Ganesh Kirti is the Founder & CEO of TrustLogix in the data security governance space. He was formerly Co-Founder & CTO of Palerra.
Digital transformations have been leading to data growth and cloud migrations for a while, but many enterprises still struggle to achieve security and flexibility. Achieving both goals can be a complex endeavor, as various stakeholders within an enterprise can have chaotic requirements, and leaders in the effort can also face the integration of legacy tech with new tech, a lack of data usage visibility and conflicting privacy and data security policies. One solution: using the right framework as they modernize their data infrastructure in the cloud.
Consider a hypothetical — Palmer Technologies, a typical organization with a typical digital transformation wish list. It needs to modernize data platforms, secure its data and meet customer service-level agreements (SLAs) and ever-evolving privacy and compliance requirements. It needs to ensure its data is accessible to specific users through specific entitlements and access controls.
This matches up with the results of the recent Deloitte Global 2021 Future of Cyber Survey, which found that CIOs and CISOs listed their top tech adoption priority drivers as security at 64%, privacy at 59%, compliance at 50% and business efficiency and intelligence at 45%. But while achieving all of that, Palmer also needs to accelerate business innovation while maintaining high performance. That means breaking down organizational silos and keeping its data management as flexible as it is secure.
Tall order? It might sound like it — but the data security governance framework can help.
Four Pillars To Secure And Flexible Modernization
Google Issues Warning For 2 Billion Chrome Users
Forget The MacBook Pro, Apple Has Bigger Plans
Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event
By using this framework, Palmer aims to give the right users access to the right data while giving its teams an access and privacy governance platform that provides insights into misuse, gaps, risk and opportunities. Because it can help the company pair both old and new tools, Palmer can take advantage of technologies it's already purchased and set up practices, policies and programs that align with its workflows.
The framework consists of four pillars: control, observe and learn, enable and recertify. Let’s look at how the framework helps Palmer pair data security and governance with flexibility and an appealing business user experience.
Elevating Digital Transformation
Palmer Technologies has invested millions of dollars in tools for compliance and identity and access management — and it has no intention of ripping out those old legacy systems. Smooth integration is essential, and so is giving its business units the freedom to make decisions that allow them to work efficiently. Here’s how Palmer implements the framework:
• Observe And Learn: This pillar might seem passive, but it’s actually the best way to acquire both precise insights and big-picture understanding. Palmer teams identify blind spots and compile useful facts before approaching the data owners. Now they can provide valuable recommendations and summaries, such as: "Here are the people accessing your data. Here's what looks appropriate. Here’s what seems to be outdated, or what's never getting used. You’ve also got an open window that no one's using and that’s a vulnerability." Everyone has the information they need to better architect and tighten policies.
• Control: Palmer gives control and visibility to its data platform and security teams, as well as other central governance players. Giving these teams visibility into new environments helps them monitor data usage patterns, and direct control helps them remain flexible and reduce risk. For instance, instead of everyone accessing the same data set, certain users can be specified to only see geographical data or anonymized financial data.
• Enable: This pillar goes hand in hand with the ones above. Once the Palmer teams have turned those factual data points into recommendations, the data owners and data consumers can implement and enforce the right policies and access controls.
• Recertify: As Palmer’s data projects grow in number, more people acquire access privileges — a process that needs to be managed carefully. Consider a data scientist working on a particular fraud detection project. Naturally, she has access to specific data tables. But five months after the project wraps up, she still has access to that data — unless continuous governance and recertification deprovisions her access and helps Palmer Technologies meet baseline compliance requirements.
The Framework In Action
Having implemented the framework, Palmer finds its teams can access the data they want and use the databases, data lakes and analytics tools they need while maintaining compliance and security. For instance, Palmer buys data from Bloomberg every six months, which comes with a data usage SLA associated with that license. Bloomberg has to comply with it and audits Palmer every six months to ensure it's compliant as well.
That would be a problem for Palmer if its data was managed in one enterprise data lake, with 10 business teams using it in different upstream data consumption platforms. But because it uses the framework, it can point to the access policies, controls and access audit regarding Bloomberg data while maintaining its platform flexibility for the data owners and data consumers.
No doubt we can expect changes to our digital landscape that will require ongoing transformation. Improvement and adaptation are never finished. But the right framework can position teams to excel no matter what initiatives they tackle — and create a foundation for a stronger competitive future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?