In the constantly changing corporate and digital landscape of data security and privacy management, the ability to navigate complex datasets and understand the intricacies of securing the data is of utmost importance to modern organizations. Data visualization serves as a powerful tool in unraveling the complexities of data security, enabling organizations to make informed decisions and mitigate risks effectively. In this exclusive interview, we delve into the expertise of Marcus Volz, a skilled visualization engineer here at Symmetry Systems.
Marcus shares his journey into data visualization engineering, driven by a passion for creative endeavors and the desire to bridge the gap between art and engineering.
How do you describe your role at Symmetry?
Marcus: I design and develop data visualization tools and creative material to help customers visualize and explore their cloud and on-premise data. This includes building interactive tools, static plots, visual reports, posters, animations, 3D renders and more. A main focus is on developing the Data Access Graph, an interactive map of all identities, data stores, permissions and operations in a customer’s environment within our flagship Data Security Posture Management (DSPM) platform.
Two examples of data security visualizations based on user, role, and group access to data stores for two different enterprises. The example on the left shows a highly organized set of permissions. The example on the right shows the complexity of excessive user, role, and group permissions having unknown or unnecessary access to data stores.
How did you get into data visualization, and what led you to finally joining Symmetry Systems?
Marcus: Years ago I saw a TED talk by David McCandless called “The Beauty of Data Visualization” and was immediately hooked! Up to that point I had worked exclusively in STEM disciplines, but I was looking for opportunities to pursue creative endeavors, and data visualization seemed like the perfect entry point.
I built up visualization programming and 3D skills and began incorporating them into my work in engineering and mathematics. In 2017, I created an exhibition of mathematical art at The University of Melbourne, where I was working as a research fellow.
In 2020, after having worked for a year as an FX artist for visual effects in film, I started full time as a freelance consultant, aiming to work exclusively on creative projects for clients.
Mohit Tiwari, the CEO and co-founder had serendipitously found my portfolio website, and we connected online. He showed me the beautiful mathematical graphs that Symmetry Systems was working with, and I was excited to be involved.
Do you still see yourself as more an artist or an engineer? Can you describe where the art comes into your day job?
Marcus: I aim to be at the intersection of both disciplines, and I think they are inextricably linked. That said, I gravitate more towards the creative aspects of data visualization, such as ideation, design, and prototyping.
Approaching data visualization from an artistic perspective can produce imagery that is unique, visually striking, and memorable; it grabs the attention of prospective customers and allows them to immediately understand what cloud environments look like. The Symmetry Data Access Graphs often produce beautiful visualizations worthy of being framed.
A framed image of DataGuard visualizations.
Can you explain the importance of data visualization in driving data security outcomes for our customers? How can effective data visualization impact decision making for a security team?
Marcus: The main visualization tool in Symmetry DataGuard is the Data Access Graph, an interactive map of all identities, data stores, permissions, and operations in a customer’s environment. It allows the customer to view their environment in one picture, to build up a mental model of their environment, and see it change over time as their security posture improves. Viewing the graph at a zoomed-out macro level can also reveal potential issues that are immediately actionable.
Interactivity makes it possible for the user to drill down into areas of interest and explore specific questions at a more detailed level. Workflows can be simplified by visualization, particularly those that would otherwise require a series of manual steps.
What are some of the key challenges you face as a data visualization engineer when it comes to presenting complex data in a visually appealing and easily understandable manner? How do you overcome these challenges?
Marcus: There are two main challenges. First, choosing an appropriate algorithm for drawing the graph can be challenging, especially when dealing with large, densely connected graphs. These issues are largely overcome by making the graph interactive, as even complex graphs can be better understood when it is possible to highlight elements of interest.
Second are the engineering challenges that come with visualizing large data sets. Large environments can result in long load times and slower performance when interacting with the graph. We address this challenge by systematically downsampling the nodes and edges in the graph, so that only the most important elements are shown by default.
Could you share some real-world examples of how data visualization has helped our customers gain valuable insights and make informed business decisions that they wouldn’t be able to otherwise?
Marcus: The Data Access Graph is often the first thing a customer dives into when Symmetry DataGuard is installed, and a visual inspection of the graph can highlight potential issues that are immediately actionable. In one case, the graph revealed a single highly privileged identity that had been hardcoded in a variety of tools to provide access to a significant proportion of the data in a customer’s environment. This issue was able to be quickly addressed, even before any deeper analysis was undertaken.
Flow diagram visualizations are used in insights reports to show the multiple paths and complex access routes that may exist between identities and data stores. These diagrams can reveal critical junction points and provide intuition about the ways in which data can flow through the system, which may be difficult to grasp in a non-visual format.
A world map showing the geographic locations of identities and data stores and the operations performed between them can also reveal unexpected data flows between different geographic regions, highlighting potential issues relating to data sovereignty.
How do you stay up to date with the latest trends and technologies in data visualization? Are there any emerging techniques or tools that you find particularly exciting for engaging external customers and prospects?
Marcus: I read current academic papers and books and articles by researchers, practitioners and companies that are active in the field. I also enjoy testing new software tools, particularly those at the cutting edge of graph drawing and visualization.
I have recently been excited about map-like interfaces for non-geospatial data. This involves taking a non-geospatial data set and presenting it as an interactive map, allowing users to explore their data in a similar way to exploring geospatial data in Google Maps.
In addition to graph drawing algorithms for mapping relational data, I am also interested in dimensionality reduction techniques (such as UMAP and t-SNE) for mapping general high-dimensional data in 2D or 3D space.
On the implementation side, I have been exploring the application of map storage and retrieval systems (such as vector map tiles) to non-geospatial data.
How do you approach incorporating interactive features or elements into your data visualizations to engage customers? Can you provide some examples of how interactivity enhances the user experience and understanding of the data? What are the technical challenges with enabling this interactivity that you’ve needed to overcome?
Marcus: An aspirational goal of the Data Access Graph is for it to be like Google Maps for a customer’s cloud and on-prem data. The graph increasingly contains many of the interactive features found in GIS applications, such as zoom, pan, search and filter, along with supporting charts and summary tables.
Autocomplete menus allow the user to search for an individual identity or data store, or to highlight groups of identities and data stores and the access paths between them. For example, the user can verify if there are any contractors in their environment that have read/write access to sensitive production data.
Clicking on an individual identity highlights its blast radius (the set of data stores that the identity can access), and clicking on an individual data store shows the identities that have access to it.
The technical challenges that come with enabling this interactivity are again mostly related to working with very large graphs. Computing a blast radius or attack surface can be computationally demanding when there are tens of thousands of nodes and edges, and we use downsampling techniques to extract and display only the most important parts of the graph.
DataGuard and Data Access Graphs
The Data Access Graphs feature is fully integrated into Symmetry DataGuard to enable businesses to visually explore role and permission access to data stores and dramatically improve their organization’s data security. To see the Data Access Graphs feature in action, click here.