 Hello and welcome. My name is Shannon Kemp and I'm the Chief Digital Manager of DataVersity. We'd like to thank you for joining this DataVersity webinar beyond metadata and richer metadata management with deep level data discovery sponsored by OneTrust. Just a couple of points to get us started due to the large number of people that attend these sessions, you will be muted. During the webinar, we will be collecting questions via the Q&A in the bottom and corner of your screen. Or if you'd like to tweet, we encourage you to share our questions via Twitter using hashtag DataVersity. And if you'd like to chat with us or with each other, we certainly encourage you to do so. Just click the chat icon in the bottom right-hand corner of your screen for that feature. And as always, we will send a follow-up email within two business days, containing links to the slides, the recording of the session, and additional information requested throughout the webinar. Now, let me introduce to you our speaker for today, Kelsey Naschek. Kelsey serves as the Data Governance and Privacy Engineer for OneTrust. In her role, Kelsey advises companies throughout their data governance implementations to establish processes, to support operations, and align with their enterprise objectives, including gaining better knowledge and insight of their data landscape, ensuring data meets compliance and policy requirements, and enabling greater use of the data. And with that, I will give the floor to Kelsey to get today's webinar started. Hello and welcome. Awesome. Thanks so much, Shannon. And first off, thank you both to you, Shannon, and to DataVersity for having me today. Excited to talk with everyone a little bit about, you know, taking the metadata management another step further with what we call deeper level discovery. But I'll walk you through kind of what that means. There we go. So here I am, Kelsey Naschek. I, as Shannon mentioned, I had up one of our Solutions Engineering teams for OneTrust. So what that means is I really focus my work primarily with our products and R&D teams, as well as alongside our customers and our prospective customers and while they're evaluating the platform for their specific use cases and as they roll it out. So excited to walk you guys through a little bit of content today. First, starting with, you know, just what are some of the challenges with enterprise data and what we refer to as the modern day data problem? What are some of the challenges that we're seeing organizations face in today's data landscape? And really why that drives the need for good data governance and what is good data governance mean? Typically where we see this combination of compliance and business innovation in practice and with that, you know, is doing discovery of just your metadata enough? What are some of the challenges that we see with that metadata layer and only looking at that and a little bit at the end just about how OneTrust helps are really kind of what our approach to the problem is for those that aren't familiar with OneTrust, just a tiny bit of background information to set the stage. So we are a privacy security and data governance software organization. We've got 7,500 customers across various sizes and scales throughout over 100 countries in six different continents. So we are a global organization with about 1500 employees, but majority in R&D really focused on providing software solutions for our customers across the entire world as you see there. And we'll go through this really one of them was more so focused on the content today. So what are some of the challenges when it comes to big data and this modern day data problem with today's complex data ecosystems? We're seeing organizations, you know, have combinations in practice of SaaS systems, maybe organizations that are in the process of going from on premise, traditionally on premises and moving more so into the cloud. They might have a cloud migration in process, might have data lakes or data warehouses. There might be other systems that potentially process information while it's between a source and a destination. And then you've also got this additional wrinkle of third party data where you might be acquiring data from a third party. You might be sharing information with a third party. They might be processing information on your behalf. And you need to also make sure that, you know, the programs that they have in place that they are treating the information that you share with them, just as if you would treat your own information. So kind of all of these different areas where data is being stored and processed and moved, it really creates a variety of different challenges. The volume of data that organizations have continues to just grow and grow and grow at this seemingly exponential rate, especially because, you know, the cost of storing data continues to shrink and shrink and shrink. So organizations aren't necessarily getting rid of the information that they have. There's hidden data, so data that they might not even know about might not necessarily being adequately managed or protected. You might have information that when combined together is potentially what we call toxic combination. So could potentially re-identify an individual if you combined it or maybe when can, you know, multiple different attributes when combined together could potentially cause harm to an individual or inferring information. So data that's being generated from data. So as a result of some artificial intelligence or machine learning, potentially additional created or inferred data as a result of some of those algorithms. And all of these different challenges also can potentially pose different threats to your business. So an increasingly, increasing volume of data breaches, but not just an increasing volume of data breaches, data breaches have become more public than ever before. You know, how many different breaches have you seen occur in the news? And what have you seen, you know, how that's impacted, whether it's their stock price or the public perception. And it doesn't take, you know, a systematic issue for that to happen. It's just one just in time issue, one bad actor that could potentially lead lead to something detrimental for your business. You've also got compliance risks. So what's the potential impact of not keeping your programs in line with GDPR or CCPA, for example? What if you have potential policy violations? You know, do you have adequately documented data policies or even security or privacy policies? And not just are they documented, but are they actually enforced across the organization? You know, how do we, how do we monitor? How do we notify in the event of some kind of violation? And how do we actually treat that over time? And then also things like breaches of contracts. So in the event, we talked a little bit about third party data. What if, you know, what, what to happen if your third party vendors don't adequately, you know, treat the data as they have a grade two within their contract. So it really kind of creates these different unique challenges for different stakeholders across the business. And we're really seeing, you know, a shift towards where the complexity of the data landscape isn't changing. We don't want it to change. That's what really drives continued innovation. We just have to make sure that it is properly documented, that it's properly organized and it's properly governed. That's really what's going to balance how, you know, this continuously growing data economy and continuous innovation balances with the compliance requirements that you have as an organization. And so we see that, you know, good data governance really takes this problem and in turn turns it into critical solutions for the business. You know, it's always a balance of both respecting the information and protecting it for compliance obligations. But also, how do you take that same data and really drive business value and innovation? It's, you know, customers want to give you their data. They want to allow you to leverage their data to continue to drive innovation. They almost expect you to continue to get better, to provide a more tailored service, to provide a more tailored service than maybe your competitor. How, you know, personally, I love that Spotify recommends, you know, potential music that I might want to listen to based off of what I've previously listened to. And now I've begun to expect that on any sort of music streaming or really any streaming platform. But I, of course, want to make sure that there that I can trust the information that I provide to them, that they're going to treat it with respect and manage it appropriately. So that's why we almost see kind of trust being at the center of this, this seesaw or this balance between compliance and innovation. Now, a lot of this is really what drives the need for these good data governance programs with organizations and the customers that we work with. And just to kind of set the stage, you know, a lot of my customers come to me and they're saying, you know, where do we begin? We know we need this in practice. Kind of, where do we start? We kind of see this evolving over the course of, you know, five key steps. So first, answering the question of finding data, you know, what data do I have? Where is that data located? Should this data even be housed here? Am I finding any information that I wouldn't expect to have? And then also taking that information and being able to understand the data that's been detected, you know, what is this data actually mean? What does it mean from a technical perspective? What does it mean to the business? How would we classify this information? How would we categorize it? Maybe how do we classify it in regards to different compliance obligations? Also, how do we then make sure that we're, we're adequately governing the information? So with regards to the data, what are the different policies that we have in place? What are the different rules? What are the regulations associated with that particular data? You know, how should we actually be treating this information? How should we be protecting this data? Who should ultimately have access to the data? And what's the purpose that they have access to it? When it comes to trusting the data, you know, is the data accurate? Where does the data or where did the data come from? Maybe where is the source of the information? Where does it actually have? Does it get transformed along the way? A lot of the trust is around the data quality and typically around data lineage as well. So looking at the flow of the information, looking at if there is any sort of potential impact in the event that maybe a change is made along that particular flow of the information. Sometimes also looking at, you know, if I'm looking at a particular report, what are the actual sources of information that this report is pulling from so that I can actually trust and certify that this is the appropriate report or those are the appropriate sources based on what this report is supposed to tell me. And then the last piece and kind of the level of maturity that organizations are really ideally trying to look to is how do I best get business value out of this data? How do I make the most out of my organization's most valuable assets? How do I ensure that individuals are getting access to the data sets that they need? Or in this case, how do I get the quickest access to the data that I need for my reporting, for my data scientists, for my business analytics? And how do I make sure that I maintain a compliance while I'm doing so? So again, this kind of balance of driving business value and innovation while still maintaining compliance and not having that be something that we think of as an afterthought or need to do retroactively and if having this combination or this balance of both all along the way. So when it comes to all of these steps and the role discovery plays, and I would say that it really kind of plays a role in each of these steps all the way from finding the data understanding and getting that contextual information in the discovery, maybe uncovering, you know, if policies are being enforced, discovering some of the pieces around quality, you know, maybe even accelerating the time for individuals to access information, you know, is metadata discovery enough when it comes to this type of work? And what we've seen in practice is that, you know, metadata is a good first step, but it only scratches the surface. So a lot of the times when we are, you know, looking at some of the actual source data compared to the metadata, it might lead to, you know, human and machine errors. So whether it's, you know, mismatched column information to things that were just entered in incorrectly, you might have things that were fat-fingered. I've seen, you know, SSM instead of FSN for a Social Security number, just a small minor typo, but sometimes tools won't pick that up. I also see, you know, things where you might have a descriptions field or a notes field. I was working with a customer the other day where they were looking at their instance of Salesforce, and they knew they had issues in Salesforce, but they weren't quite sure kind of what to expect. When we did deep discovery on it, we uncovered that, you know, sales reps were taking really good notes to do their job, but in return, they found that there was a PHI that they would have never expected to be in their CRM. They had a sales rep that had entered in, you know, their client's birthday, his children's birthdays, that he was an Alcoholics Anonymous volunteer, that he, you know, it was a wealth management organization. So one of the reminders was to send them, you know, that he needed to plan for a tax donation to the Democratic Party at the end of the year, and to send them a Hanukkah card instead of a Christmas card. So all of this information that you would have never expected or classified on notes alone, on the metadata of the term notes. But once we actually looked at the data, you know, quite complex and fairly sensitive information was discovered instead. So something to keep in mind there. And it's pretty common when you have, you know, individuals entering things into free tax fields across CRMs, across support applications. So something to really keep in mind there. We also see things like data drift and mutation. So data drift, sometimes where there's maybe cloud migrations happening, you might be taking copies of production and saving things down to development environment so that the R&D teams can test out a change prior to pushing it to production. I've seen where that's happened, but then those copies that were maybe made for a short period of time and for a specific limited purpose, never actually getting removed. So finding things like social security numbers and copies that were made and dumped into S3 buckets and completely uncovered by doing this deeper discovery. And one thing I like to think of with an S3 bucket, they tend to be the kitchen junk drawer of an organization because people will just throw anything into them. So always kind of fun to see what you uncover when you actually pull everything out of your junk drawer, right? Now, the last piece is sometimes we see metadata corruption. So just as a result of system outages or system failure, sometimes things will be wiped. Some of the metadata potentially removed, the details removed or copies made. So just something to kind of think about and when you're thinking through, you know, am I only doing metadata discovery for, you know, populating some of my governance initiatives. The metadata alone also isn't always meaningful. So you don't get the business contacts. You don't necessarily get descriptions for, you know, what the database is designed to do. What are these tables actually being used for aren't necessarily defined relationships. You can always pull things like a foreign key relationship and maybe build out an ER diagram with a particular data source itself, but you might not necessarily understand the flow of information between various systems. And you've also got things like, you know, you've got a lot of tables and attributes and sometimes the purpose that, you know, the business uses for each of them changes over time. I'm thinking about, you know, for my own team with Salesforce. Sometimes it takes us a while to get a Salesforce administrator to make an update. So we will just as a team and tribal knowledge, you know, know that we're using one particular field to document a certain type of note, but the actual name of that field doesn't reflect what we're using it for. So things like that won't get picked up when we're looking at just metadata. So that's why we started to see that really, you know, accurate classification relies on this scanning of actual data, this deeper level discovery. And, you know, I know that we're speaking generically today, so I'll try to, you know, refer to there's a number of different tools out in the market that do this type of work. From my experience, you know, looking at being able to look at both structured and unstructured, as well as semi-structured information is important. And each kind, a lot of organizations that I work with, you know, they'll say, you know, unstructured is my most, my highest priority. We're fine with the structured, but it's really not until you actually dig in under the hood that you begin to uncover these problems that you didn't quite know you had in the first place with that unexpected information or with potential copy information of production down to development environments and things like that. So it's important to have robust tools in place that can kind of look at all three, do that deeper discovery across the structured semi-structured and unstructured information and not just being able to do that deeper discovery to classify the information, but also being able to look at the actual files themselves when it comes to unstructured data sources. So leveraging modern technologies like OCR and being able to identify kind of what an image is an image of or are there potentially faces within this image? What are the strings of text that are on this document and potentially classifying information that is contained within this PDF? And because of that really seeing organizations begin to uncover where they have restricted data, very sensitive or at-risk data, potential additional cases of personal information. We're seeing organizations leverage this as an initiative to not only get a grip on kind of what all information they have across the organization, but also leverage it as a way to reduce their personal information footprint when they uncover it in sources that they didn't expect it to have. So it's an alternate to maybe going and increasing the protection for a data source just going and cleaning up the information that actually shouldn't be there in the first place or beginning to enforce retention periods that were designed to limit some of this scope in the footprint of sensitive information. A lot of times we see some of this work really bubble up and surface through something like a data catalog. So having this full systematic record of information across the technical metadata, but in combination with the business context, so how am I using this information? Who is using this information? Who owns this particular system from a technical perspective? Who do we need to go to in case somebody additional needs access to it or from a data steward perspective? Who's ultimately responsible for certifying and trusting this information? So having this kind of single pane of glass and single source of truth is really kind of the output of what we're seeing some of the deeper discoveries. In practice, seeing a lot of benefits also by leveraging artificial intelligence and machine learning techniques to really augment the work. Historically, this is something that has been done to an extent a little bit manually, but being able to leverage modern technologies to learn over time based on the actions that users are taking within the system. And also being able to help to classify the information, maybe leveraging things like natural language processing. So you're not just necessarily looking for a specific term or specific pattern of characters, but you're also looking for the business context around the patterns that you're looking for. And in addition to it being, you know, something nearly impossible to populate manually, I would say that it's nearly impossible to maintain even more so populating it is one thing, but as soon as you populate it, if you don't have processes and methods in place to maintain it over time, it's going to be still that day. You know, your next phase in the project begins immediately once the day that you finish populating it. Leveraging technology to also really be able to kind of ensure some of that business context that we talked a little bit about how AI and ML can help that, but also, of course, being able to have the business be able to directly collaborate to interface with each other to be able to rate data sets and comment on data sets and say, you know, if things were good or bad and the data stewards being able to be proactively notified of any of that feedback and then also being able to tag and classify potential, you know, things for regulatory compliance. So being able to say what information is in scope for GVPR because maybe I need to make sure that it's in my records of processing or be able to look at what personal information is in scope for CCPA so that I know I'm going to surface that up in the event I get a, you know, request coming in for deletion from a California consumer. Now, I'll talk a little bit about just how OneTrust helps in a little bit about how we break it down into vision, but then I will go ahead and transition over to question. So from a OneTrust perspective, the way that we structure everything is kind of at a whole. Our core product from a data governance perspective is the data catalog and included within that is the components of metadata discovery and metadata management as well as data lineage and policy management. So the being able to actually document what your policies are and enforce that. Now, in conjunction with the data catalog, that's typically where we'll see organizations also want to leverage this enhanced data discovery. So being able to go beyond the metadata to do the deeper discovery and classification. We also have solutions in place from a governance perspective around being able to document your retention policies and be able to actually enforce and surface up where you have data that has passed the retention period. Being able to allow individuals to request access to different data sets and provision that access from the data catalog. So sometimes you hear the term democratizing the data and industry. So providing a method for the business to almost search the catalog and request access to the information that they're looking for. And then the last piece around data quality. So ensuring that the quality of the information is thorough, that it's completely being able to surface up things like what's the distribution of the information, you know, the amount of nulls and seeing if data is getting transformed along the way during the flow of information. So other kind of areas of focus for us. When it comes to discovery, though, kind of how at least are how we approach it is we typically will see organizations connect to both the structured and unstructured data sources typically starting kind of with their primary data sources areas that they know are potential, you know, pockets of doom. That's not put it lightly, but, you know, areas that they know are potential problem areas. You always want to start with kind of what you know to be potentially problematic or to potentially be your highest risk and start as a phase one with that. So hit your highest priority, your potential problem areas first. Do not try to boil the ocean. That's probably my number one tip is don't try to connect to everything at once. Start with your potential problem areas because you're going to uncover things that you need to also treat and mitigate and reduce the risk. You might need to clean up some of the information that you uncover. You might need to put additional protections in place based on the information that you uncover. You might find that policies are not being enforced that they're not being monitored. And so you want to be able to focus on those priority systems first. Connecting is only one part of the problem. Once you connect, it's typically what you uncover that's what you want to prioritize and deal with first. And then once you're done with that, you're on to phase two and you keep kind of iterating. Now the results of all of the different stands typically go into a central inventory. And depending on customer's use cases, it can funnel into any of these kind of three items from our perspective and whether it's one trust tools or other tools doesn't necessarily matter to us. So typically it'll go simultaneously into the data mapping functions for your privacy team so that they can generate their article 30 reports from it. But it can also simultaneously funnel into your IT risk management teams use cases so that they can ensure that appropriate controls, security controls, are in place based off of the information that's detected within each of those systems. But then also simultaneously populate the data catalog so that governance teams can ensure that it's being properly managed, that policies, data policies are being enforced and also surfacing this up for the business to make sure that they are getting the most value out of the data. So again, simultaneously being able to populate kind of all three use cases. And from a data catalog perspective since we're talking governance today, you know, typically it's something like the catalog that allows organizations to be able to document the flow of the information and the lineage of the information, but also potentially exposing that catalog to the business to be able to request access or potentially enforce any sort of data retention policies there. One last comment and typically kind of something to look for, especially if you're trying to do this deeper level discovery and kind of going beyond the metadata, some kind of common technologies that are important in the spaces to be able to leverage AI and machine learning that these are really kind of the modern technologies that help to automate and to classify the information. This is what's doing kind of the reading of the information, building the context, taking maybe patterns that it's looking for, but also looking at the information around it, and also based on as it surfaces things up for you to review it, approve being able to learn over time that if you are, you know, rejecting certain results over and over, if you're approving results over and over, that should continue to feed back into the system to continue to get better and get smarter. Really looking at how technology can be leveraged to augment your teams so that your teams are focusing on the things that the system can't do themselves. Leveraging technology is like a graph database and really helping things like the visualization. So it's important, it's an important technology at least from our perspective because it's what powers really robust search capabilities that are necessary in this type of work, you know, surface up to me everywhere where I have a social security number that's in scope for these regulations and is not encrypted and is being used by the marketing team or the HR team is a better example for SSN. Important to have a super flexible data model to be able to ask those kinds of questions systematically. And that's kind of where the cognitive search and collaboration also comes into play, you know, being able to search this almost like a real time tool and continuously being able to improve based off of crowdsourced information and feedback. The last piece is really kind of the key use cases that we see this deep level discovery ultimately kind of helping and playing a role into. So of course kind of feeding into the data dictionary itself in the metadata management, you know, as you're classifying information that's contained within each system, going beyond the metadata to uncover the target source information, being able to automatically tie that back based off of your business glossary. So being able to leverage kind of your terms and your meaning against your data to surface that backup into the catalog as well. And also being able to leverage kind of this deep discovery to see if your policies, your data policies are being actually enforced that they've been followed and being able to monitor and serve up any sort of potential violation. Excuse me, take a quick sip of water there. And then the last day, you know, being able to leverage the deep discovery is what helped to uncover the flow of information and potential, you know, relationships between data that the metadata alone is not going to be able to tell you. So seeing as you see the same kind of data element move from system to system, being able to visually represent that. And then the last piece, you know, being able to look at who potentially has access to these data sets and evaluate, you know, should they be somebody that should have access and potentially through integrations be able to whether it's log tickets to the system administrator because you have that information documented or even because so far as, you know, integrating with the IDM to actually be what provisions the access to that particular system and really kind of reducing the time between somebody requesting that access to letting them have that access. So a wide variety of different use cases that are supported with that, I think that's the end of my content. I will go ahead and pause and I see that there are some questions coming in from the chat as well. Hi Kelsey, thank you so much for this presentation and there are indeed questions coming in. Just a reminder and to answer the most commonly asked questions, just to know I will be sending a follow up email to all registrants with links to the slides and the recordings by in a day Thursday. So diving in here, does the tool have data governance team management to associate the catalog artifacts with stewards? Yes, absolutely. So a key component is to be able to assign that ownership and to be able to put your process, your steward's processes in place. So being able to assign both the stewards to the different assets but also what's their process to review the information? Do they need to certify it on an annual basis and doing things like surfacing up if it's been 11 months and next month they're due for that recertification. So being able to set up those kinds of workflows directly within the tool itself and also not just being able to assign kind of steward ownership but also, you know, technical ownership or business ownership if those might be different. So who would ultimately be responsible if there needs to be some sort of technical change made to the system but also maybe who do we need to go to if we have questions around the business context and who in the business is ultimately responsible for that particular data asset. And I'm going to try and find all the questions in the chat here but if you have questions feel free to put them in the Q&A section in the bottom right hand corner of the screen there. So in theory you have to look at real data to classify it. However, it's challenging to get authorization from IT and the nebulous data owner to have access to scan large sets of data. How do you get buy-ins in the organization to establish your metadata program? Yeah, really good question. I think that's honestly one of the number one challenges that we see in practice is getting that buy-in and especially getting that buy-in from the security teams to connect to their systems and potentially do this type of discovery work. From a one trust perspective the way that we've architected the discovery platform and the security kind of measures that we have in place, the discovery and classification actually happens 100% within your network. So we have a component that we call our worker node and that's what gets deployed within your organization's infrastructure. It's what eases the burden from security teams because all of that processing happens within your network. But then what we do is we take any of the results of the discovery and classification and that metadata is what's sent to the one trust cloud for you to kind of view within the catalog and administer and manage. So that's really kind of how we've gotten buy-in from those teams. And you also want to talk about the benefit to them. It benefits them because not only will we help uncover if there's anything that needs to be ultimately cleaned up maybe because data has gone beyond retention periods. So it would reduce costs for them if they no longer have to store any of that information. We can also you know confirm that this is the information within their system is within realm of data policies that are in place. So confirm that they're adequately protecting it or begin to uncover if there's anything that is out of place and they don't necessarily have the appropriate controls in place. So a lot of times that's kind of why we're seeing organizations also want to move to one trust because it can be that single platform and single source of truth across the privacy, the security and the data governance team. But I would say when it comes to getting buy-in to do the discovery at least from a one trust perspective it's the way that we've architected it to reduce any sort of heartburn on the security teams and it's always only read only access. That's all that's required. So no any sort of update or deleting. Where does this platform run? Is it Windows, Nix, if 400? Yeah, so the main administrative side of it is our SaaS platform. Either we can host it or it can be 100% on premises. And that's kind of the admin side of the data catalog and the metadata management and all of that. The deep discovery engine, what we do is we deploy what we call that worker node and it's just a small kind of subset of the actual code. It does the discovery in the classification. We do it typically in some kind of containerized or containerized something like a Docker container or Kubernetes cluster. Try not to get too technical but within your infrastructure and that's completely agnostic as to whether it's AWS, Microsoft Azure, Google Cloud, really whatever kind of your infrastructure looks like whether it's your cloud as well as on-premises. So we're pretty agnostic in terms of the hosting of the worker node and all that does is it sits within your environment to do the deep discovery and classification and then sends the results into the typically organizations leverage the one trust cloud. And then how do you handle the data discovery for software as a service? Yeah, so again it's still I guess make sure I explain it right. It's all SaaS. So we're always kind of at least from a one trust perspective we're a SaaS model but then the actual worker node itself is just something that gets configured within the admin console. You can download and then it's deployed within your environment. It only ever talks to the one trust cloud. So it's a one way kind of stream of information. And without the one trust cloud it's not going to necessarily do much for you. So that's why it's just kind of all a SaaS based model for us. I like it. So where is the policy enforcement done? Is it digital or manual? Yeah, so the policy enforcement is actually done within the admin console. So being able to define what those policies are. Now it takes the results of the metadata from the the scans as a way to be able to kind of check and ensure that and surface up if there's any violations. So maybe I have a policy in place around encrypting specific data. Maybe it's all sensitive data but I'll use social security number earlier. So I'll do that now. So every time I find social security numbers, I've got a policy in place that that has to be encrypted. And in the event that when my scans are running, I surface up any social security numbers that are not encrypted. So being able to send that back to the admin console. And that's typically what kicks off a what we refer to as a policy violation. And then having a workflow, a configurable workflow around you know what happens next. So that's going to be different for every organization whether it's I notify a system administrator. Maybe it's I notify a team of individuals that are all responsible for potential policy violations. Kind of you name it, whether it's maybe I need to you know, I don't know do X, Y, Z essentially the workflows are to align with what your business process is. And we can kind of surface that up in the event of violations been detected. And does one test support service ingestion cataloging that allows various business functions to populate the catalog by themselves? Yeah, so you know, of course, all of the discovery work we want to automate as much as possible. But at the end of the day, sometimes their systems that are just a little bit easier or they're they're quite so legacy that we just want to have individuals get in the tool and start from there. And that's completely fine. So all of the work that, you know, we strive to do automatically with some of these connectors and the discovery engines can also be supplemented by administrators coming in and adding and editing and updating and deleting information as well. What kind of graph database is one test based on? Is RDS based or property based graph database? Yeah, so I'm not familiar with RFD, but we do use it's Cosmos graph database through it's a Microsoft product. Perfect. And along the lines another question along the graph as well, you know, is it based on open standards and vocabulary, taxonomies and ontology schema as an enterprise knowledge graph? Yeah, so in terms of we do have some out of the box ontology that we leverage and we're looking to expand that to make them industry specific over time. So in as well as jurisdictional specifics, so you could come in pick what industry you're in pick kind of where you operate geographically enough to be able to kind of generate a specific ontology for you. We've done that in other areas of the platform. So something that we're looking to expand within the governance side of the house. Right now we just kind of have an out of the box based off of some best practices and some feedback from kind of our our core kind of customer advisory board. But it's something that's completely configurable. So organizations can come in add additional terms, change anything that we've included, remove anything that we've included that isn't relevant. But we do give you a base to kind of work off of. And then of course if you've already got one because you've done this work either manually or in another tool previously, we can also bulk import that in as well. And just to go back a little bit on the data discovery question, you know, on software as a surface, you know, how does one trust discover that data that is spread across other software as a service providers? You know, with the growth of with the growth of growth of software as a service, you know, we're seeing a lot more siloed data. Yeah, no, really great question. So specifically when we connect to staff platforms, it's a lot of times we lately we've been actually partnering directly with them. And so we're looking to work with them to make sure that the API that they're exposing kind of give us that full breadth of picture of what's potentially in place with an organization. But a lot of times it's via an API integration for the majority of the different staff platforms that we're connecting with or we're partnering with them directly. And that's something that our approaches will build the connectors once we develop them. And then we try to just, you know, make them available for all of the customers versus something that we have to build on a case by case basis. Try to make them a bit more, you know, generic and then tweak from there if we need to. But for the majority of the time, especially with the staff platforms, they tend to be thankfully a little bit more plug and play, which is really good for our customers. And as much as looking at the data, or does it also look at the systems that make the data as well? It both. So looking at the data, looking at the target systems, it's typically a combination of the two. Just making sure I didn't miss any questions in the chat here. I think I lost them all. Give everyone a quick moment. Anything else you want to, I tell you, is I give everyone a quick moment. Do they have any additional questions they want to add there? No, this was wonderful. I really appreciate all the questions and the feedback. So really appreciate the time and for everyone's participation today. All right, well, we'll give everyone a few minutes back in their day. And I thank you, everyone, for being engaged and thanks for attending today's webinar. Again, just a reminder, I will send a follow-up email with links to the slides and recording by end of day Thursday for this webinar. Oh, we did get one more. Do you have federal customers, U.S. federal government customers? I'm not sure if I can comment on that just because I know this is being recorded. Instead, I'll just ask that you reach out to me directly. I will make sure and get that to you. I'll give you information in the follow-up as well. So you guys can have all of that. So thank you again. And I hope everyone has a great day. And stay safe out there. Kelsey, and thank you so much and thanks to OneTrust for sponsoring today's webinar. Thanks so much, Anne. I appreciate it. Have a good day, everyone.