Organisations Struggling to Close the Governance Gap When Enabling Self-Service Analytics: TDWI Report
A new report from TDWI, titled Closing the Governance Gap: Enabling Governed Self-Service Analytics, found data governance and data protection are key to eliminating the conflicting forces that organisations face when trying to achieve agile data sharing without compromising compliance and privacy. Sponsored by cloud data governance and security leader Privacera, the report explains how […]
Topics
A new report from TDWI, titled Closing the Governance Gap: Enabling Governed Self-Service Analytics, found data governance and data protection are key to eliminating the conflicting forces that organisations face when trying to achieve agile data sharing without compromising compliance and privacy. Sponsored by cloud data governance and security leader Privacera, the report explains how organisations are looking to widen consumer access to a broader array of data assets to enable exploratory analysis, improve business decision-making, and perpetuate data democratisation, but are challenged to do so to ensure data protection and compliance.
As enterprises expand their data landscape, strategy, and architecture across an evolving mix of hybrid, multi-cloud, and on-premises platforms, data access has become particularly complicated. At the same time, organisations are increasingly concerned about leakage of sensitive data and need to define, deploy, and audit compliance with data access control policies.
The report also comments on the existence of- and resolution to- a data “governance gap” which is created when the individuals who are accountable for articulating and specifying data policies do not have enough knowledge of the systems to understand how policies are implemented. This includes the technologists who understand the system but are not familiar enough with data policy drivers to appropriately define and deploy data protection policies. To close this gap, TDWI recommends organisations apply the concept of Governed Data Sharing, which aligns the knowledge, skills, and competencies of the various personas involved in the process to effectively define, deploy, implement, and monitor compliance policies.
Also Read: IoT in the Middle East: Embracing the Technology
At the centre of this idea is the concept of data assets, which are logical groupings of data spread across on-premises data sources and cloud services. In Governed Data Sharing, data assets are owned by the relevant functional organisation, such as sales or marketing. Data consumers are able to browse through a catalogue and request access to the relevant data assets. Owners of these assets have the flexibility to share the entire asset or carve out a subset of data for consumers with the confidence that their data will be used for authorised purposes by authorised personnel.
“The challenge for organisations is that the traditional approach to data protection and governance has involved the process of assigning privileges to individuals in order for them to access specific data assets,” said TDWI affiliate analyst David Loshin, and author of the report. “Clearly, this style is not sustainable, and enterprises can no longer view this as a process of defining rules that allow individuals to access specific data assets. This new Governed Data Sharing approach enables organisations to leverage data assets in a simplified and more effective way so they can get controlled access to the data needed without violating any of the policies that must remain in place to remain in compliance.”
To avoid falling victim to a governance gap, organisations need to first identify the different roles/personas in an organisation and what their expectations and responsibilities are with respect to data democratisation. TDWI explains how, collectively, these different personas are capable of defining, implementing, and enforcing data policies. However, due to the disparity between how policy drivers write access policies and how they are actually implemented, no single persona has the policy knowledge, technical expertise, and data awareness to deploy data policies.
“Privacera is in lock-step with the Governed Data Sharing approach and will be reflecting this methodology in future product development and subsequent releases,” said Balaji Ganesan, CEO and co-founder, Privacera. “By providing innovative data policy tools, we help ensure that the information data consumers receive is trusted, has all the applicable controls, and is ready to be utilised. At the same time, the data policy drivers and data owners are confident that processes are in place to prevent unauthorised use and risks of data leakage. Essentially, this enables all data stakeholders to operate within their own sphere of competence and responsibly leverage data to its full potential.”