How an organization manages cloud data depends on who needs access to it, how often, from where, and for what purpose.
In planning governance policies and processes, businesses must take into consideration the needs of the teams protecting the data and the teams using the data, as well as the teams paying the bills.
Security, business, and finance teams all play a role, and everyone's role includes being a good data steward -- it’s not just IT’s responsibility anymore.
Jake Reichert, vice president of engineering at Yotascale, says organizations should put in place automated and continuous data discovery processes, including one that remediates any personal data according to corporate policies and consumer preferences.
“If you use multiple cloud providers, invest in a third-party cloud cost management solution to get a unified look at cost as well as more granular views broken down by business unit, team, or product line,” he says.
When the organization knows what or who is driving cloud cost, it can collaborate with those consumers on usage, optimization, and governance policies that ensure business value is being derived from cloud workloads.
Karl Martin, chief technology officer at integrate.ai, adds a key step is to understand and plan for the intended ways in which value is to be extracted from the data assets before implementing a new data management scheme.
“Historically, investments into general-purpose data management tooling, such as data lakes, were made without a full understanding of how value was to be extracted,” he says.
The strategy often assumed that it would be “figured out later”, which has produced disappointing results for organizations where there is a struggle to map a potential wealth of data assets to business problems.
“In some cases, the data management systems do not contemplate the demands of modern machine learning systems that would be a center of creative experimentation for data scientists and owners of lines of business,” Martin explains.
Security Plays a Key Role in Data Management
Martin says data security (and, closely related, data governance) is a necessary layer across the entire data management roadmap.
It ensures that data access -- the who, what, and how -- is compliant with all relevant policies and contracts.
“Ultimately, it serves as a key enabler to ensure that data systems are trustworthy and that only authorized people and systems have access,” Martin says.
Without appropriate investment in data security -- including frequently updated expertise and tooling -- data management has no “teeth” and would introduce significant risks into an organization.
Reichert agrees that security at every level is a critical component of cloud data management.
“A data breach, whether accidental or intentional, can result in serious legal, financial, and brand damages,” he says. “But to get the most ROI from data initiatives, you must balance security with usability, and that's best achieved at the data security level.”
He adds that fortunately, there are many good security tools on the market to help manage security at the data level, from encryption and masking to role-based access control.
Hank Schless, senior manager of security solutions at Lookout, a security service edge (SSE) provider, says organizations need to ensure that their security strategy considers that data becomes more complex as everyone works in cloud-based apps with different data types from different locations and devices.
“It used to be that data was confined to the four walls of your office building or wherever you’re on-premises servers were located,” he says. “Now, we can access sensitive data from anywhere through the cloud or web-enabled apps.”
Schless explains that security and data management teams should be working in stride to ensure data isn’t moving anywhere that the existing security team can’t protect.
In addition, acknowledging the way employees access and handle data is critical to any modern security strategy.
“Organizations are looking to consolidate the solutions that monitor and protect data to prevent security gaps that could lead to a data breach,” he says. “Combining data security and data management best practices will also help organizations ensure their alignment with complex data compliance and privacy laws.”
Multiple Stakeholders as Data Management Models Evolve
Aaron Turner, CTO of SaaS Protect at Vectra, says business process owners, compliance leaders, and security leaders should all be working together on a coordinated strategy.
“The business leaders are generally pushing to do more faster, compliance leaders are trying to keep up with data protection requirements, and security leaders are hanging on by their fingernails as new technologies are being introduced,” he says.
Combine all those challenges together and there is now a much greater need for periodic data protection audits and penetration tests than before.
This means that responsibilities that could have been a part-time endeavor for certain stakeholders will now become not only full-time jobs, but perhaps will require significant staff augmentation to keep up with the pace of change that moving critical data to the cloud causes.
Integrate.ai’s Martin adds that there are many roles involved in planning cloud data management investments, spanning strategy, policy, IT implementation, and IT operations.
He says historically, IT and privacy would be the primary stakeholders, with much of the focus on implementation and operations while ensuring that governance requirements are met.
However, as the industry matures, there’s increasing focus on better predicting ROI and operationalizing data value extraction.
Martin adds that in the most advanced organizations, where machine learning techniques are increasingly used as a means of extracting value from data, there are opportunities to predict and measure business impact in a much more accurate manner.
“It's no longer sufficient to look at cloud data management as simply an IT cost center, but to understand and forecast value generation for the relevant lines of business,” he says.