As we move forward in a digital world, it is difficult to ignore the amount of data, frequently without consideration for the consumer or subsequent deliberation on the part of the consumer, large tech companies are compiling. While we have a tendency to distrust and malign big data and the organizations that harvest data, the obvious answer may be to stop using these services or technologies as a result may have wider ranging implications which make an abrupt halt of these services less apparent. If used ethically, data has an important role to play in society. During the recent Covid pandemic, data and data sharing were critical to diagnosing the virus at a much earlier stage in the pandemic [1]. Conversely, when companies do not adhere to legislation or subsequently employ practices that violate a common code of ethics, whether due to blatant disregard or because the development practices of the organization do not provide adequate observability and control [2], impending action should be required. The question is then how can we as technologists ensure that our systems are adequately and sustainably designed to allow for such control and elevated security, particularly as we embark into ever increasingly complex technological landscape.
Another great perspective. I'm progressively leaning into brokerage. Infra as Code is an approach to a provisioning brokerage service (where I can use ID as the control). An engine that runs networks based on well defined layer 7 intentions (attested with ID) becomes a network broker. Vault, as you discuss here, is an ID broker. In my mind, the closer we get to brokering the delivery of any services (data access included) the tighter we can get on our controls, observability, and all the other zero-trust thoughts.
Another great perspective. I'm progressively leaning into brokerage. Infra as Code is an approach to a provisioning brokerage service (where I can use ID as the control). An engine that runs networks based on well defined layer 7 intentions (attested with ID) becomes a network broker. Vault, as you discuss here, is an ID broker. In my mind, the closer we get to brokering the delivery of any services (data access included) the tighter we can get on our controls, observability, and all the other zero-trust thoughts.