Cybersecurity

How Chief Data Officers Drive Governance by Partnering With Cybersecurity Leaders

Robert WoodBy Updated:5 Mins Read
CISO CDO data governance
Acceleration Economy Cybersecurity

Today’s Chief Data Officers (CDOs) are looking to create value from data to propel their organizations forward. Often, the more data there is, the better it is for CDOs and their organizations; more data provides a richer set of insights and opens up opportunities for development of more data-driven products. However, with more data comes a corresponding increase in the risk of data breaches.

To prevent data breaches, organizations must prioritize data governance. There is a significant overlap in the role of the chief information security officer (CISO) and the CDO when it comes to data governance since CISOs oversee company data security while their CDO peers manage the organization’s data assets. A healthy partnership is important to ensure robust data governance.

In this analysis, we’ll explore the importance of data governance, offer advice on data governance for CDOs from a CISO’s perspective, and show how proper data governance can improve business outcomes.

What Is Data Governance?

Data governance refers to the processes, policies, and standards that organizations have in place to manage their data assets. This work includes data quality and accuracy to ensure control and privacy. Data governance is critical for maintaining data integrity, ensuring compliance with regulations and mitigating the risk of data breaches. Without effective data governance, organizations are vulnerable to costly mistakes, reputational damage, and legal repercussions. Significant data breaches, such as those where S3 buckets or other cloud data repositories are left open and contain sensitive data, are notable examples of such repercussions.

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

A CISO’s Advice on Data Governance for CDOs

CDOs play a critical role in data governance. They are responsible for defining data policies and procedures, ensuring data is accurate and complete, and managing data security.

The CISO also plays a critical role in data governance, but it is different from the work of the CDO. The delineation is found in the ownership of the resources needing to be secured. The CDO may, in some organizations, be responsible for data repositories, pipelines, or tools relating to data security, whereas the CISO’s office sets policies around these elements.

As a CISO who has worked in both large enterprises and fast-moving startups, here are some of my recommendations for CDOs implementing data governance:

  1. Collaborate with IT and security teams: CDOs should work closely with IT and security teams to ensure data governance policies align with security protocols. Alignment areas include access control, encryption, and data backup procedures, as well as protecting data throughout its lifecycle, from collection to deletion.
  2. Establish data ownership and accountability: Data ownership and accountability are critical components of data governance. CDOs should work with business counterparts to define ownership, establish data stewardship roles, and ensure that data is used appropriately. Ownership is about setting clear guidelines for data use, monitoring data access, and auditing data usage.
  3. Prioritize data quality: Data quality is essential for effective data governance. CDOs should establish data quality standards and procedures, including validation and cleansing. Data quality includes assurances that data is accurate, complete, and up-to-date.
  4. Implement data retention policies: Data retention policies are critical for ensuring that data is kept only as long as necessary. Therefore, CDOs should work with legal and compliance teams to establish data retention policies that comply with relevant regulations. This is important to sort out as early as possible.
  5. Monitor data access and usage: CDOs should establish monitoring procedures to ensure data is accessed and used appropriately. An effective system monitors user activity, identifies anomalies, and is backed by processes to identify suspicious activity. CDOs can detect and mitigate potential data breaches by monitoring data access and usage before they cause significant harm. For instance, they can have alerts established to create notifications that ensure data or reports are being shared in accordance with access control policies.

Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.

Data as a Strategic Advantage

CISOs and CDOs can work together to leverage data strategically by aligning their data governance and security strategies. To me, this is really about finding the right balance between data needed to drive the business and data that introduces risk to the organization (e.g., social security numbers or credit card numbers). These two functions typically carry a healthy tension in an organization — all in the service of doing more.

This cross-team partnership between CISO and CDO is about collaborating to define ideal outcomes and how those relate to data policies and procedures. By working together, CISOs and CDOs can not only establish a comprehensive data management framework that supports the organization’s mission but simultaneously mitigates the risk of data breaches. They can also identify opportunities to leverage data to drive innovation and improve business outcomes while ensuring ethical and responsible use.

In my mind, the best example of a cross-team partnership driving business outcomes is when CISOs and CDOs work together to find opportunities to collect less data, especially data about individuals (e.g., personal identifiable information, or PII). From a consumer’s perspective, less data means less risk (fewer privacy concerns, breach risks, and so on). This type of CISO-CDO collaboration will pay dividends. That’s a good outcome for the customer and it’s a win for the business.

Concluding Thoughts

Effective data governance is critical for maintaining data integrity and mitigating the risk of data breaches. It’s also important to extract as much value as possible from data. CDOs play a critical role in data governance. They can ensure that their organization’s data is secure and compliant with relevant regulations by collaborating with security teams to establish data ownership and accountability, prioritizing data quality, implementing data retention policies, and monitoring data access and usage.

Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Share.

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

Add A Comment

Comments are closed.