Author: Kevin

  • Your Data Warehouse Is Secretly Training Bad AI

    by

    in

    Most organizations assume their data warehouse is one of the safest places AI can learn from. After all, that’s where the “good data” lives. At least that’s the assumption. The reality is often much more complicated. Because many data warehouses contain years of accumulated business logic that nobody fully understands anymore. And AI has no…

  • Your Bad Data Isn’t the Problem

    by

    in

    Every organization believes it has a data quality problem of some sort. The list is endless. And while those issues are real, they’re often not the actual problem. They’re symptoms. The visible evidence of deeper issues that exist elsewhere in the organization. Treating bad data without addressing the underlying causes is a lot like treating…

  • AI Runs on Meaning

    by

    in

    In the first article of this series, I argued that most organizations don’t have an AI problem. They have a data problem. But that’s only a small part of the story. Because even organizations with enormous amounts of data often discover that their AI initiatives struggle for a completely different reason: The organization doesn’t understand…

  • Your Company Isn’t Ready for AI (And It Has Nothing to do with AI)

    by

    in

    Every executive meeting seems to have the same question these days: “What is our AI strategy?” It’s a very reasonable question. Artificial Intelligence is advancing rapidly, vendors are embedding AI into nearly every product, and organizations are feeling pressure to demonstrate that they are keeping pace. But after working with data platforms for years, I’ve…

  • When Governance Becomes Continuous

    by

    in

    For years, access governance has operated on a simple assumption: Review access periodically and hope the environment hasn’t changed faster than your governance process. That model made sense when: That world is gone. Modern environments change constantly. New: …appear faster than traditional governance processes can evaluate them. Which means the future of governance probably isn’t…

  • Governance Without Slowing Everyone Down

    by

    in

    At this point in the series, we’ve talked a lot about visibility, exposure, and risk. And that’s necessary. But eventually, every governance conversation runs into the same wall: “This sounds great… but people still need to get their jobs done.” That tension is real. Because the fastest way to make governance unpopular is to make…

  • Using AI to Improve Access Governance Instead of Making It Worse

    by

    in

    So far in this series, AI has mostly been the thing exposing the problem. And fairly so. AI amplifies access models.It traverses systems quickly.It exposes weak governance faster than most organizations are prepared for. But here’s the part that gets overlooked: AI can also become one of the most effective tools for understanding access complexity.…

  • How to Clean Up Access Control Without Breaking Everything

    by

    in

    At some point, every organization reaches the same conclusion: “We need to clean this mess up.” Usually after: That realization matters. But it’s also where many teams make a critical mistake: They treat access cleanup like a technical problem. It isn’t. It’s an operational problem wrapped around a technical system. And if you approach it…

  • Stop Guessing: Build a “Who Has Access to What” Dashboard

    By now, a few things should be clear: Your access model isn’t a hierarchy – it’s a graph.That graph contains hidden exposure paths.And those paths can be measured using real signals. That’s a solid foundation. But there’s still a gap: You can’t manage what you can’t see. SQL queries are great for analysis.They’re terrible for…

  • You Can’t Fix What You Can’t Measure: Introducing the Access Risk Score

    By this point, two things should be very clear: Your access model is not a clean hierarchy.It behaves like a graph of inherited, interconnected permissions. Which leads to a practical problem: If access is a graph… how do you measure risk inside of it? Because listing roles doesn’t work.Auditing permissions doesn’t scale.And “review everything quarterly”…