CxO Decision Brief: Data Governance

Jelani Harper
Solution Value Icon

Solution Overview

Data security and access governance combines regulatory compliance, data privacy, and data protection while speeding data access to users. Privacera’s single-pane-of-glass management console, sensitive data discovery, data protection, and automated access policy creation, with policy control enforcement in source systems, streamlines these responsibilities.

Benefit Icon

Benefit

Privacera empowers users with secure and speedy data access that:

  • Improves accessibility and time to value, removing IT and security bottlenecks
  • Lowers risk by streamlining consistent data access policy management
  • Enhances data security via monitoring and auditability of data access events and requests, while avoiding regulatory compliance and data privacy fines
Urgency Icon

Urgency

Data security and access governance is a broad concern across industries, with immediate action needed in regulated spaces like financial services and healthcare. But action must be balanced against the negative impact a too restrictive access posture can have on data access and business outcomes.

Impact Icon

Impact

Successful implementations lead to an expansion of data-driven culture where users trust data and incorporate it in more of their business activities. IT will shift focus to creating a secure data framework and monitoring data access, while data stewards become integral for granting access.

Risk Icon

Risk

Customers in heavily regulated industries can encounter scope creep as they access the capabilities of credible data security and access governance solutions to do too much too soon. Conversely, the risk of security without data accessibility limits the ability to monetize data.

1. Solution Value

This GigaOm CxO Decision Brief was commissioned by Privacera.

Data security and access governance has surged as a primary concern for all organizations, regardless of industry or focus. Data privacy regulations—and the demand for consumer rights—are increasing at the international, national, and local levels. The rate and severity of data breaches are also growing, along with the number of valued data sources external to the enterprise. Additional pressures include business demands for faster time to insight for analytics, which are often unmet because of privacy and security concerns that delay or prohibit users from accessing necessary data.

Data security and access governance alleviate these issues by providing timely, secure data access that complies with regulations, enhances internal security, and fulfills business needs. By providing a single pane of glass for governing distributed data sources and enforcing access policies within source systems, Privacera excels at solving these challenges. The solution automates vital aspects of discovering, classifying, and tagging sensitive data while providing obfuscation methods to protect data with features for monitoring, alerting, auditing, and issuing reports for data access.

2. Urgency and Risk

Failure to account for data security and access governance can result in steep regulatory compliance penalties, litigation, loss of reputation, and customer churn. It also makes valuable data sources inaccessible to the business, translating directly into lost revenue, higher costs, greater inefficiencies, and a failure to meet business objectives. Not long ago, granular access-based security was considered nice to have. Today, it’s a mandatory concern for C-level executives across industries.

Risk

While solution’s like Privacera’s drastically enhance an organization’s data security and access governance posture, deployment scope and focus creep remain dangers. The platform’s endless possibilities can tempt management into taking on more than it can handle, resulting in missed timelines, delayed implementations, and a lower ROI.

3. Benefits

The primary benefit of credible data security and access governance is that organizations can get the right data to users in a timely fashion, while avoiding data privacy and regulatory compliance woes. When going with Privacera, mastering this aspect of data-driven processes means:

  • Improved accessibility and time-to-value: Faster, secure access to data means enhanced value and productivity. Data scientists, for example, can quickly build better models to meet business goals, and marketing and sales personnel can get the data to effectively microsegment their customer base and improve revenue with targeted offers.
  • Streamlined data access policy management: Organizations become more proficient at writing, implementing, and organizing secure data access policies. Privacera enables companies to write policies once and deploy them within various sources. Other approaches require constantly writing and maintaining policies for each data source in silos.
  • Improved data privacy and regulatory compliance: Users are empowered to meet the mounting demands of data privacy and regulatory compliance, enabling them to avoid missteps like Amazon’s nearly $900 million GDPR fine.

4. Best Practices

The key to maximizing the ROI of a data security and access governance platform is to avoid overfitting by starting with small, high-value use cases. Obtaining support from requisite governance and security personnel throughout the organization is also important. Specific measures include:

  • Obtain stakeholder buy-in: Success greatly depends on compiling business and technical requirements from all stakeholders, including CDOs, data governance councils, security personnel, analytics users, the business, and IT teams.
  • Target easy wins: Avoid trying to secure the entire data ecosystem immediately when using Privacera’s solution. It’s far better to take a system-by-system approach, prioritizing use cases that show immediate, tangible business value.
  • Leverage data stewards: The involvement of data stewards is crucial to reinforcing data security and access governance, which allows them to manage policies so that those familiar with business requirements oversee who is using data and how.

5. Organizational Impact

Adopting Privacera’s data security and access governance approach allows organizations to become much more data-centric in achieving their core mission objectives. The shorter time to value for data access, and newfound ease of policy creation and implementation, allow companies to expand the number of data sources used for business processes.

This means that organizations can use more of their data than previously, heightening the valuation of data while the nascent data culture in the business matures. End users will trust data more, while security and IT teams become more confident that access is compliant and consistent.

Data stewardship then takes on renewed significance for data governance. With their business knowledge of what data requests are for, data stewards and owners become responsible for directly facilitating access. A modest amount of training is required to get stewards versed in granting access requests with the new system. Similarly, IT and governance personnel must learn to configure the UI to encompass all sources within a single pane of glass.

People Impact

Privacera’s unified platform allows IT, data owners, data stewards, and the business to establish a federated governance model where data owners approve access via automated policy creation—while retaining centralized visibility and guardrails. Proper implementation lets users concentrate on what they do best. The impact will be most profound on IT teams tasked with securing data sources according to data governance requirements. These users will benefit from the reduced time writing policies based on user and data attributes, shifting focus toward monitoring and auditing data access.

The automated, repeatable measures for discovering, tagging, and classifying sensitive data gives users more comprehensive protection of data resources—enabling them to do their jobs better. IT is no longer the bottleneck because data stewards with knowledge of the business requirements for data grant access, speeding time to access for end users. Data stewards become more active in data governance implementation, shifting from after-the-fact auditing to enabling business users. Expenditures on non-compliance, data discovery, and policy writing decreases while the business optimizes returns on data with informed decision-making and action.

Investment Outlook

Pricing hinges on the number of connected sources and active users on the data platform. The number of active users relates to the number of analysts accessing the data source, which correlates to the amount of active analyst requests the platform is securing. These are stipulated in the contract with Privacera. This information is applied to one of two deployment options—a SaaS solution or a self-managed model for users that have strict data residency and control requirements. Applying these options to the number of data sources and users results in value-based pricing that correlates to how extensively the solution is used throughout the company. In either instance, pricing risk is minimized because organizations get what they pay for in terms of the platform’s management model, user base, and source amounts.

6. Solution Timeline

As each organization’s business requirements for data are unique, so too are its data security and access governance requirements. Depending on the number of sources, users, and regulations organizations account for—and the complexity of the deployment—implementation typically takes two to three months.

Plan, Test, Deploy

To deploy within three months, organizations should have a general idea of Privacera’s capabilities and the order they are to be implemented. Companies must first locate and identify sensitive information and then map it to specific security and governance requirements dictated by regulations and organizational needs. The data is then obfuscated according to access policies inside of source systems.  There are also capabilities for monitoring and auditing data access.

Plan: Companies create their project plan and determine data sources and systems to be integrated. It’s also necessary to specify milestones for the implementation plan and set up the developer environment for the solution.

Test: Next, users configure and integrate the respective data sources and systems, then test them to ensure that they are working properly. Implicit to this step is setting up the testing and production environments, onboarding users, training them in the system, and configuring the Privacera install with Privacera manager.

Deploy: Deployment involves rolling the platform out in a staged manner, going from system to system or group to group. This typically involves additional onboarding and user training before full implementation.

Future Considerations

As data privacy regulations continue to escalate, users can anticipate Privacera employing broader artificial intelligence and machine learning capabilities for data discovery, management, and analytics. As data governance gets more federated into self-service models, the paradigm shifts from managing policies as code per physical data source, to managing policies by intent based on logical data objects, like data domains, that might correlate with a business function like marketing or sales. The solution will also expand the diversity of sources and security frameworks it supports, while enhancing its ease of use and delegation of authority for policy management.

7. Analyst’s Take

The demand for data security and access governance is horizontally applicable to all organizations and their customers, driving the need to protect data with secure access control mechanisms. The true challenge involves implementing enterprise-scale access control fast enough to meet business needs while accounting for the assortment of source systems and deployment environments. Privacera meets all of these needs with its ability to write policies once and deploy them in any source while providing a central console to manage all data security and access governance activities.

8. Report Methodology

The GigaOm CxO Decision Brief

This GigaOm CxO Decision Brief analyzes a specific technology and related solution to provide executive decision-makers with the information they need to drive successful IT strategies that align with the business. The report is focused on large impact zones that are often overlooked in technical research, yielding enhanced insight and mitigating risk. We work closely with vendors to identify the value and benefits of specific solutions, and to lay out best practices that enable organizations to drive a successful decision process.

9. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

10. Copyright

© Knowingly, Inc. 2023 "CxO Decision Brief: Data Governance" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.

Related Research