By Ani Chaudhuri, CEO, Dasera
Sales have SalesOps. Marketing has MarketingOps. Engineering and Security have DevOps, DevSecOps, and SecOps.
It’s high time for Data Governance to have DataGovOps.
Revisiting Data Governance
First, let’s make sure everyone’s on the same page with respect to Data Governance. According to Google Cloud, Data Governance is (with added emphasis):
…everything you do to ensure data is secure, private, accurate, available, and usable. It includes the actions people must take, the processes they must follow, and the technology that supports them throughout the data life cycle… Data governance means setting internal standards—data policies—that apply to how data is gathered, stored, processed, and disposed of. It governs who can access what kinds of data and what kinds of data are under governance.
Data Governance: It’s Everywhere but Nowhere
Data Governance is everywhere. At the same time, it’s nowhere. Here’s what we mean.
Every enterprise collects data. As such, every enterprise has a Data Governance function. Whether or not it’s formally called Data Governance or has employees with “Data Governance” in their titles is another question. In most large organizations, the Data Governance function is distributed across multiple teams, including:
- Security
- Compliance
- Privacy
- Data
- And maybe a few others
Even though Data Governance is distributed across all these functions, Data Governance is often a part-time role, rather than a full-time dedicated role or team. For example, there are relatively few professionals dedicated to Data Governance. A few cursory searches on LinkedIn reveal:
- 1,540,000 professionals with “security” in their job title;
- 635,000 professionals with “compliance” in their job title; and
- 16,000 professionals with “data” and “governance” in their job title — a 40X to 100X difference.
So, Data Governance is typically an invisible fabric between existing teams. Or, as we like to say, Data Governance takes a village — it’s a shared responsibility that requires coordination and collaboration across multiple teams.
Data Governance: A Myriad of Manual Tasks
Especially because of its cross-functional nature, Data Governance has traditionally been executed via manual effort. Going back to the definition above, Data Governance consists of:
- The actions people must take,
- The processes people must follow, and
- The internal standards or data policies that apply to data
That implies a whole lot of manual effort. Take some typical, day-to-day data governance processes found in many organizations:
- An employee needs temporary access to a specific data set to do an analysis for a project.
- Employee submits a ticket via Jira or ServiceNow to the Security team to request access to the data. Request includes description of the data set, executive sponsor for the project, time frame for access to the data set, etc.
- Security team receives the request and starts an access control assessment.
- Security team validates the request with the executive sponsor.
- Security team validates the content of the data set with the Data team.
- Security team approves the request and grants access to the data set.
- Later, the Security team revokes the employee’s temporary access to the data set.
- Compliance team asks the Data team to fill out the semi-annual sensitive data audit.
- Compliance team asks the Security team to fill out the quarterly access control audit.
Performing all these manual Data Governance tasks takes a lot of time and energy. In addition — and more importantly — the fact that data is really only being governed on-demand (during an up-front assessment) or periodically (in recurring audits) highlights a massive vulnerability for most organizations: apart from those manual up-front assessments and occasional audits, Data Governance is being left up to chance, good intentions, and best behavior.
Which means data isn’t really being governed at all.
It’s Time for DataGovOps
SalesOps measures and evaluates sales data to determine the effectiveness of a product, sales process, or campaign. Similarly, MarketingOps measures and evaluates marketing data to determine the effectiveness of marketing programs and campaigns.
DevOps is the combination of philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity.
DevSecOps automates the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery.
By analogy, Data Governance Operations — or DataGovOps — is the combination of practices and tools that:
- Automatically make data more secure, private, accurate, available and usable;
- Guide people to take appropriate action and follow established process to better govern data; and
- Continually measure and evaluate how internal data standards – i.e., data policies – are being adhered to.
DataGovOps is the collaborative data management practice focused on improving the communication, integration and automation of context and policy among all Data Governance stakeholders in an organization, including Security, Compliance, Privacy, and Data Owners. DataGovOps automates the integration of security and compliance at every phase of the data lifecycle.
The cloud has transformed both the volume of data kept in organizations and the speed at which that data is growing. Given cloud scale and cloud velocity, Data Governance can no longer be a hodge-podge of manual steps and processes. It’s imperative for enterprises to automate their Data Governance functions and invest in systems that continuously ensure that their data is being appropriately stored, used, and deleted.
It’s time for the DataGovOps revolution.
About the Author
Ani Chaudhuri, CEO, Dasera Ani Chaudhuri is an award-winning executive and entrepreneur with a track record of building successful products, businesses and teams. Ani is driven to bring important solutions to market, and has founded four technology companies to date: eCircle, acquired by Reliance in India; Opelin, acquired by Hewlett-Packard; Whodini, acquired by Declara; and Dasera. Prior to Dasera, Ani worked at McKinsey, HP and Tata Steel. Ani can be reached online at https://www.linkedin.com/in/anionline/ and at our company website http://www.dasera.com/
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.
Source: www.cyberdefensemagazine.com