We’ve previously discussed the role of governance when it comes to multi-cloud strategies and security. We’ve also covered the need for close collaboration between the chief information security officer (CISO) and chief data officer (CDO).
Our past analyses indicate that there’s a lot of overlap between cloud governance and data governance, and, in this analysis, we’ll expand on how and why the two types of governance relate to one another. We’ll also look at what this overlap means for businesses as they continue to move to the cloud and accumulate data to drive business decisions and outcomes.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
The Close Relationship Between Cloud and Data
First, let’s talk about the end goals of cloud governance and data governance. In cloud governance, organizations are often looking to get a handle on, and some maturity around, their consumption of cloud service offerings from cloud service providers (CSPs). In data governance, organizations are often trying to get rigor and maturity around their data collection, storage, and use to drive business decisions and improve business and mission outcomes.
The cloud is how organizations collect, store, and use data to turn it into information to drive business value. Studies show organizational leaders are experiencing a 40% increase in their use of cloud services. Cloud-based capabilities have become essential for organizations to stay competitive in the market. This includes robust elastic storage services that can be accessed remotely by the workforce and software-as-a-service (SaaS) applications that utilize organizational data. Additionally, artificial intelligence (AI) and machine learning (ML) have become increasingly important for businesses to outpace competitors that are also leveraging technology.
As organizations increasingly adopt multi-cloud infrastructure-as-a-service (IaaS) providers such as AWS, Azure, and Google Cloud, as well as the thousands of SaaS offerings in the marketplace, they need to understand the business use case for those cloud service offerings. This often ties back to data, and the intended use of the cloud to do something with the data to enable business functionality and outcomes. Common use cases include data storage, transmission, or transformation, all leveraging the cloud.
As part of cloud and data governance, data and security leaders must understand what cloud services are being used, by whom, with what data, and for what purposes.
Improving Governance in the Age of the Cloud
In today’s modern organizations, explosive amounts of digital information are being used to drive business decisions and activities. However, both organizations and individuals may not have the necessary tools and resources to effectively carry out data governance at a large scale.
I’ve experienced this scenario in both large private and public sector organizations: trying to wrangle data in complex environments with multiple stakeholders, systems, and settings. It often leads to incomplete inventories of systems and their data, along with who has access to it and why. Cloud-native services, automation, and innovation enable organizations to address these challenges as part of their broader data governance strategies and under the auspices of cloud governance and security.
Many IaaS hyperscale cloud service providers offer native services to enable activities such as data loss protection (DLP). For example, AWS Macie automates the discovery of sensitive data, provides cost-efficient visibility, and helps mitigate the threats of unauthorized data access and exfiltration. All of these measures are essential to maintain security and compliance standards in business operations. This example shows how using cloud-based automation can make it easier to manage data governance at a large scale.
We’re also seeing the growth of a new term and niche, dubbed data security posture management (DSPM), which is a data-first approach to securing cloud data. With the growth of multi-cloud environments, organizations have struggled to implement data governance, and DSPM brings innovative technologies and processes to keep the organizations secure, informing leaders where sensitive data resides, who has access to it, and the security posture of the data in the hosting environment in which it resides.
Conclusion
As multi-cloud adoption and digital transformation continue to evolve, we will see growing synergy between data and cloud governance, as well as the emergence and maturing of platforms and practices around DSPM aimed at securely enabling the business with data.
Want more cybersecurity insights? Visit the Cybersecurity channel:
