Page 126 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 126

Data Governance:  It’s Everywhere but Nowhere

            Data Governance is everywhere. At the same time, it’s nowhere. Here’s what we mean.

            Every enterprise collects data. As such, every enterprise has a Data Governance function. Whether or
            not  it’s  formally  called  Data  Governance  or  has  employees  with  “Data  Governance”  in  their  titles  is
            another question. In most large organizations, the Data Governance function is distributed across multiple
            teams, including:

               ⚫  Security
               ⚫  Compliance
               ⚫  Privacy
               ⚫  Data
               ⚫  And maybe a few others

            Even though Data Governance is distributed across all these functions, Data Governance is often a part-
            time  role,  rather  than  a  full-time  dedicated  role  or  team.  For  example,  there  are  relatively  few
            professionals  dedicated  to  Data  Governance.  A  few  cursory  searches  on  LinkedIn  reveal:

               ⚫  1,540,000 professionals with “security” in their job title;
               ⚫  635,000 professionals with “compliance” in their job title; and
               ⚫  16,000 professionals with “data” and “governance” in their job title -- a 40X to 100X difference.

            So, Data Governance is typically an invisible fabric between existing teams. Or, as we like to say, Data
            Governance takes a village -- it’s a shared responsibility that requires coordination and collaboration
            across multiple teams.


            Data Governance:  A Myriad of Manual Tasks

            Especially because of its cross-functional nature, Data Governance has traditionally been executed via
            manual effort. Going back to the definition above, Data Governance consists of:

               ⚫  The actions people must take,
               ⚫  The processes people must follow, and
               ⚫  The internal standards or data policies that apply to data

            That implies a whole lot of manual effort. Take some typical, day-to-day data governance processes
            found in many organizations:

               ⚫  An employee needs temporary access to a specific data set to do an analysis for a project.
                         Employee submits a ticket via Jira or ServiceNow to the Security team to request access
                          to the data. Request includes description of the data set, executive sponsor for the project,
                          time frame for access to the data set, etc.






                                                                                                            126
   121   122   123   124   125   126   127   128   129   130   131