Data governance strategies for today's evolving IT landscape
As industry professionals recognise that data has become both an asset and a liability, securing, managing and ensuring only the necessary personnel have access to the required data has become just as critical, if not more so, than actually managing the lifecycle of the data itself.
While mass amounts of data were migrated to cloud platforms in the past year to enable efficient remote access during the pandemic, organisations were tasked with finding solutions for expanding their existing governance practices beyond the traditional IT environments. This includes implementing standards for managing data and entitlements, and making data security all-encompassing, all while ensuring staff can operate as close to business-as-usual as possible.
The pandemic drove a major uptick in remote working, in turn exponentially increasing risk, with everyone attempting to enable remote access for their employees at maximum speed. Mismanaged entitlements exist regardless of employees’ physical location, but when employees were in an office, there was a natural incentive to adhere to office rules and to not do bad things with the unmanaged entitlements that may exist.
When employees moved to working-from-home environments, that natural incentive disappeared. With the speedy shift to cloud that we noticed during the transition to remote work, the entitlements mess simply travelled to an area where the data doesn’t live within an employee’s four walls. The risk is now exponentially greater.
The remote workforce lured more organisations to take advantage of cloud capabilities, using third-party vendors like Office 365 and AWS. Cloud benefits such as long-term cost savings, collaboration capabilities and scalability are undeniable, but organisations need to make sure they are abiding by stringent regulatory requirements, especially within highly regulated industries such as financial services. With new technology in the cloud, auditors are starting to poke around and assess these systems much earlier than they traditionally have in the past.
This means that infrastructure departments are going to have major challenges when they find out that they are not compliant, even with internal policy, and security teams will have to significantly expand their resources to investigate and prove security compliance across the board. The reality is that a lot of companies are putting more focus on making sure their employees can work remotely, leaving the access control piece as an afterthought. Organisations are now realising that while a “lift and shift” approach may have been immediately necessary, they must now revisit the topic of standardising permissions in these new environments and ensure a least privileged access model is strictly adhered to.
Executives and leadership teams across all organisations need to make sure they are prioritising and proactively implementing an effective data governance strategy as the data landscape continues to evolve. We are also increasingly seeing more software companies focus on the data governance and security space, which tells us this is a real pain point and an urgent need across many enterprises.
What a successful data governance strategy needs
It starts with analysing every part of your data, providing an inventory of all these assets and organising the metrics and analytics in a consumable fashion. Additionally, violations to core security policies must be highlighted, i.e., open or excessive permissions. Accurate ownership across the data is equally important, especially as organisations are building out their evergreen processes such as regular entitlement reviews. Finally, defining and implementing a Target Operating Model, all while remediating key risks, must be part of the process in an effort to ensure you stop the bleeding while having a solution to ensure your environment stays secure and compliant. The real risks that will get your organisation on the front page of a newspaper are needle-in-the-haystack vulnerabilities. It’s incredibly important to go wide and deep, as many of the issues surrounding data breaches, causing financial and reputational harm, are buried deep in the data repositories and cannot be found and fixed with superficial solutions.
Not all companies have the same needs for compliance, but all companies have a need for security, and therefore have a need for a governance policy. We are in a world where data is only going to continue to grow. Knowing where it resides, who has access and what is being done with it needs to be understood. Whether for compliance or security or both, companies must have a plan in place to deal with their information.
Data is a critical asset and needs to be protected. Specifically, entitlement sprawl across the data platforms is a known issue that is top of mind with CIOs and CISOs. In order to solve the entitlement issues, companies need to have visibility, understand clear and not so clear violations, have a process to remediate in an automated fashion and develop a communicated and constant evergreen process to deal with the dynamic nature of entitlements.
Re-evaluate your data governance strategies now
These projects can be daunting, but it is imperative that companies, large and small, start now before the issues get completely out of control. There is no such thing as a perfectly governed environment, but having the appropriate policies in place and adhering to them goes a long way to mitigating any issues that may arise through a data breach or loss. Most importantly, there needs to be processes in place for ensuring that all the remediation you’ve done does not go to waste. Make sure there are clear processes for ongoing maintenance, including entitlement reviews, access authorisation workflows and infrastructure reporting.
Data Reform Bill announced
Delivered by Prince Charles on 10th May 2022, the Queen’s Speech made clear the government’s intention to reform the UK’s data protection regime by introducing legislation which, according to the government’s explanatory notes, will “take advantage of the benefits of Brexit to create a world-class data rights regime”.Read More
CIH responds to Government plans
The Chartered Institute of Housing (CIH) responds to Government plans to revive Right to Buy for housing association tenants. Coverage over the last few days suggests that Government is considering reviving the Right to Buy scheme by giving people the chance to purchase the properties they rent from housing associations at a discounted price. Read this article for their thoughts.Read More
Social landlords and the pandemic
'What happens when the rule book is taken away’, commissioned by PlaceShapers , We are whg and the National Housing Federation, looks at how social landlords responded to the pandemic and its prospects. The report summarises seven lessons for the future for social landlords and shows that new ways of working "gave the opportunity for greater insight and empathy into tenants’ lives".Read More
Social Housing Regulation Bill: Are the Reforms Enough?
Social Housing Regulation Bill: are the government’s reforms enough to transform the sector? The government has published some draft legislations and set out a plan for rebalancing the landlord-tenant relationship post-Grenfell. Stephen Delahunty for Inside Housing unpicks the proposals.Read More
The 30th edition of the CIH UK Housing Review
The UK Housing Review is a key resource for housing professionals, leaders and policymakers across the public and private housing sectors in the UK. The Review brings together the most important housing statistics for England (and its regions), Wales, Scotland and Northern Ireland.Read More