As we have discussed in previous analyses, data is the modern digital organization’s lifeblood. Data governance ensures that data is consistent, trustworthy, and properly managed.
There are several different leaders within an organization who play a part in data governance. One is the Chief Data Officer (CDO), who serves as the senior-most individual responsible for the organization’s strategic use of data. Another is the Chief Information Security Officer (CISO), the top individual responsible for securing the organization’s data and empowering fellow business leaders to make risk-informed decisions.
In this analysis, we’ll discuss how these two CXOs, in particular, can collaborate when it comes to an organization’s data governance efforts.
The Two Roles
The CDO is looking to empower the business to make better use of data to drive business outcomes. Organizations are overwhelmed with data, but the data needs to be transformed to make it actionable to the business and enable business outcomes.
The CISO is looking to ensure that data is secured throughout its lifecycle while still being available to the business when and how it’s needed. This requires a paradigm shift from the “office of no” to the office of “yes, and here’s how.” This means being an enabler for the business to drive outcomes using data securely.
Traditionally, these two roles would often work in silos and separately, but given the need to have data transformed into information, and to do so securely, a new operating model is required, uniting the two roles and increasing collaboration between these two C-suite leaders.
Breaking Down Data Silos
A core data governance challenge is breaking down data silos to ensure proper access control measures are included as silos come down. This includes understanding how the organization collects, creates, classifies, uses, and retains data across the organization. The CDO can use this information to improve the organization’s management and governance of data, while the CISO can use it to ensure appropriate security controls and measures are in place.
One area where this collaboration can start is by having the CDO engage the CISO: informing them where the data resides, who needs it, and under what circumstances. This empowers the CISO to implement zero-trust access control models with least-permissive access control while not impeding the business and its required activities.
Improved Data Quality
Another key activity from the CDO’s perspective involves improving data quality. Many organizations have been cited as having poor data quality, which hinders business activities around operations and analytics needed to make timely business decisions. CISOs help ensure data quality through proper access control but also by ensuring data integrity isn’t compromised, either inadvertently or through intentional malicious activity.
Ensuring Compliance
On the compliance front, organizations are facing a slew of regulatory requirements for their data, especially if they’re dealing with financial, health, or governmental data. By ensuring that the CDO and CISO are on the same page with their respective data oversight responsibilities, the organization is better positioned to mitigate any regulatory and compliance concerns for their organizations, which are becoming costly as consumer privacy and regulatory oversight increases.
An area the CISO can help the CDO is helping the latter understand various regulatory requirements the organization has to align with and ensure the CDO keeps these in mind as they go about handling the organization’s collection, storage, and use of data.
Final Thoughts
The strategic use of data as a business asset, and its associated security, are inextricably linked. Corrupt and manipulated data can lead to costly and consequential business decisions. By ensuring data governance strategy prioritizes security, and by bringing both the expertise of the CDO and CISO to the task, organizations will have better business outcomes that are driven by data, all while keeping that same data secure and maintaining its integrity throughout its lifecycle.
Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner analysts.
Want more cybersecurity insights? Visit the Cybersecurity channel:
