Open source and cloud storage capabilities remove these limitations and change the drivers for data storage decisions. With the physical limitations removed and costs significantly lower, the decision to keep data (or not) is primarily driven by business value or potential business value. It is important that governance maintain discreet guiding principles for data storage, especially in centralized storage environments such as a data lake.
Guiding principles may include these examples:
- Data stored must have defined business purpose, even if not immediate.
- Redundant datasets will not be maintained in central data storage.
- Contributing data source must be rated prior to data ingestion.
These principles will mitigate the temptation to store anything and everything because “we might need it someday.” Governance of a data lake is necessary. Governance of a data swamp or data landfill is costly, if not impossible.
Privacy and Security
Privacy and security are strong focus areas for traditional data governance. However, emerging technologies broaden the scope of what must be protected and secured, requiring significantly greater emphasis on privacy and security than ever before. While the terms “security” and “privacy” are often used interchangeably, they are not the same.
Security programs must protect the confidentiality, integrity, and availability of all data assets the business creates, acquires, and maintains. Security specifically applies to protecting the data; privacy specifically addresses protecting entities, such as the business or individuals. Privacy programs ensure that individual’s rights and interests to control access and use of their personal information are upheld and protected.
A privacy program is dependent upon a successful security program and cannot exist without one. Privacy requirements may inform policies in an overarching security program, but the security program determines the technology and processes to implement the appropriate protection and controls. Best of breed security and privacy programs will ensure Privacy by Design. Absent embedded privacy, the hefty fines imposed for non-compliance with emerging government regulations such as the EU’s General Data Protection Regulation (GDPR), makes addressing privacy non-negotiable for businesses.
When it comes to IoT, security is paramount. The frequent and ongoing addition of devices and systems ?constantly creates new vulnerabilities. IoT is a hacker’s paradise. While, ultimately, it is the data the business must safeguard, to accomplish this, businesses must secure and protect the network and all touch points where data travels. With IoT, data security is no longer just about access and permissions on a given system. The protection of data now incorporates network segmentation, device-to-device authentication, data encryption, data masking, and cybersecurity monitoring. That’s far more than traditional data governance programs ever envisioned.
And, while IoT pushes the boundaries of data security, AI and ML introduce new aspects to privacy. AI and ML technologies have the ability to learn, as well as to generate data that has not been explicitly provided by an individual. Even with anonymized or depersonalized data, AI and ML can be used as methods to generate personally identifiable data and circumvent existing privacy constructs. These capabilities of AI and ML are similar to superpowers with the ability to do good and evil. As Spider-Man’s Uncle Ben is often (erroneously) credited with saying, “With great power comes great responsibility.” With AI and ML, it is the responsibility of the business to increase transparency and accountability to ensure privacy and the perception thereof is maintained.
What’s Ahead
Emerging technologies present businesses with enormous opportunities for innovation and growth. But with these new opportunities come increased risks and liabilities. In order to maximize the potential of these technologies, the approach to data governance must also shift radically. The focus must move from standards, conformity, and control to accountability, extensibility, and business enablement. Here are some ways to help facilitate the shift from a traditional to a progressive data governance program that can keep pace with rapidly advancing technologies.
Make Data Onboarding/Ingestion Easy
Onboarding data sources or ingesting new data into the enterprise should not be a heavily constrained task. If data governance policies require data to conform to standards or meet specific levels of quality prior to onboarding, the level of difficulty for introducing new and unique data will be too great. The goal should be to bring as much data into the enterprise as quickly as possible to begin data exploration and evaluation.