According to Deloitte’s 2023 Global Future of Cyber Survey, the frequency of data breaches has been growing, with 91% of organizations reporting at least one breach, compared to 88% in 2021. Of these breaches, the leading negative consequence was operational disruption, including supply chain/or partner ecosystems. These stats have led many enterprises to take on digital transformation initiatives to streamline data governance and strengthen cybersecurity.
Rajan Raorane, a data security expert and Director at Yulan Fall Limited, has experience designing data architectures for intricate enterprise solutions in the interest of keeping sensitive business-critical data secure.
In episode 14 of the NextLabs Cybersecurity Expert Series, we sat down with expert Rajan to discuss why organizations often struggle to establish effective data governance for distributed data, what factors contribute to these challenges, best practices for data governance, and much more. Read his insights below or watch part 1 and part 2 of the episodes.
In today’s digital transformation, where data resides across cloud, on-premises, and leverages machine learning, how do you perceive the level of data security?
In today’s digital world, keeping data safe is a big deal. We have modern tech like cloud computing and machine learning, but they bring their own security problems. So, we redesign our solution architecture to use security measures like data encryption, applying policies on authentication/authorization, data classification, etc. We also launch software to monitor and audit the data regularly to be sure they are safe and as expected. But you know what? No system is completely safe from data leaks or threats.
As tech improves, the options to break-in also increase. That is why the right data security measures should be applied and monitored all the time. It is crucial to make sure you have plans to secure your data and conduct sessions on data security enablement if required. We must find the right balance between new tech and keeping your data safe. It is everyone’s responsibility to create a mature data framework.
When discussing data, we frequently encounter terms like Data Protection, Data Security, Data Privacy, Data Governance, User Governance, and Process Governance. Can you provide concise explanations for each of these concepts in a single sentence?
Sure.
Data Protection: Practices to safeguard data from unauthorized access, use, or disclosure.
Data Security: Techniques and protocols to protect data integrity, confidentiality, and availability against cyber threats.
Data Privacy: Ensuring the appropriate handling of personal data, respecting individuals’ rights, and preferences.
Data Governance: Framework and processes to manage data’s quality, availability, usability, and security throughout its lifecycle.
User Governance: Policies and controls for managing user access, roles, and permissions to maintain data security.
Process Governance: I would say process governance is an oversight of workflows and procedures to ensure data-related processes adhere to quality and security standards.
Why do organizations often struggle to establish effective data governance for distributed data, and what factors contribute to these challenges?
When data is all over the place, it’s like herding cats to make sure everyone plays by the same rules for data security. If there is not one person or a group in charge of the data, it’s like a game of “Who’s on First?” trying to figure out who’s responsible for it and how to keep it safe and organized.
Managing scattered data is like solving a big puzzle. You are always wondering where it came from and how to keep it neat and tidy. It is also difficult to manage data if not all users in an organization understand data rules and why they are important.
To deal with all this, organizations need a strong data framework that: defines data owners with clear roles so everyone knows their task, teamwork to bring it all together, RACI matrix, tech tools to modernize your data, rules that are enforced, and a common understanding of these data rules and their importance.
What is your approach to governing distributed data?
So, when it comes to handling distributed data, here is what I do: I set up some clear rules and define the RACI matrix to create roles such as Data Owner, Stewards, CDO, etc., who can view and take action. Then, monitoring and auditing data movements, applying data security policies, and tying the data governance to the process and user governance framework. Finally, regular follow-ups and communication with the team to ensure everyone follows data principles in their day-to-day activities.
But here’s the real deal — everyone on the IT team, the folks who own the data, and cybersecurity experts, must team up to understand what could go wrong and how to stop it. Creating the correct processes for your organization’s ecosystem and enforcing rules to every department is the first step to kick off the governance discussion.
Because of modern tech, it is much simpler to leverage cloud services. With the use of cloud services, organizations can make best use of the multi-cloud or hybrid cloud services and create a controlled layer to govern applications and systems, and in turn internal & external data.
What are some best practices for data governance you would recommend?
So, when we’re talking about keeping data in check, that involves making sure we know who’s in charge of it and what everyone is supposed to do with it. We also want to make sure the data is good quality. So, a good plan for data governance is simply a framework that tells us how we sort data, who can use it, and regular checks to make sure it’s correct and secure.
To understand the data better, we use this thing called metadata, which is info about the data. Metadata is beneficial for organizations, and it requires efforts from the IT folks, data keepers, and other users within the organization to make sure everything lines up.
There are data quality rules or data policies about keeping data safe and employing the right way to use it. The data governance framework should be robust enough to adopt changes and label and classify data whenever the data is changed. It’s also important to conduct knowledge sessions on effective data management and enforce the rules across the organization with the right people leading the effort.
Keeping track of your data and strategies to handle it when things go wrong will help to foresee the risk and mitigate it. So, in a nutshell, to manage data governance effectively we have to define clear ownership, implement robust security measures, comply with regulations, educate your team, and have a solid plan for handling breaches.
As a fundamental guideline, what factors should organizations take into account to attain robust data protection?
Achieving robust data protection in the digital landscape requires careful attention to several critical factors. Firstly, organizations must establish a comprehensive framework of data security measures. This involves implementing encryption, strong access controls, regular security audits, and timely patch management to prevent unauthorized access and cyber threats. Defining this strategy with a multi-layered defense approach, including firewalls, intrusion detection systems, and endpoint protection, adds an extra layer of security against potential risks.
Secondly, upholding data privacy is paramount. Organizations must adhere to relevant data protection regulations (GDPR, HIPPA) and create transparent privacy policies. Obtaining explicit user consent before collecting and processing personal data is also crucial.
Thirdly, prioritizing employee training is very important. Given that human error contributes significantly to data breaches, educating staff about cybersecurity best practices and raising awareness about social engineering risks is crucial.
Furthermore, a robust incident response plan must be in place. Despite preventive measures, breaches can occur. Having a well-defined strategy can minimize the damage which will safeguard both data and reputation.
Lastly, establishing secure partnerships with third-party vendors and maintaining stringent vendor management practices is essential. Outsourced services should adhere to the same rigorous data protection standards as internal processes.
By addressing these considerations comprehensively, organizations can establish a strong foundation for data protection. This approach ensures the security, privacy, and integrity of sensitive information while building trust among customers and stakeholders.
Discover more from NextLabs’ Expert Series, featuring industry experts in educational and thought-provoking conversations on Data-Centric Security, Zero Trust Architecture, Safeguarding AI, and more.
To comment on this post
Login to NextLabs Community
NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.
Don't have a NextLabs ID? Create an account.