Key Criteria for Evaluating Data Governance Solutionsv2.0

1. Summary

Modern data governance is the result of two diametrically opposed forces in the sphere of enterprise data and analytics. On the one hand, organizations are relying on data more than ever as a means of competitive differentiation. Data-centric processes for data science, analytics, and real-time transactional systems reduce costs and optimize productivity in an uncertain business climate in which doing so is imperative. Mining data for the requisite insights, and timely action for both long term and fleeting business opportunities, are each critical for organizations to survive, let alone thrive.

On the other hand, the incidence and severity of data breaches, cyber attacks, data loss, and even exfiltration is greater than ever before. This reality is made more acute by the fact that consumers are demanding more rights than ever about their data, data privacy, and protection from these malevolent actions. Specific regulations enacted to support these priorities have only intensified the need to restrict data access in compliance with them. Significantly, such regulations exist at the international, national, and state levels (in the US).

Reconciling these two conflicting drivers is the primary objective of contemporary data governance. The term has morphed in recent years, now honing in on access controls, data protection, and regulatory compliance to enable end users’ self-service access to data in a secure manner. Historically, data governance has meant much more than access control, and in some circles, its scope still includes the data cataloging and curation technology—see our 2022 Key Criteria and Radar reports on data catalogs. But in this report, and its companion Radar report, we focus our investigation of data governance on data access control technology and solutions. And whether it’s because of the threat of compliance penalties, reputational loss, or litigation arising from non-compliance and data loss, we see the industry doing likewise.

Strategically, the data governance solutions reviewed in this pair of reports typically incorporate a three-pronged approach: (1) discover what data organizations possess that must be guarded, (2) classify it as such so its existence is readily known, and then (3) implement access controls for security reasons. There are numerous points of distinction among vendors in terms of how they complete these tasks, what features they offer, how they’re architected, and which specific sources they support.

All of these concerns are paramount for deciding which particular solution is best for an organization. This Key Criteria report includes a primer that serves as an overview of the relevant technologies and concepts that are necessary for successfully governing data. It also points out the most appropriate metrics for assessing the different vendors involved. We explore the minimum table stakes for the solutions in this report, key criteria for distinguishing among vendors, and evaluation metrics that serve as barometers spotlighting various effects solutions have on organizations. There’s also a brief list of emerging technologies impacting this space so users can anticipate what features of governance solutions they’ll be offered next.

The GigaOm Key Criteria and Radar report together provide an overview of the data governance market, identify capabilities in the data governance domain, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision-makers evaluate solutions and decide where to invest.