Best Practices: Governing Data in Multi-Cloud Environments

Like most things in the world of data, creating and maintaining governance policies in a multi-cloud environment requires constant compromise and negotiation.

Guest Commentary, Guest Commentary

September 9, 2019

5 Min Read
Image: WrightStudio -

I’ve asserted in the past that there’s no silver bullet for establishing data governance policies in multi-cloud environments. Here, I’ll offer some insight on why that’s the case, along with some guidelines for how IT leaders with multi-cloud environments can think about data governance.

Data governance is a bit like fitness: more than a destination, it’s an ongoing process -- a lifestyle, even. Just as you can’t get in shape over the course of six months and then be in shape indefinitely without further work, you can’t implement data governance policies and then ignore them and expect them to provide any benefit.

To realize the benefits of data governance, you must treat it as an ongoing process. This can be tricky because it means you must get executive buy-in not only for the initial gap analysis and policy development but also for the ongoing assessments and adjustments as your organization changes its technology or adds new cloud environments and applications.

While these basic principles of data governance are true anywhere, they’re even more important in organizations that rely on multiple cloud environments. This is largely because no two cloud providers have the same security capabilities or features.

The diversity of cloud provider capabilities is also why it’s important to think of data governance for multi-cloud from a policy standpoint rather than a tactical standpoint. Because of the constantly growing set of tools, changing philosophies, and varied monitoring capabilities available from cloud providers, it is important to ensure governance policies account for this and are updated frequently. 

To make sure your multi-cloud data governance policy stays up to date, be sure to include provisions for the following:

  • How often you will review and update your policy. This should be at least quarterly, but more frequently if there is a significant change in the business or cloud providers.

  • When and how the introduction of a new technology, product, or service will trigger a policy review. 

  • When and how policies will be tested.

  • When to evaluate alternative cloud providers vs. update your governance policy.

Data governance shouldn’t be overly simplified

Given the complexity that’s created when you treat data governance as a process, it’s natural to try to simplify that process by applying uniform data governance rules across an organization.

Unfortunately, that strategy doesn’t work.

Trying to have a data governance policy that treats all data types the same would be a bit like having a single cooking strategy for every type of food you bring home from the grocery store. You may want to grill your hotdogs, but that’s not going to go well for your oatmeal or your coffee.

This reality becomes unavoidable when working with multiple cloud providers. To determine when and how you might use the services of each, you must first know whether their data governance tools and procedures meet the requirements of your data -- not just hotdog and grill, but also the temperature each grill can reach and whether the people eating the hotdog keep kosher or vegan or gluten-free.

To use an example that involves data: imagine you plan to leverage multi-cloud to improve vendor resiliency.

If one cloud environment experiences a DDoS attack, you could shift affected services to another cloud. While the premise is simple enough, the execution gets complicated when you take data governance into consideration.

Each cloud environment has unique toolsets and monitoring capabilities. To ensure that your data is adequately managed from one cloud to the next, you’ll have to have a plan for how to uphold governance protocol in both cloud environments -- for every type of affected data.

That’s not an easy task, but it’s much easier when you have those governance protocols clearly laid out ahead of time.

As you consider how multi-cloud data governance applies to various parts of your organization, you’ll probably discover that it makes sense to consider governance issues during the environment or application design phase, when it’s possible to adjust to streamline future practices as much as possible.

For simpler solutions, rethink your infrastructure

I’ve just said that it’s unwise to oversimplify data governance policies for multi-cloud environments; however, I do tend to think the simplest solutions are the best.

As you consider cloud providers, look for those with functionalities that make data governance easier, including SAML integration and APIs that extend your role-based access. Look for tools that allow for automated data tagging and archiving to streamline your data lifecycle requirements.

Finally, ensure that the cloud provider maintains a rich set of tools to allow for visibility into how you may be complying with organizational policies. Steering clear of providers that don’t offer these capabilities will make your life a lot easier.

To further simplify your data governance, you may want to rethink your approach to the cloud altogether. A multi-cloud setup will require more complex data governance rules than a setup that involves two or fewer cloud providers. You may be able to achieve similar functionality by blending your virtualized environments -- say, VMware -- with a public cloud, or by combining in-house bare-metal servers with a private cloud environment.

Data governance is a balancing act

Like most things in the world of data, establishing and maintaining governance policies in a multi-cloud environment requires constant compromise and negotiation. As you establish and adjust policies at your organization, be sure to keep the big picture in mind.


George Nelson is the vice president of cloud services at ServerCentral Turing Group (SCTG). SCTG offers cloud-native software development, AWS consulting, cloud infrastructure, and global data center services.

About the Author(s)

Guest Commentary

Guest Commentary

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT professionals in a meaningful way. We publish Guest Commentaries from IT practitioners, industry analysts, technology evangelists, and researchers in the field. We are focusing on four main topics: cloud computing; DevOps; data and analytics; and IT leadership and career development. We aim to offer objective, practical advice to our audience on those topics from people who have deep experience in these topics and know the ropes. Guest Commentaries must be vendor neutral. We don't publish articles that promote the writer's company or product.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights