Cyber Security and Data Protection
Data governance is essential when approaching cyber security or data protection.
To protect against threats, to comply with data protection and additional regulations, it’s crucial for organisations to know what data to protect and how to protect it.
Data governance allows an organisation to identify its the most sensitive and critical data and assign the necessary resources to protect it.
Being sure that no organization can be 100% secure and not many have the resources — people and financial — to fully implement, operate, and improve the necessary measures, the approach has to be, for most of them, to take a focused, risk-based approach.
The capability to have control of the data existing in an organization, enables that organization to reduce risks associated with data, to reduce costs with data related processes, it’s critical for regulatory compliance and of course will work as an enabler for analytical applications of data, assuring that timely, consistent, and trusted data is provided business to support critical decisions.
Successful data governance has always been a challenge for any organization, otherwise every organization would have them in place. But given the privacy regulations, the evolving threat landscape, digitization, and the expanding data perimeters, data governance rapidly evolved from a need to a requirement for organizations that need quality data, protected, and in compliance with data protection laws, but also to create the conditions to enable the capability to deliver reliable and timely data is available at the right time to the right people.
The reasons behind this slow adoption are easy to understand as the implementation of a data governance framework in an organization, can sometimes be an overwhelming challenge, highly disruptive and prone to failure, they can be expensive initiatives, time and resource consuming and span through long time frames, they can be deeply intrusive and disruptive, creating the natural resistance to change within the organization.
Most of times the reasons for failure can be associated with lack of leadership buy-in and commitment from the top management and poor cross organization involvement, lack of alignment with business goals and benefits or lack of focus on strategic data, but also for frequently being approached from a technological perspective.
When thinking of cybersecurity, data protection and data governance there is one common goal: to protect an organization’s data and that makes data governance an essential component in this process.
Knowing what data an organization has, where is stored, how it’s accessed and processed, who has access to it, when is used and why are essential questions that need to be answered when addressing effective cybersecurity and data protection.
Data governance processes will allow managing and controlling the what’s, where’s, how’s, who’s, when’s and why’s of data.
To protect data, organizations need to know what data to protect and how to protect it– It can’t be done without knowing what data it owns, where your data is, how it is used, who and with who it is shared.
Establishing a security perimeter is no longer a solution, considering that in this moment that perimeter has expanded in a way that can no longer be controlled using the usual approaches. Today that perimeter includes suppliers, cloud vendors, partners, etc.
How can this be controlled without starting at the core?
Being able to control what data an organization has, where is stored, how it’s used and accessed, and who it is shared is the objective.
The question is, if the work had been done prior to the increase of cyber attack challenges and privacy regulations, wouldn’t this transition be less painful?