GigaOm Key Criteria for Evaluating Data Access Governance Solutionsv3.0

1. Executive Summary

Data access governance is an enterprise discipline for providing secure, controlled access to data assets in accordance with established organizational policies. It serves as an operational layer between orderly, self-service data access and what would otherwise be a disorderly data free-for-all—or, at the other end of the spectrum, restrictions so severe that users can’t access their data. Effective data access governance enables a secure, flexible middle ground between the two extremes.

The technological capabilities for data access governance can be summed up in four parts:

• Discovery, for identifying and locating where sensitive data lies.
• Classification, in which various techniques are used to categorize data according to various organizational standards, including definitions of personally identifiable information (PII) or data under the auspices of regulations (like HIPAA), as well as less sensitive domains such as part numbers or customer IDs.
• Obfuscation mechanisms that protect sensitive data so it’s only accessed by users in situations where permission is granted.
• Permissions management constructs, typically involving role-based access controls (RBAC), attribute-based access controls (ABAC), or similar policy-based access paradigms.

Implicit in each of these measures are the pragmatic realities of writing, implementing, and enforcing specific access control policies to which classified data must adhere. This process has traditionally been dependent on the underlying sources in which the data is stored.

Business Imperative
Data access governance is an enterprise necessity because it’s the critical enabler of some of the most meaningful—and basic—requisites for maximizing data’s value while minimizing its risk. Specifically, it’s the enforcement mechanism for data privacy, regulatory compliance, and data security, without which organizations would soon succumb to a surplus of penalties and other liabilities, including litigation.

Data access governance is also a practical requirement for distributed data architectures like data fabric and data mesh (which are, in turn, precursors for data products), and it is a way of rectifying varying access controls across disparate sources, thereby scaling data access. Data access governance must underpin business intelligence, analytics, data science, and generative AI.

The stakeholders involved in data access governance are numerous. IT teams, administrators, and operations managers have a vested interest in tools supporting data access governance because they’re ultimately responsible for ensuring that relevant access policies are implemented robustly. Business end users rely on data access governance platforms because these platforms enable them to obtain timely access to the data they need to do their jobs better.

Data governance personnel—as the term is defined in its broader sense of providing data intelligence for aspects of data quality, lifecycle management, data modeling, and more—depend on these tools for monitoring data access, auditing user behavior, and ensuring business needs are met. These personnel include data stewards, chief data officers (CDOs), and compliance officers.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a data access governance solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a data access governance solution, we provide an overall Sector Adoption Score (Figure 1) of 4.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a data access governance solution is a credible candidate for deployment and worth thoughtful consideration.

The factors contributing to the Sector Adoption Score for data access governance are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for Data Access Governance

This is the third year that GigaOm has reported on the data access governance space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective data access governance solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading data access governance offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.