What are the challenges? And how difficult are they to solve? Here are the key points:
- Compliance Optimization
- Compliance Drift
- Long data access fulfilment times
- Data democratisation
- Data observability
- Managing structured & unstructured data
Compliance Optimisation:
The reality is that when considering data access governance organizations frequently oscillate between two extremes: Overly restricting data access to the point of smothering innovation by over masking thus limiting its business value, or leaving data access more exposed that necessary which could lead to potential data breaches
The ways of achieving compliance:
- Locking the data down to the point where innovation and business agility is suppressed
- Employing rooms of people to manually check and repeatedly check data access requests against governance and regulatory rules whilst incorporating tribal knowledge
- By sticking your head on the sand and hoping…which is not uncommon
- By deploying a DSP (Data Security Platform) to police and optimise data access requests…BUT without AI based automation ‘based on observational learning’, you’ll still need considerable manpower to ensure compliance ‘at pace’
Compliance Drift (…staying compliant):
We say that attaining compliance is a snapshot in time – business operations change, as do regulations causing the phenomena known as compliance drift, which can unknowingly expose sensitive data to unauthorised employees
Another aspect to compliance drift is the emergence of Dark Data – which are the information assets that organizations collect, process and store during regular business activities, derived from protected tagged and classified data, but stored in an unprotected manor…leaving it exposed and unsafe to unauthorized access – again leading to potential data breaches
Long data fulfilment lead times
Typically, when talking to customers, it can take anywhere between 6 to 16 weeks to fulfil a data request – depending on the size and complexity of the data set, and sensitivity level and exposure risk.
The data request passes through multiple approvers and checkpoints because of the fear of making a mistake and adhering to internal governance processes – Paradoxically, CDO’s are measured on agile flow of data and related monetisation.
This Is a major bottleneck for businesses, impacting competitive edge and bottom line.
Data Democratization
Coupled to ‘time to fulfil’ is the growing demand for data democratisation – applying self-service concepts and functional capabilities to specific data set needs as well as for generic data products which requires policy-based access control over outdated role based access controls – if scale is to be achieved without significant manpower.
GOAL: Safely providing companywide ‘self-service’ access to enterprise data and generic data products at speed, whilst considering complex access management policy rules and regulations – enabling data monetisation at true scale.
Better data Security observe-ability
For many CISO’s, CDO’s and Compliance Officers – having a single view of all corporate sensitive data spanning multiple lines of businesses, which database it resides in, what data access policies that data is attached to, who has access to those policies, and what anomalies exist across similar data consumers – is a utopian position. We call this the Data Control Tower…something that alludes many organisations today.
Structured and unstructured data
Unstructured data volumes are exploding, and this could include emails, word documents, PowerPoint presentations, information in S3 buckets and SharePoint as an example – And whilst there are market vendors that undertake the discovery and classification of unstructured data – there are few vendors that manage both data types on a single platform – from discovery and classification to the assignment and automation of data access policies giving uniformity of control.
Is Velotix the answer?
Velotix addresses all 6 of these areas. Our AI-powered Data Security Platform automates the enforcement of the right policies, by way of observational self-learned policy optimisation so that you can grant optimised, ‘accelerated’ data access safely to the right data consumers with confidence, whilst monitoring for compliance drift. Our self-service portal hosts data products and uses AI to again manage access requests enabling true data democratisation. Our Data Control Tower is the ‘eye in the sky’ – and we are now well into our unstructured data journey, now stepping towards Gen AI to simplify how businesses interact with their sensitive, regulated data.