Cyber Security

Developments that will define data governance and operational security in 2022

Published

on

Satori shared its predictions for the near future of cloud-based transformation, detailing three major developments to watch for in the world of data governance and operational security over the course of 2022.

As cloud adoption accelerates in all industries and business intelligence & analytics go from cutting-edge luxuries to bottom-line necessities, many companies are finding themselves at a crossroads. With more data being moved to the cloud, new opportunities arise, as data can be easily connected with various cloud-based services, including BI, analytics and AI, ultimately delivering richer insights for data scientists, analysts and business users.

On the other hand, moving sensitive data such as personally identifiable information (PII), personal health information (PHI) and financial data to the cloud increases the risk of a data breach. It’s in this context that chief data officers (CDOs), data platform owners and other data professionals are thinking through big decisions and bracing for major change in the year ahead.

“To stay competitive in today’s data-driven economy, businesses are pouring more and more capital into making their data analytics operations smarter, faster and more agile than their competitors’, and moving data to the cloud is part of that strategy,” said Eldad Chai, CEO of Satori.

“But, in doing so, many overlook the most essential ingredients for data operations at scale – security and governance. Too often, business leaders make the mistake of viewing data governance as a constraint and policies as barriers to insight and innovation. In reality, security doesn’t have to slow you down. In fact, with the right tools and operational framework, governance holds the secret to supercharging growth by facilitating data democratization. This holds especially true when accompanied by cloud-based transformation, which allows business analysts and data scientists to get access to the data they need in minutes, rather than days. Data engineers and platform owners can streamline secure access to sensitive PII, PHI or financial data to eliminate manual processing and errors.”

DataSecOps will become a new standard

In a recent survey of C-Suite executives, researchers found that although 99% of businesses were actively investing significant sums into Big Data initiatives, only 24% of respondents felt they’d created a data-driven organization and/or culture. So, despite countless calls for data democratization over the past year and a half, and no scarcity of funding, it would appear that at least 75% of businesses have yet to make the dream of democratization a reality. However, there is hope. Thanks to recent advances in AI, and the introduction of the data mesh architecture, a solution is just over the horizon.

With its focus on decentralization and empowering the data consumer, data mesh is an obvious candidate for the framework supporting democratization. However, for the data mesh to function without the degradation of data security, organizations will have to put the principles and processes of DataSecOps into practice.

DataSecOps seeks to make security a continuous part of the data operations process, rather than an afterthought. And in a mesh model, where more teams and more stakeholders are engaging with data, the understanding of the importance of data security should be shared by virtually every member of the organization.

Its implementation will require organizations to adopt a collaborative framework, in which security is not only an issue for security teams alone, but a concern for everyone. In 2022, this streamlined DataSecOps solution, integrated with an intelligent data mesh architecture, will allow data democratization to be implemented at scale.

Over-privileged employees

Rapid cloud-based adoption and disruptive business models have led Unicorns to experience unprecedented growth in revenue and customer acquisition – especially within the fields of Fintech, Healthtech and internet services. Data operations have scaled up to meet demand, however, data security hasn’t kept pace.

A prime example of this is the data breach at Robinhood, in which an unknown third party used social engineering to glean information from a customer service representative over the phone. The bad-faith actor was able to gain access to sensitive customer support data, ultimately affecting over five million customers.

Clearly, the customer support employee was over-privileged, meaning they had access to more data than was necessary for them to do their job effectively. Startups, especially those experiencing rapid growth, such as Robinhood, often start off with trust-based data access policies, where employees are given broad access to data, which initially fuels faster decision making.

Moving forward, these startups will have to adopt more rigorous processes and tools for implementing data security as a core part of their data operations. Doing so, they will ensure that employees have access only to the data they need to do their jobs, while limiting and tracking access to sensitive data to minimize the risk of data breaches.

More sensitive personal data will migrate to the cloud

Analytics and AI leaders are looking to build and deploy next-generation solutions by leveraging cloud-based services in combination with sensitive personal data. The trend is being driven by cloud-based analytics and AI platforms, in combination with data stores such as Snowflake, Amazon Redshift, Google BigQuery, Databricks and Microsoft Azure Synapse.

Adoption is accelerating across organizations of all sizes. This poses an important question – “Is sensitive personal data secure in my cloud-based data warehouse, data mart, analytics or machine learning solution of choice?” Analytics, AI and machine learning leaders must figure out how to navigate and answer this question with confidence and to the satisfaction of information security, privacy and compliance teams. With the help of process improvements and new data access tools such as DataSecOps, sensitive data will be managed in the cloud securely — powering BI, Analytics and machine learning projects for faster insights.

Attackers target data via analytics and AI service providers

Hardly a week goes by without some high-profile data breach jeopardizing the security of user data. Data breaches aren’t going to disappear anytime soon. But we will see more data breaches target third parties – Data, Analytics, AI and Machine Learning services providers who are entrusted with massive amounts of sensitive data with PII, PHI and financial information. The massive misuse involving personal data of over 87 million Facebook users by the third-party analytics provider, Cambridge Analytica, in 2018 is a prime example of this type of risk.

Organizations of all sizes are leveraging cloud-based services for data, analytics, AI and machine learning. This trend drives innovation, but can lead to misuse of sensitive data, especially if the service provider has ad-hoc processes and tools for handling the security and privacy of said data. In order to scale up for explosive growth responsibly, data, analytics, AI and machine learning service providers will need data governance platforms intelligent and robust enough to mitigate data consumers’ occasional lapses in judgment.

All it takes is a blip of frustration, impatience, or worry for an employee to skip, overlook, or forget a practice or policy that leaves sensitive data exposed. An intelligent policy platform, on the other hand, never waivers in its vigilance. In 2022, those with the necessary security measures will make headway against the competition, while those without them will make headlines.

No matter what comes our way in 2022, there’s one thing we can be certain of – DataOps will undergo some significant changes. With so much upheaval taking place in 2021, it’s all but inevitable that organizations will be making changes to their operations. Whether it be democratization by way of intelligent data mesh, or the implementation of an intelligent data platform to safeguard against exposure, CDOs will be taking action in 2022. And those that don’t will surely be left behind.

Source: https://www.helpnetsecurity.com/2021/12/28/data-governance-2022/

Click to comment
Exit mobile version