Data Governance Essentials

In the early days of data governance, most data was centralized putting governance in the domain of the core IT and data management teams. As regulatory controls increased, some organizations made governance the responsibility of the Head of Risk or Chief Risk Officer (CRO).  More recently, as the role of the Chief Data Officer (CDO) has expanded, the CDO often owns or shares responsibility for data governance.

Most well-designed governance programs are steered by a committee that combines technical, operational, and business owners.  This committee will work together to create the guiding principles for governance within the organization and assess risks.  Data stewards are typically the people responsible for carrying out the day to day implementation and enforcement of the policies.

It is important to recognize that data governance is not simply a packaged piece of software.  It is a framework that implements policies and processes that are a part of the overall governance program. Underlying software and technologies can provide the tools to help implement the framework, but it is up to the data governance team to put in place the policies and processes that best suit their organization.

A good framework will often include the following principles:

• Availability/Usability – This aspect ensures that data is available to the right people (see security/access) and is in a highly usable form.  The data needs to be available to the business teams that need it, and it needs to be easily structured and consumable.
• Security/Access – Because many governance policies are reactive to potential breaches or misuse, security, and access control are always a critical aspect of governance.  But there is a fine line between limiting access to data for reactive governance reasons and expanding the use of data to get more business value from it.
• Use – Like security, how data is used is a double-edged sword.  It is critical to audit how data is used to ensure there is no misuse and regulatory compliance.  But the ability for other business or analytics teams to see how data is being used can supply them with new, legitimate business uses for data, thereby expanding the value of the data.
• Knowledge – Sharing knowledge about data is a core principle for data governance.  The more data literate teams are, the better they make decisions on how to properly use data.  This also ensures that teams are properly able to interpret what the data is telling them to make sound decisions from it.
• Trustworthiness – The last aspect of governance is determining the trustworthiness of data.  This is highly related to the knowledge that is shared, as well as metadata about where the data came from and how it has been successfully used.  Trust in data goes a long way in the confidence of decisions made from the data.

Data security and governance are often intertwined.  Most frameworks start and end with determining the access controls and security needs of datasets.  This is especially critical in highly regulated industries such as financial services, telecommunications, healthcare, and insurance.

Security is also intertwined with all the other principles in a data governance framework. For example:

• Data needs to be effectively classified to best determine what degrees of security it requires.  Effective classification comes not just from technical metadata, but also the knowledge sharing that goes on around data.
• Data usage and auditing need to be linked back to security controls and data availability. This provides a 360-degree view of how data is being used ensuring detailed audits, proper use, and compliance reporting.

Data governance tools come in four general categories:

• Overall data governance tools and catalogs – several tools focus on providing a wide array of governance features.  They are often classified as data catalogs but can be labeled as data governance tools as well.  This includes independent vendors such as Collibra and Alation, or larger companies with broad product portfolios such as Informatica (Intelligent Data Quality and Governance) or IBM (Watson Knowledge Catalog)
• Specific point tools – there are a variety of point products that focus on specific points within a governance framework, providing easy to use functionality for that aspect.  This includes vendors such as Okera and Impeva, both data security-focused.
• Capabilities within BI platforms – some modern BI platforms include some governance capabilities.  This includes vendors such as Tableau (Tableau Catalog).
• Capabilities within data platforms – many data or cloud platforms include data governance features.  We previously mentioned Informatica and this list also includes cloud vendors (AWS, Azure, GCP).  Datameer is another data platform that includes a deep suite of governance features.

Datameer provides a deep suite of security and governance features and is intentionally designed NOT to replicate already-in-place governance mechanisms but instead work with these controls. These capabilities are well matured from Datameer’s ten years of experience working with large enterprises in highly regulated industries requiring deep security and governance.

Cloud and hybrid environments can create security and governance gaps due to capability mismatches between on-premises enterprise and cloud platforms.  Datameer’s deep security and governance features ensure you get the same robust governance in the cloud and you would expect on-premises.

Datameer also integrates with enterprise and cloud security, offers asset-level controls and encryption on the wire and at-rest.  It fully integrates with Snowflake security to protect all the data.

From a governance standpoint, Datameer provides many key capabilities:

• It maintains multiple forms of metadata both technical and business level, and full lineage on assets helping data stewards track what makes up an asset.
• It can apply properties on data assets ranging from system-level ones, user-defined properties such as status and use standardized tags to mark assets for custom governance status.
• It uses AI to detect Personally Identifiable Data (PII), flag the data as PII and enable specific PII handling controls to be put in place.
• It supports a complete audit trail of all aspects of the system including the full details of any component and how the data is used (queried).