How should security influence your data governance policy?
As businesses and users, we are inundated with data that is being generated through a host of websites, devices, software, apps, and social media platforms among others. It’s not just digital media either: physical stores also generate a lot of data via billing counters and customer forms filled at the stores.
All this adds up to the ever-increasing pool of data: around 50.5 zettabytes of data is estimated to be produced in 2020, with the total volume of data generated to reach 175 zettabytes by 2025, according to Statista.
Data protection therefore is of utmost importance. The rollout of data protection policies like EU General Data Protection Regulation (GDPR) and APEC Cross-Border Privacy Rules (CBPR) have created more pressure on organisations and the way they handle data. Increased cyberattacks and data breach incidents, increased awareness about the importance of data, privacy and the consequences of data theft, coupled with the obligation to abide by the data protection regulations, has pushed organisations to device better data governance policies and cybersecurity strategies.
Data governance is required to maintain data security, availability, consistency and integrity, while also chalking out ways to manage and use data, assign data management responsibilities, define protection protocols, as well as determine the criticality of data and define access.
Let’s have a look at the factors that impact data governance policies:
Data categorisation: Implementation of regulations like GDPR has made it necessary for companies to identify the nature and type of data and ensure that it is being used in line with the GDPR provisions. In such a scenario, organisations should draft data governance policies that clearly delineate personally identifiable information from generic information and handle the two different kinds of details in manners as specified and permitted.
The policies should define the extent of use of the information and the access rights in order to avoid data misuse and breach of privacy.
Data storage and infrastructure: According to The Big Data & Analytics Maturity 2020 Survey by AtScale, 79% of companies worldwide use hybrid or multi-cloud strategies, with only 24% of the respondents still opting for a single cloud vendor. The report also pinpoints that data governance remains a top priority for enterprises, with 80% of companies considering data governance very important. This indicates the importance of data governance in today’s complex cloud infrastructure, which entails a combination of disparate cloud systems that support business-critical processes and data transmissions.
Botched data governance policies could lead to an unintentional or intentional breach of data that could lead to data leaks or data misuse, which might result in ransomware demands and regulatory fines causing reputational and financial damages. Competitors can get also access to this leaked data, which can damage business.
Network: Companies are now allowing employees to work offsite using company networks and bringing their own devices (BYOD) to work. As a result, they are using a range of disparate third-party applications and software in their day-to-day operations. This has expanded the companies’ networks, by adding many different endpoints.
Each of the devices and tools connected to the company network have different configurations and only a comprehensive set of data governance policies can help in managing and controlling the data, access to it and its use. A company’s data governance policies should also align well with those of its vendors in order to establish a foolproof data protection framework without leaving any gaps that could be exploited by the attackers.
Employees and senior management: Staff and top management make for the human aspect of an organisation and also an important element in the cybersecurity framework. Many cyber breaches have been associated with human negligence or intervention. They are also the ones who have access to data to operate and manage day-to-day business.
While employees in the lower hierarchical levels do not always have complete access to all of the company’s systems and data, top management usually have everything at the tip of their fingers. With attackers mostly targeting these top-level executives as part of their phishing attacks, it is absolutely necessary to have robust data governance policies that define accessibility and accountability to data as well as its responsible usage amongst these top-tier executives. Data governance policies should also define the behaviour and accessibility rights for employees at other hierarchical levels and promote good data use practices.
These are some of the most important components that influence the creation of robust data governance policies, which can be very useful for efficient data and cyber protection.