In general, I have mixed feelings about professional conferences, especially given the current dumping of online presentations, of which there are more every day.

On the one hand, it's good, I don't have to go everywhere, look for a parking space, sit through a day even if the performance is completely uninteresting for me. I'm also pleased that there is plenty of choice.

However so I can focus much less on the speaker, on the topic, and you get distracted as you go along, so the conference becomes just background noise.

But what I miss most, is the opportunity for personal networking, although I have found that introverted IT people are poor at this and tend to chew the same cake as the person they came from the same company as.

As for the content, for me, it is always very refreshing to see presentations that are related to a specific company, a case, a problem, as opposed to a general presentation of technological innovations. Because our work is supposed to be about solving problems.

Fortunately, there were also some presentations at the HOUG conference where practical issues were raised. 

Adam Nagy, heads the Information Security Department at K&H Bank and spoke about the security issues of cloud data warehouses and data warehouses in general in a very human way.

My general experience of the attitude of the IT security departments of multinational companies can be summarised in two words: "No way". 

After all, if we do nothing new, it is not dangerous. Perhaps this is the approach of the worker who wants to spend 40 years in one job. We feel that this seems safe, but because the chances are small, it is not.

The data warehouse which is a sensitive area anyway. A "everyone is given only the minimum rights necessary to do their job" cannot be true, because then how would data mining be possible? I can't think of a better word, but the more and more data that a given Jurassic has access to, the better the different models can succeed.

It is therefore important to the classification of data into different levels, which can be "super super" security level, the "business data" at the level and for all public data.

In other presentations, we heard about cloud-based data warehouses, whose services are expanding at an amazing speed. Building and running such a facility on an on-premise basis is expensive and almost impossible, because everything is evolving so fast.

So the "can't be" information security should move away from the "let's have a look" and then the "let's do it right" because, apart from the fact that the world is passing us by, the main issue is not whether the data is in the cloud or in a room in the basement, but rather the human factor that we should be paying attention to, with training, education, for example.

Because if someone is still writing their password on a post-it note and sticking it on a monitor, then it is no use sticking to the "tried and tested" IT structures.

Link: https://houg.hu/