Business

Security and accessibility are not mutually exclusive in the modern data stack

Published

on

Insights from data analytics have become necessary for effective business decision-making. This has led to a growing call for data democratization. That said, given the catastrophic data breaches and data mishandling grabbing headlines practically every other day, businesses are understandably preoccupied with securing their data.   

As a result, many businesses are facing a seemingly impossible choice. Do they relax data access rules for the sake of democratized access and risk exposing organizational security? Or do they preserve strict security guardrails at the expense of collaboration and innovation? This choice is even more complex given the vast amounts of customer and company data that is stored in the cloud.

Business leaders and security executives do not have to choose — security and accessibility are not mutually exclusive. Data access and data governance need to work in harmony. So why haven’t most organizations figured this out yet? Because the modern data stack has severe friction points. There’s a lack of consistent, enterprise-wide visibility into where sensitive data is, who is accessing it and whether it’s compliant. Data must be democratized and governance centralized. 

It’s time to re-evaluate the modern data stack to relieve friction points and ensure both accessibility and compliance. By automating security workflows and controls across data stores and integrating into self-service access, productivity and innovation will thrive. 

The Modern Data Stack & Its Move to the Cloud

There’s no shortage of tools that companies can use as they build out their data stack. In fact, the global enterprise data management market size is expected to grow by nearly 14% to reach $208.87 billion by 2028. 

Just as the number and variety of data management tools increase, so do the number and variety of storage architectures. First came data warehouses, then data lakes, and more recently, data lakehouses that combine the best of both. And a newer approach to data management known as data mesh is now gaining traction

Whatever architecture is being used, data-driven organizations look at their data as an engine for insight, growth and competitive advantage. To become even more agile and competitive, companies are modernizing their data infrastructure and operations by moving data to the cloud, democratizing it along the way. Gartner has estimated that 75% of all databases will be deployed or migrated to a cloud platform by this year, with only five percent ever being considered for a return to on-premises infrastructure.

A modern, cloud-native data stack allows companies to access, store and query expansive datasets quickly and cost-effectively, but it comes with challenges. The top concerns for organizations operating in the cloud include data loss or leakage (44%), staying compliant with relevant regulations (26%) and managing user roles and permissions (26%). And, almost three-quarters of organizations hosting data or workloads in the public cloud experienced a security incident in 2020. 

So how does a company enjoy the benefits of democratized data, and still remain secure and compliant? A data governance strategy has to be part of the modern data stack. By “invisibly” embedding security and governance into data operations (a relatively new concept known as DataSecOps), leaders will enable data democratization and reduce risks. This needs to be a collaborative framework between security, GRC (governance, risk and compliance), data engineering and other teams.

Cloud Data Governance 

Consumers have been living their life “in the cloud” for a while now, but the pandemic really shifted the operations of the enterprise to the cloud. The public cloud market is expected to reach $482 billion by the end of 2022. Professionals are reliant on services like Zoom, G-Suite and other cloud-native apps. Accessibility, storage, scalability, affordability, connectivity, collaboration — these are all benefits of running businesses in the cloud. That said, there are risks that come with these benefits; the core challenge is managing all this data in a secure, efficient and compliant way.

As enterprise data continues its mass migration from on-prem environments to the cloud, the demand for streamlined, secure and accessible operations is growing. This acceleration in cloud adoption brings the promise of increased data accessibility. However, enterprises are also more acutely aware of certain concerns that come with storing all this data in the cloud:

●      Will the data be secure? Storing data in the public cloud has inherent risk. Assurance that it will be kept private and protected against theft or exposure is critical.

●      Will the data be compliant? Companies need to feel assured that cloud providers will adhere to regulations including GDPR, CCPA and others.

●      Are there built-in controls? Data assessment tools and security tools are key components to look for in a cloud provider.

●      Will the data be truly accessible? Proper, automated controls and permissions must be in place to monitor who is accessing the data, while still allowing access to the data on-demand.

Data is a business’s biggest asset — don’t let it become a liability. In today’s regulatory environment, democratized data can become a severe liability without proper data governance. Not only can businesses incur significant regulatory penalties, but they can experience irrevocable harm to their reputation. With data’s shift to the cloud, it’s critical that companies have a solid cloud data governance strategy in place to address these concerns. According to Google, “Data governance is everything you do to ensure data is secure, private, accurate, available and usable. It includes the actions people must take, the processes they must follow, and the technology that supports them throughout the data life cycle.”

Application security and cloud security services make sure data is safe and private. But, data governance is needed to ensure the data is accessible and controlled. Access controls and security are most often implemented manually, with ad-hoc solutions per data store, preventing data teams from taking full advantage of the cloud and modern data architectures. This one-database-at-a-time approach is too time-consuming, risky and, frankly, not scalable. A centralized, “invisible” approach to data governance will enable enterprises to ensure that proper permissions and data security are built into the foundation of data operations, without interrupting accessibility.

With a comprehensive data governance strategy, companies will make more informed decisions, enhance regulatory compliance, better manage risk, manage resources more effectively and keep data highly accessible. Companies can finally achieve security and compliance goals faster, and spend less time developing and maintaining ad-hoc access and security controls.

The Rise of DataSecOps

History repeats itself. The transition of applications to the cloud and the development of software in a more agile way brought about DevOps, which — a few years and several data breaches later — sparked the realization that security needs to be embedded in the DevOps process. Thus, DevSecOps was born. It took a while for data to follow suit and move to the cloud, but a DataOps mindset is now emerging. 

With data ingestion, preparation, processing and consumption now happening in a more agile way, the teams handling data need to have more skills in scripting, automation, testing, integration and production deployment. And so, just as DevOps brought about DevSecOps, so too has DataOps created the need for DataSecOps. 

DataSecOps is an evolution in the way organizations treat security as part of their data operations. It is an understanding that security should be a continuous, automatic part of the DataOps processes and not something that is added as an afterthought. If security considerations are not inherent in the entire process, from design to monitoring, it can lead to adverse effects like project delays (when security issues are finally revealed), or worse, compliance and security risks.

DataSecOps ensures complete visibility and control over data flows from the security and access management perspective, and provides a seamless experience for gaining access to data. In fact, DataSecOps is the enabler of data democratization. Successful enterprises automate the integration of security at every phase of the data lifecycle and centralize data governance across all data sets, both on-premise and in the cloud. The more people who have access to data, the higher the risk level for the organization. Security should be a shared responsibility that is embedded into the DataOps process to keep data safe, private and compliant — and accessible to the right people.

Enjoy That Cake

In the past two years, companies have moved their data en masse to the cloud to enable collaboration amid remote and hybrid work models. This distributed approach allows for accessibility and insights like never before. Democratizing data and removing gateway bottlenecks has many benefits. But unless the data is being centrally managed and governed, it remains vulnerable and puts the company, employees, customers and reputation at risk.

A modern data stack includes centralized data governance. Having this “DataSecOps mindset” streamlines enterprise-wide data access across data stores, and secures sensitive data in the cloud. Because small teams handle large amounts of data operations, manual work means bottlenecks and increased risks. Automation and testing are largely what separates a successful and secure data operation from a failing one. 

Data can only be valuable when it is used and managed properly and given the respect it deserves. DataSecOps asserts that good and agile data governance is part of a healthy and secure data operation. By adopting centralized governance practices like universal data classification, access controls, audits and policies, companies can have their cake and eat it too.

Source: https://www.securitymagazine.com/articles/96995-security-and-accessibility-are-not-mutually-exclusive-in-the-modern-data-stack

Click to comment
Exit mobile version