Data governance has become critical for modern businesses due to the increased digitalization of business operations, growing cyber threats, and ever-more stringent data privacy and protection regulations. And as more data moves to cloud databases, organizations must specifically focus on governing the data it maintains in the cloud.
What is data governance?
Data governance is everything an organization must do to ensure data is secure, private, accurate, available, and usable. It encompasses data integrity, data protection, and data quality. And in general, data governance efforts and plans include the processes that must be followed and the technology that supports these processes throughout the data life cycle.
Data governance typically involves setting organizational standards and data policies that define how data is gathered, stored, processed, and retained. It governs who can access data, what data each individual or group can access, and what data is under governance. Data governance practices and objectives are often defined to comply with external standards set by industry associations, government agencies, and other stakeholders.
What makes cloud data governance different?
The primary concern for organizations moving data to cloud data platforms is often how to manage the migration. But governance is as important.
Governance for cloud data is similar to governance when data is on-premises. However, there are several important differences.
When data is on-premises, governance is part of a larger internal data management operation. Those responsible for governance work with a variety of tools that are either part of existing IT management and operations workflows or are standalone solutions that work with existing solutions.
Additionally, when data is on-premises, the organization has a bit more control over every aspect of data governance. For example, it can set user authentication requirements to access systems and data. And it can make use of existing directory services and other services to control who has access to data and who can do things (add to it, change it, share it, etc.) with it. As such, the organization is in control of all aspects of governance and is fully responsible if there are any problems.
In contrast, governance for data residing on cloud services is more of a joint effort. For example, many cloud vendors often offer services that comply with regulations such as GDPR, PCI DSS, HIPAA, and others. Additionally, many cloud service providers offer tools for data assessment, metadata cataloging, access control management, data quality, and information security as core competencies to companies that use their platforms.
However, an essential point to consider is that the cloud is also a significant contributor to dispersing resources across locations which could easily result in ungoverned data use. As such, cloud data governance must address the fact that data could be all over the place. Where this becomes an issue is that different the same data stored in different locations could be subject to separate regulations. For example, some countries have regulations that prohibit data from moving across borders. So, cloud data governance practices and strategies would need to take this into account.
Many cloud providers are offering what is called sovereign clouds to address these issues. Sovereign clouds are designed to deliver security and data access that meets strict requirements of regulated industries and local jurisdiction laws on data privacy, access, and control.
What is cloud data governance used for?
Cloud data governance helps organizations set and enforce controls that enable greater access to data while ensuring security and privacy.
A cloud data governance strategy can encompass:
- Elements of data stewardship, which include the accountability and responsibility for both the data itself and the processes that ensure its proper use.
- Data quality, which is generally defined based on six dimensions: accuracy, completeness, consistency, timeliness, validity, and uniqueness.
- Data transparency, which lets everyone using the data easily find out where their data comes from and know if there are any special considerations.
- Data security and compliance, which is the practice of defining and labeling data sources by their levels of risk and then creating security practices to control and manage access based on the risk.
What are the benefits?
A properly implemented cloud data governance strategy offers many benefits.
Offering easy access to data that users can trust helps organizations make better and more timely decisions. This can be leveraged to help an organization more easily improve customer engagements, design and improve products and services, and seize opportunities for new revenues.
Cloud data governance can help control costs by managing resources more effectively. In particular, it can help eliminate data duplication caused by information silos.
Today’s increasingly complex regulatory climate has made it even more important for organizations to establish robust data governance practices. Cloud data governance helps avoid risks associated with noncompliance.
Cloud data governance also helps enhance security. Sixty percent of enterprises with proper cloud governance experience 33 percent fewer security lapses, according to Gartner.
By being in auditable compliance with both internal and external data policies, cloud data governance helps organizations gain the trust of customers and partners. They know the organization will protect their sensitive information, so they feel positive about doing business together.
A look to the future
Perhaps the biggest change on the horizon for cloud data governance is that governance, in general, is falling under broader Environmental, Social, and Governance (ESG) efforts. As such, there will likely be more and different stakeholders involved. And its oversight will fall under corporate direction (vs. being an IT function). As such, this may require new tools and strategies to ensure the proper governance of cloud data.
Follow CDInsights’ coverage of cloud data governance.
Salvatore Salamone is a physicist by training who has been writing about science and information technology for more than 30 years. During that time, he has been a senior or executive editor at many industry-leading publications including High Technology, Network World, Byte Magazine, Data Communications, LAN Times, InternetWeek, Bio-IT World, and Lightwave, The Journal of Fiber Optics. He also is the author of three business technology books.
