March 26, 2017

The Chief Data Officer (CDO) has leapt into enterprise leadership as a permanent figure, guiding data management to ensure returns on the costs of precious data’s mere existence, including the price of its creation, warehousing, and protection.

Working in tandem with the CISO, the Chief Data Officer (CDO) can cooperate with container security requirements while enabling data scientists with the ease of access necessary to retrieve valuable insights for business innovation.

ContainerJournal examines the well-rooted role of the CDO and her interactions with the CISO in conjunction with container security.

CDOs: Making An Acronym For Themselves

The burgeoning responsibilities and opportunities of the enterprise have led C-level monikers to multiply like rabbits, lately adding the CDO to the family. As early as 2014, Gartner’s Debra Logan, research vice president and Gartner Fellow offered that easily 25 percent of large global organizations will have appointed CDOs as of last year. “From my own customer interactions, this percentage seems conservative,” says Kelly Stirman, VP of Strategy, MongoDB.

In case you’re asking yourself where CDOs are sprouting, organizations such as Capital One, EMC, Citigroup, The Federal Reserve, The National Institutes of Health, certain major cities, and the UK government have all availed themselves of this chief data guru. CDO’s have grown prominent enough to have their Wikipedia page and a national event, designed for those working inside the U.S. government.

The CDO, CISO Container Security ‘Tag Team’

Like CISOs, CDOs must establish and enforce procedures directing data production, manipulation, derivation, and caching, with data administration as a focal point of the CDO’s responsibilities. “With more enterprises moving to container-based application development and deployment, the speed with which we can spin up, scale, and tear down services and related infrastructure makes it very easy for proper governance to lag secure operational processes,” says Stirman. Given the requirements for data validity and reliability, governance must keep in step with security.

At the heart of the CDO’s duties is the responsibility to make data pull its own weight in business value. The CDO must ensure that data scientists mine every drop of significance from all the big data that falls under their purview. To accomplish this, the CDO must maintain expedient data access for those who work to achieve data-based innovations while respecting the CISO’s zero trust / least privilege approach to information security.

“This typically means that organizations will draw data into a central data warehouse, sometimes a single store like MongoDB. This is beneficial to security because the enterprise can more easily secure data by organizing it into a single secure system, rather than a disparate set of systems with variant security configurations,” says Stirman.

When CDOs and CISOs work together to maintain governance and security while producing quality analytics, the systems and the data that provide the computational results remain intact, ensuring solid competitive business plays well into the future. “The key to orchestrating this coordinated system is the establishment of internal access standards & protocols. This is essentially a contract between CDO and CISO that defines permissible access. This understanding helps the CISO define the appropriate system configuration, and makes detection of malefactors easier,” says Stirman.

The tools that ease and yet secure data access include the granular configuration settings present in container configuration files. The CISO and her cohorts can review these files and container deployment processes to ensure security and adherence to policy. So long as these files remain untouched, this satisfies the CISO’s mandates hereto. For data scientists to be pleased, the CDO must ensure that the config files enable all the access that makes data-spawned insights possible.

Container Security Reset

According to Kelly Stirman, VP of Strategy, MongoDB, organizations should apply four common tools of data protection to container security to shield data and enliven fruitful access:

• Access controls and permissions. Use industry standard tools such as PKI, Kerberos, and LDAP to authenticate users.

• Audits. Keep all access and operations logs to maintain the audit trail.

• Encryption. The enterprise must encase data at rest and in motion with appropriate encryption tools and adequate encryption strength, measured in bits, as in 256-bit encryption. The more the bits per encryption key, the greater the key size, and the more compute that an attacker must unleash over time to unlock the encryption.

• Systems management. Automated provisioning ensures that the organization spins up a golden container image to meet security requirements and the CDO’s need for expediency. “By constantly monitoring telemetry we can detect variances from baseline behavior. This can help us to more quickly identify exploits and reduce their affects,” says Stirman.

David Geer

David Geer’s work has appeared in ScientificAmerican, The Economist Technology Quarterly, CSO & CSOonline, FierceMarkets, TechTarget, InformationWeek, Computerworld,,, IEEE Computer Society’s Computer magazine, IEEE Distributed Systems Online, Government Security News, Laptop, Smart Computing, Technical Support, The Hosting Standard (Canada), (UK), SIGnature, Processor, and the Engineering News-Record. David served as a technician at CoreComm in Cleveland, OH prior venturing into writing.