Moving data to the Cloud and accessing its many applications for a number of functions that were once conducted on premise enables the enterprise to:
- Leverage limitless scalability and provision resources on demand
- Enable uniform access to data and pivotal enterprise processes regardless of location or time
- Reduce infrastructure and total cost of ownership while embracing a newfound agility
- Outsource time consuming security measures and their implementation.
The challenge of doing so in a manner that is most effective for the enterprise and its Data Management (and which utilizes the aforementioned advantages for Big Data and a number of advanced analytics options), however, revolves about crucial issues of governance pertaining to:
- Moving Data
Specific governance measures must be taken to ensure that these issues are addressed, so that the numerous benefits of leveraging the Cloud in the era of Big Data and the Internet of Things are not outweighed by regulatory complications and access problems in which well-groomed data swiftly becomes otherwise.
Without proper governance, regulatory concerns can become severely exacerbated by an organization’s decision to move its data to the Cloud. Regulations vary according to industry and geographic location. However, Cloud data is oftentimes held to different standards which may require additional certification than that for data stored on-premise. Larger Cloud service providers may have these additional requirements; less noted ones may not.
More importantly, there are privacy laws and regulations about where data is held. Although enterprises might access their data in the Cloud, depending on where that data is actually hosted and residing, as well as where users are accessing them from, regulatory issues may arise. This issue particularly applies to multinational companies and those with subsidiaries overseas. Governance councils need to be aware of the regulations that apply to their organizations, and denote where data will be held and accessed prior to selecting a Cloud service provider that adheres to its regulatory requirements.
The relationship between Data Governance and security is somewhat symbiotic: because of policies pertaining to access and definitions, well governed data is inherently more secure, while secure data does help alleviate certain governance issues. It is vital for governance personnel to outline what sort of security measures will be in place for data moved to the Cloud, and to ensure that they meet governance needs. Oftentimes, Cloud service providers have their own security measures related to access and fortifying the physical environment in which the data actually resides once moved to the Cloud. Governance councils are still tasked with making certain that those measures meet their own standards, and that those standards are still in place when data transitions from the Cloud back to on premises for integration and aggregation purposes.
Typical cloud security measures involve encryption, masking, tokenization, or some combination of the three. Tokenization is particularly effective for dealing with regulations pertaining to the location of data for entities in different geographic locations. Tokenization is the replacement of data with identification symbols for the purpose of security. In instances in which there are regulations about where data must physically reside in a particular country, tokens can be accessed outside of its borders to still grant access to the data’s relevant attributes while ensuring enterprise regulatory compliance.
Governing Service Providers
What organizations are actually doing when moving data to or accessing them through the Cloud is extending their governance programs, policies, and roles outside of their physical boundaries. In doing so they must effectively govern the service provider as it pertains to their data. It is essential to conduct a risk assessment prior to selecting a service provider and to evaluate how that provider’s Cloud services will impact the enterprise, as well as to appropriate measures to mitigate the latter as part of a risk management program. Additionally, it is valuable to examine the auditing and risk assessment program of a particular service provider, as well as any service organization control reports. The latter may contain information about external tests conducted on the operating efficacy of the service provider, and which can further influence an organization’s decision regarding providers.
Integration and Access
One of the boons of moving data to the Cloud is a degree of integration of data sources that exceeds that of on-premise deployments. Data can also be moved back and forth between a physical environment and the Cloud for further integration, while APIs can make it easy to share data between various applications. The ramifications for this ease of integration for Data Governance, however, are considerable. Without careful governance measures in place, API access between different systems can result in unwanted users having access to unauthorized data.
There are many different governance protocols and methods to restrict access to Cloud data and applications, some of which apply to on-premise environments. Governance councils need to provide documentation regarding the access of data based on roles and responsibilities, in particular for that which is accessible through the Cloud and APIs due to the cross-enterprise, collaborative use of such data. The tendency to utilize federated identification and single sign-on access reinforces this need.
In order to implement those rules pertaining to access for Cloud Data Governance, there are a number of tools offered by vendors that focus on Cloud data and mobile access. Many of these options involve:
- IT: Although moving data to the Cloud further displaces IT from its traditional role as gatekeeper of a company’s data assets, multiple products provide a visibility layer in which IT personnel can view who has access to what data and how they are being used. IT’s vigilance increases its role in Data Governance for data accessed through the Cloud and mobile devices.
- User and Data Type: Other offerings specify access to data according to user type, organizational role, and data element in an automated way that makes it easy to adhere to governance rules.
- Workspaces: Certain vendors have platforms in which users can partition their workspaces in the Cloud from disparate data sources, which enable organizations to decide who will have access to which sources and how.
These tools, when enhanced with additional security features such as masking, encryption, and tokenization, can provision and de-provision access to sensitive data based on governance policies.
Data Quality is of particular importance when accessing data through the Cloud, particularly as it pertains to integrating with on-premise sources and moving data between physical environments and the Cloud. Replicating data can be time consuming and resource-intensive (which makes virtualization technologies attractive), yet vital for integration purposes. Organizations can reduce data quality issues pertaining to duplication and currency by utilizing asynchronous, master-slave paradigms for replication between the Cloud and on-premise environments.
The Key to the Cloud
Effective Data Governance is pivotal for ensuring that an organization can reap the benefits of Cloud Computing. Without secure governance measures in place, the Cloud’s potential to reduce cost, increase accessibility and scalability are all but meaningless. The crux of Cloud Data Governance is accounting for the third-party service providers’ impact on an organization’s data which heightens issues about regulatory compliance, ownership of data, and security. By taking dedicated measures to govern the service provider and creating risk management assessments and plans, it is possible to extend enterprise governance beyond its physical borders while still implementing it principles for access and data integration with a number of tools designed for Cloud use.