Hyper competition, globalization, economic uncertainties — all of it converging to drive a C-suite impetus for the business to become more data-driven. Organizations invest in more data science and analytical staff as they demand faster access to more data. At the same time, they’re forced to deal with more regulations and privacy mandates such as GDPR, CCPA, HIPAA, and numerous others. The outcome? The current methods meant to serve them — usually an overburdened IT team — end up failing, resulting in an alarming amount of friction across the entire organization.
Increasing number of analysts and data scientists asking for data.
More regulations and policies required to enforce.
A tectonic shift of data processing storage to the cloud.
Over the last two to three decades, analytics have gone from the domain of IT to business self-service analytics. For the traditional financial and summary type reports, this is easy since data comes from curated and structured data warehouses. The newer self-service demand is for non-curated data for purposes of AI and machine learning.
More regulations result in more policies, but the bigger impact is going from passive enforcement to active enforcement. Passive enforcement relies on training people and hoping they’ll follow proper protocol. Active enforcement establishes a posture where systems proactively stop people from hurting themselves or the company. For example, a zero trust framework would assume you should only have access to the data you need and nothing more.
Moving to the cloud
With the move to the cloud, we don’t just move data outside our traditional perimeter defenses. The platforms separate storage from processing or compute with different styles of compute to serve different analytical use cases. The result is an exploding number of policies applied across dozens of data technologies — each with its own mechanism for securing data.
A use case for balanced data democratization
Privacera worked with a major sports apparel manufacturer and retailer on its data-driven journey to the cloud. The client’s on-prem data warehouse and Hadoop environment turned into a massive set of diverse technologies: S3 for storage and a host of compute and pressing services like EMR, Amazon Web Services (AWS), Starburst, Snowflake, Kafka, and Databricks. GDPR and CCPA emerged as critical mandates that had to be enforced actively. Hundreds of analysts excitedly tried to get access to the new data platform, outnumbering the IT support staff. The result was more than 1 million policies, and they only managed to get around 15 percent of their data into the business’s hands.
The solution:Centralized policy management and enforcement for their entire data estate. Here are the elements of their centralized data security governance:
Real-time sensitive data discovery, classification, and tagging to identify sensitive data in newly onboarded data sets from trading partners.
Build once, enforce everywhere. Policies are built centrally in an easy to use, intuitive manner. Those policies are then synchronized to each underlying data service where the policy is natively enforced.
Built-in advanced attribute, role, resource or tag-based policies, masking and encryption to define fine-grained controls versus the previous coarse-grained model.
Real-time auditing of access events, monitoring, and alerting on suspicious events.
The result: The client reduced the number of policies by 1,000-fold, onboarded new data 95 percent faster, and got 100 percent of the data into the business’ hands.
The new way forward
Gartner’s State of Data and Analytics Governance suggests that by 2025, 80 percent of analytical initiatives will be unsuccessful because they fail to modernize their data governance processes. The challenge for CIOs and data and privacy leaders is these mandates are often not owned by a single person. CISOs often feel they own the security posture but not the enforcement. The data leader focuses on the analytical output and insights. The CIO is often left holding the bag and needs to pull it all together. In its recent Hype Cycle for Data Security 2022, Gartner suggests 70 percent of the investment in the data security category will be toward broad-based data security platforms that can help organizations centralize data access and policy enforcement across their diverse data estate.