 

 

 

 

 

 

 

 

 

 

 

Informatica World 2015 - Healthcare

Informatica World 2015 – Healthcare

 

Share
Posted in Data Governance, Healthcare, Informatica World 2015 | Tagged , , , , | 1 Comment

Healthcare Data Masking: A Primer

Healthcare Data Masking: A Primer

Healthcare Data Masking: A Primer

When trying to protect your data from the nefarious souls that would like access to it (?), there are several options available that apply to very specific use cases. In order for us to talk about the different solutions – it is important to define all of the terms:

  • PII – Personally Identifiable Information – any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII
  • GSA’s Rules of Behavior for Handling Personally Identifiable Information – This directive provides GSA’s policy on how to properly handle PII and the consequences and corrective actions that will be taken if a breach occurs
  • PHI – Protected Health Information – any information about health status, provision of health care, or payment for health care that can be lined to a specific individual
  • HIPAA Privacy Rule – The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
  • Encryption – a method of protecting data by scrambling it into an unreadable form. It is a systematic encoding process which is only reversible with the right key.
  • Tokenization – a method of replacing sensitive data with non-sensitive placeholder tokens. These tokens are swapped with data stored in relational databases and files.
  • Data masking – a process that scrambles data, either an entire database or a subset. Unlike encryption, masking is not reversible; unlike tokenization, masked data is useful for limited purposes. There are several types of data masking:
    • Static data masking (SDM) masks data in advance of using it. Non production databases masked NOT in real-time.
    • Dynamic data masking (DDM) masks production data in real time
    • Data Redaction – masks unstructured content (PDF, Word, Excel)

Each of the three methods for protecting data (encryption, tokenization and data masking) have different benefits and work to solve different security issues . We’ll address them in a bit. For a visual representation of the three methods – please see the table below:

 

Original Value Encrypted Tokenized Masked
Last Name johnson 8UY%45Sj wjehneo simpson
First Name margaret 3%ERT22##$ owhksoes marge
SSN 585-88-9874 Mh9&o03ms)) 93nmvhf93na 345-79-4444

Encryption

For protecting PHI data – encryption is superior to tokenization. You encrypt different portions of personal healthcare data under different encryption keys. Only those with the requisite keys can see the data. This form of encryption requires advanced application support to manage the different data sets to be viewed or updated by different audiences. The key management service must be very scalable to handle even a modest community of users. Record management is particularly complicated. Encryption works better than tokenization for PHI – but it does not scale well.

Properly deployed, encryption is a perfectly suitable tool for protecting PII. It can be set up to protect archived data or data residing on file systems without modification to business processes.

  • To protect the data, you must install encryption and key management services to protect the data – this only protects the data from access that circumvents applications
  • You can add application layer encryption to protect data in use
    • This requires changing applications and databases to support the additional protection
    • You will pay the cost of modification and the performance of the application will be impacted

Tokenization

For tokenization of PHI – there are many pieces of data which must be bundled up in different ways for many different audiences. Using the tokenized data requires it to be de-tokenized (which usually includes a decryption process). This introduces an overhead to the process. A person’s medical history is a combination of medical attributes, doctor visits, outsourced visits. It is an entangled set of personal, financial, and medical data. Different groups need access to different subsets. Each audience needs a different slice of the data – but must not see the rest of it. You need to issue a different token for each and every audience. You will need a very sophisticated token management and tracking system to divide up the data, issuing and tracking different tokens for each audience.

Data Masking

Masking can scramble individual data columns in different ways so that the masked data looks like the original (retaining its format and data type) but it is no longer sensitive data. Masking is effective for maintaining aggregate values across an entire database, enabling preservation of sum and average values within a data set, while changing all the individual data elements. Masking plus encryption provide a powerful combination for distribution and sharing of medical information

Traditionally, data masking has been viewed as a technique for solving a test data problem. The December 2014 Gartner Magic Quadrant Report on Data Masking Technology extends the scope of data masking to more broadly include data de-identification in production, non-production, and analytic use cases. The challenge is to do this while retaining business value in the information for consumption and use.

Masked data should be realistic and quasi-real. It should satisfy the same business rules as real data. It is very common to use masked data in test and development environments as the data looks like “real” data, but doesn’t contain any sensitive information.

Share
Posted in 5 Sales Plays, Application ILM, Data Governance, Data masking, Data Privacy, Data Security, Governance, Risk and Compliance, Healthcare | Tagged , , , , , , , , | 1 Comment

Addressing the FREAK Vulnerability

After a careful review by Informatica’s product development teams, patches to mitigate the FREAK SSL/TLS vulnerability (CVE-2015-0204) are now available from our support website.

What you need to know

The FREAK vulnerability allows an attacker with a privileged position on a network (e.g. “man-in-the-middle attacker”) to compromise the SSL/TLS handshake between the client and server. The attack forces the server to use a weak, export-grade cipher even if the client specifies a stronger cipher. Weak ciphers are more vulnerable to attack and brute-force decryption.  Due to a bug in affected SSL/TLS libraries, the client accepts the export grade cipher and puts the encrypted transmission at risk of disclosure.

For more information about the FREAK vulnerability, see Matt Green’s post, who coordinated the widespread disclosure: http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

What you need to do

The following Informatica products now have updated SSL/TLS libraries available, to address this vulnerability:

  • Big Data Edition
  • Data Explorer
  • Data Quality
  • Data Replication
  • Data Services
  • Native Adapters
  • PowerCenter
  • PowerCenter Express
  • PowerExchange Mainframe and Changed-Data Capture

Customers should log into their MySupport account and then click this KnowledgeBase article. They should then apply the appropriate patch for their product.

Because SSL/TLS vulnerabilities also affect underlying OSes (including Microsoft Windows and various Linux variants), we also recommend reviewing your OS patch levels and apply fixes as necessary.

If the number of critical vulnerabilities disclosed since late 2014 has reinforced anything it’s that teams need repeatable, efficient processes to evaluate and apply patches and product updates. This was also a point I made in my 2015 RSA Conference presentation, on building effective Information Security programs: being able to track “time to close critical vulnerabilities” is a great metric to help improve your teams’ security efficacy.

Stay Safe!

Bill Burns, VP & Chief Information Security Officer

Share
Posted in Data Governance | Leave a comment

Tweet Away at the Informatica Government Summit for a Chance to Win!

The Informatica Government Summit is tomorrow and we couldn’t be more excited! Our great speaker lineup includes experts from Bloomberg, FCC, USPS, MeriTalk, the Department of Defense and more! We have more than a half dozen breakout sessions with public sector industry experts and Informatica customers and partners. If you’re going to be there, we want you to tell the world all about it! To inspire attendees to share their experience at the conference, we created a Twitter contest!

To participate in the #INFAgov15 Twitter contest – it’s as easy as 1, 2, 3! Just follow these steps below:

INFAgov15 Twitter Contest

INFAgov15 Twitter Contest

  1. Be a registered attendee of the Informatica Government Summit 2015 .
    Informatica employees and event
    sponsors are ineligible
  2. Tweet relevant content about the conference from a personal Twitter account between Thursday, April 23 at 12:00AM (EDT) and Thursday, April 23 at 11:59pm (EDT)
  3. Include the text “INFA contest” and #INFAgov15 hashtag in each participating tweet
    Example Tweet: Really enjoyed the “Citizen-Ready Data: Unlock the Power of Data” breakout session! #INFagov15 INFA contest

The contestant who sends the highest number of relevant, unique tweets from a personal (not corporate) account during this time frame will win one free Informatica University course – up to $3,200 value!

Your choice of class and offering type:

  • Seat in Instructor-led scheduled classroom or Virtual Academy Event
  • OnDemand Plus course subscription (eLearning course + hands-on labs).

The winner will be announced on Thursday, 4/30/2015 from the @Infaps Twitter account. Along the way, you can watch the conversation unfold in real-time here.

See full contest terms and conditions below.

INFAgov15 Contest Terms and Conditions

NO PURCHASE OR PAYMENT OF ANY MONEY IS NECESSARY TO ENTER OR WIN. A PURCHASE DOES NOT INCREASE THE CHANCES OF WINNING. VOID WHERE PROHIBITED.

SPONSOR: The Sponsor of the contest is Informatica Corporation: 2100 Seaport Blvd., California, 94063, United States.

ELIGIBILITY: The INFAgov Contest is open only to anyone who has registered to attend Informatica Government Summit 2015 and who is at least 18 years old at the time of entry. Employees of Sponsor and immediate family members of Sponsor’s employees are not eligible to participate in the contest. The contest is subject to all applicable federal, state and local laws and regulations.

CONTEST PERIOD: The contest begins at 12:00 AM United States Eastern Daylight Time (“EDT”) on April 23, 2015, and ends at 11:59 PM EDT on April 23, 2015 (the “Contest Period”).

HOW TO ENTER: The contest may be entered by a registered attendee of Informatica Government Summit 2015 submitting one or more unique tweets about Informatica Government Summit 2015 during the Contest Period. Each tweet must include “INFA Contest” and “#INFAgov15” to be an eligible entry to the contest.

CONTEST REQUIREMENTS: To be eligible for a potential prize as part of the contest, participant must submit one or more entries that fulfill all contest requirements, which includes these terms and conditions. Entries that are not complete or do not adhere to these terms and conditions or specifications may be disqualified at the sole discretion of Sponsor. You may enter the contest more than one by submitting multiple distinct tweets (retweets will not be counted). If you use fraudulent methods or otherwise attempt to circumvent these terms and conditions, all of your entries may be removed from eligibility at the sole discretion of Sponsor.

SUBMISSION GUIDELINES: Your entry may not contain, as determined by the Sponsor, in its sole discretion, any content that:
• Is sexually explicit or suggestive; violent or derogatory of any ethnic, racial, gender, religious, professional or age group; profane or pornographic; contains nudity or inappropriate dress of any kind, including wearing of swimwear or undergarments.
• Promotes alcohol, illegal drugs, tobacco, firearms/weapons (or the use of any of the foregoing); promotes any activities that may appear unsafe or dangerous.
• Is obscene or offensive; endorses any form of hate or hate group.
• Defames, misrepresents or contains disparaging remarks about the Sponsor, or its products or any other people, products, brands or companies.
• Contains content created by anyone other than you, unless you have valid written permission to use the content in the manner used.
• Advertises or promotes any brand or product of any kind.
• Contains any personal identification, such as street or email addresses, or phone numbers.
• Violates or encourages the violation of any law, rule or regulation.
• Contains materials embodying the names, likenesses or other indicia identifying any person without the person’s valid written permission to use the name, likeness or indicia in the manner used.
• Promotes any particular political party, agenda or message; and/or communicates messages or images inconsistent with the positive image and/or goodwill to with which the Sponsor wishes to associate the contest.

PRIZE: One (1) winner will receive a free training award, which provides the winner with the opportunity to receive one (1) free Informatica University course having a value of up to $3,200. The winner may choose from one of the following class and offering types offered by Sponsor: (a) a seat in an instructor led scheduled classroom or Virtual Academy Event designated by Sponsor or (b) an on Demand Plus course (eLearning course + hands-on labs) designated by Sponsor. All prize values are specified in United States Dollars. You are not guaranteed to win a prize and your chance of winning is dependent on the number of eligible entries received. No prize substitution is permitted except at Sponsor’s sole discretion. Any and all prize related expenses, including without limitation any and all federal, state, and local taxes shall be the sole responsibility of the winner. No substitution of prize or transfer/assignment of prize to others by any winner is permitted. Acceptance of prize constitutes permission for Sponsor to use winner’s name, likeness, and entry for purposes of advertising, social media, publication and trade without further compensation, unless prohibited by law.

ODDS: The odds of winning depend on the number of eligible entries received. The participant who submits the highest number of unique and eligible tweets will win the designated prize.

JUDGING CRITERIA AND NOTIFICATION: The winner will be the participant who submitted the highest number of eligible tweets. In the event of a tie between multiple entries for the highest number of distinct tweet submissions received, the winner will be selected by random drawing. Winner will be announced on April 30, 2015, via Sponsor’s Twitter account @infaps. The winner must contact Sponsor at infacomm@gmail.com with the subject line, “INFAgov Contest Winner,” within 15 days from the time the award notification was published on Twitter. If the winner fails contact Sponsor within the timeframe specified or fails to return a completed and executed declaration and release as required, the prize will be forfeited and an alternate winner selected. The receipt by winner of the prize offered in this contest is conditioned upon compliance with any and all federal and state laws and regulations and these terms and conditions. ANY VIOLATION OF THESE TERMS AND CONDITIONS BY ANY WINNER WILL RESULT IN SUCH WINNER’S DISQUALIFICATION AS WINNER OF THE CONTEST AND ALL PRIVILEGES AS WINNER WILL BE IMMEDIATELY TERMINATED.

RIGHTS GRANTED BY YOU: By submitting an entry to the contest, you agree to abide by these terms and conditions and any decision Sponsor makes regarding the contest (including awarding of any prize), which Sponsor shall make in its sole discretion. Sponsor reserves the right to disqualify and prosecute to the fullest extent permitted by law any participant or winner who, in Sponsor’s reasonable suspicion, tampers the entry or contest process, violates these terms and conditions, or acts in an unsportsmanlike or disruptive manner. By submitting an entry for this promotion, you also agree to receive marketing communications from Sponsor and its affiliates. You also irrevocably grant to Sponsor, its licensees, agents, successors and assigns, to the extent permissible by law, the unconditional and perpetual right and license to post, display, broadcast, publish, use, adapt, edit, translate, dub, and/or modify all or a part of your entry, your name and address (city and state/province/territory), and the names, likenesses, photographs, voices, statements and images of all persons appearing in the entry anywhere in the world, for future advertising, trade, promotion, publicity or any other purpose, in any manner and in any medium now known or hereafter devised, without compensation and without notice to you, and/or review or approval from you, without limitation; you will not now nor in the future be paid or receive any other compensation for your entry or for granting the Sponsor any of the rights and/or licenses set out in these Rules; and any waiver of any obligation hereunder by Sponsor does not constitute a general waiver of any obligation to entrants. Winner may be required to sign an affidavit of eligibility, liability release and a publicity release, and other forms as a condition to receiving the prize.

TERMS: Sponsor reserves the right, in its sole discretion to cancel, terminate, modify or suspend the contest should (in its sole discretion) a virus, bugs, non-authorized human intervention, fraud or other causes beyond its control corrupt or affect the administration, security, fairness or proper conduct of the contest. In such case, Sponsor may select the recipients from all eligible entries received prior to and/or after (if appropriate) the action taken by Sponsor. Sponsor reserves the right at its sole discretion to disqualify any individual who tampers or attempts to tamper with the entry process, the operation of the contest, website or violates these Terms & Conditions. Sponsor reserves the right, in its sole discretion, to maintain the integrity of the contest, to void votes for any reason, including, but not limited to: multiple entries from the same user from different IP addresses, multiple entries from the same computer in excess of that allowed by contest rules, or the use of bots, macros or scripts or other technical means for entering.
Any attempt by an entrant to deliberately damage any web site or undermine the legitimate operation of the contest may be a violation of criminal and civil laws. Should such an attempt be made, Sponsor reserves the right to seek damages from any such person to the fullest extent permitted by law.

LIMITATION OF LIABILITY: SPONSOR AND SPONSOR’S AGENTS AND CONTRACTORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING ANY PRIZE OR YOUR PARTICIPATION IN THE CONTEST. BY PARTICIPATING IN THE SWEEPSTAKES OR RECEIPT OF ANY PRIZE, EACH PARTICIPANT AGREES TO RELEASE AND HOLD HARMLESS SPONSOR AND ITS SUBSIDIARIES, AFFILIATES, SUPPLIERS, DISTRIBUTORS, ADVERTISING/PROMOTION AGENCIES, AND PRIZE SUPPLIERS, AND EACH OF THEIR RESPECTIVE PARENT COMPANIES AND EACH SUCH COMPANY’S OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS (COLLECTIVELY, THE “RELEASED PARTIES”) FROM AND AGAINST ANY CLAIM OR CAUSE OF ACTION, INCLUDING, BUT NOT LIMITED TO, PERSONAL INJURY, DEATH, OR DAMAGE TO OR LOSS OF PROPERTY, ARISING OUT OF PARTICIPATION IN THE CONTEST OR RECEIPT OR USE OR MISUSE OF ANY PRIZE. THE RELEASED PARTIES ARE NOT RESPONSIBLE FOR: (1) ANY INCORRECT OR INACCURATE INFORMATION, WHETHER CAUSED BY PARTICIPANTS, PRINTING ERRORS OR BY ANY OF THE EQUIPMENT OR PROGRAMMING ASSOCIATED WITH OR UTILIZED IN THE CONTEST; (2) TECHNICAL FAILURES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO MALFUNCTIONS, INTERRUPTIONS, OR DISCONNECTIONS IN PHONE LINES OR NETWORK HARDWARE OR SOFTWARE; (3) UNAUTHORIZED HUMAN INTERVENTION IN ANY PART OF THE CONTEST; (4) TECHNICAL OR HUMAN ERROR WHICH MAY OCCUR IN THE ADMINISTRATION OF THE CONTEST; OR (5) ANY INJURY OR DAMAGE TO PERSONS OR PROPERTY WHICH MAY BE CAUSED, DIRECTLY OR INDIRECTLY, IN WHOLE OR IN PART, FROM PARTICIPANT’S PARTICIPATION IN THE CONTEST OR RECEIPT OR USE OR MISUSE OF ANY PRIZE. If for any reason a participant’s entry is confirmed to have been erroneously deleted, lost, or otherwise destroyed or corrupted, participant’s sole remedy is to re-submit or submit another entry in the contest, provided that if it is not possible to award another entry due to discontinuance of the contest, or any part of it, for any reason, Sponsor, at its discretion, may elect to hold a random drawing from among all participants up to the date of discontinuance for any or all of the prizes offered herein. No more than the stated number of prizes will be awarded. Sponsor reserves the right to cancel, amend or suspend the contest at any time, with or without prior notice, including if the contest encounters any unexpected problems.

GOVERNING LAW AND DISPUTES: THESE OFFICIAL RULES AND THE PROMOTION ARE GOVERNED BY, AND WILL BE CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF CALIFORNIA AND THE UNITED STATES AND THE FORUM AND VENUE FOR ANY DISPUTE ARISING OUT OF OR RELATING TO THESE OFFICIAL RULES SHALL BE IN THE COUNTY OF SAN MATEO COUNTY, CALIFORNIA. IF THE CONTROVERSY OR CLAIM IS NOT OTHERWISE RESOLVED THROUGH DIRECT DISCUSSIONS OR MEDIATION, IT SHALL THEN BE RESOLVED BY FINAL AND BINDING ARBITRATION ADMINISTERED BY JUDICIAL ARBITRATION AND MEDIATION SERVICES, INC., IN ACCORDANCE WITH ITS STREAMLINED ARBITRATION RULES AND PROCEDURES OR SUBSEQUENT VERSIONS THEREOF (“JAMS RULES”). THE JAMS RULES FOR SELECTION OF AN ARBITRATOR SHALL BE FOLLOWED, EXCEPT THAT THE ARBITRATOR SHALL BE EXPERIENCED AND LICENSED TO PRACTICE LAW IN CALIFORNIA. ANY SUCH CONTROVERSY OR CLAIM WILL BE ARBITRATED ON AN INDIVIDUAL BASIS, AND WILL NOT BE CONSOLIDATED IN ANY ARBITRATION WITH ANY CLAIM OR CONTROVERSY OF ANY OTHER PARTY. ALL PROCEEDINGS BROUGHT PURSUANT TO THIS PARAGRAPH WILL BE CONDUCTED IN THE COUNTY OF SAN MATEO, CALIFORNIA, UNITED STATES. THE REMEDY FOR ANY CLAIM SHALL BE LIMITED TO ACTUAL DAMAGES, AND IN NO EVENT SHALL ANY PARTY BE ENTITLED TO RECOVER PUNITIVE, EXEMPLARY, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING ATTORNEY’S FEES OR OTHER SUCH RELATED COSTS OF BRINGING A CLAIM, OR TO RESCIND THIS AGREEMENT OR SEEK INJUNCTIVE OR ANY OTHER EQUITABLE RELIEF.

PRIVACY POLICY: Sponsor collects personal information from you when you enter this promotion. Sponsor reserves the right to use any information collected in accordance with its privacy policy, which may be found at http://www.informatica.com/us/privacy-policy/.

DISCLAIMER: This promotion is in no way sponsored, endorsed or administered by, or associated with Facebook, Twitter, Youtube, Pinterest, LinkedIn, Google or Instagram.

Share
Posted in Data Governance, Informatica Events, Public Sector | Tagged , , , | Leave a comment