Page 127 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 127

  Security team receives the request and starts an access control assessment.
                         Security team validates the request with the executive sponsor.
                         Security team validates the content of the data set with the Data team.
                         Security team approves the request and grants access to the data set.
                         Later, the Security team revokes the employee’s temporary access to the data set.
               ⚫  Compliance team asks the Data team to fill out the semi-annual sensitive data audit.
               ⚫  Compliance team asks the Security team to fill out the quarterly access control audit.

            Performing all these manual Data Governance tasks takes a lot of time and energy.  In addition -- and
            more  importantly  --  the  fact  that  data  is  really  only  being  governed  on-demand  (during  an  up-front
            assessment) or periodically (in recurring audits) highlights a massive vulnerability for most organizations:
            apart from those manual up-front assessments and occasional audits, Data Governance is being left up
            to chance, good intentions, and best behavior.

            Which means data isn’t really being governed at all.


            It’s Time for DataGovOps

            SalesOps  measures  and  evaluates  sales  data  to  determine  the  effectiveness  of  a  product,  sales
            process, or campaign. Similarly, MarketingOps measures and evaluates marketing data to determine
            the effectiveness of marketing programs and campaigns.

            DevOps is the combination of philosophies, practices, and tools that increases an organization's ability
            to deliver applications and services at high velocity.

            DevSecOps automates the integration of security at every phase of the software development lifecycle,
            from initial design through integration, testing, deployment, and software delivery.

            By analogy, Data Governance Operations -- or DataGovOps -- is the combination of practices and tools
            that:

               ⚫  Automatically make data more secure, private, accurate, available and usable;
               ⚫  Guide people to take appropriate action and follow established process to better govern data;
                   and
               ⚫  Continually measure and evaluate how internal data standards – i.e., data policies – are being
                   adhered to.

            DataGovOps is the collaborative data management practice focused on improving the communication,
            integration  and  automation  of  context  and  policy  among  all  Data  Governance  stakeholders  in  an
            organization, including Security, Compliance, Privacy, and Data Owners. DataGovOps automates the
            integration of security and compliance at every phase of the data lifecycle.









                                                                                                            127
   122   123   124   125   126   127   128   129   130   131   132