Presentation: Panel: Security Against Modern Threats

Supply chain security has stopped being a compliance checkbox for data teams and become a first-order architectural concern. When we build modern data platforms—especially those incorporating third-party ML models, container registries, and package dependencies—we're inheriting risk from dozens of upstream sources. The shift from perimeter security to zero trust directly impacts how we design data pipelines. This means treating internal data consumers with the same verification rigor as external ones, implementing fine-grained access controls in our orchestration layers, and auditing dependency chains in dbt projects and Airflow DAGs as aggressively as we would production databases. The real challenge isn't adopting scanning tools; it's integrating security verification into our deployment workflows without grinding velocity to a halt. I've seen teams implement SBOM generation automatically in their CI/CD pipelines and validate artifact signatures before they reach production warehouses. The teams winning this battle treat security as a platform capability, not a gate.