- Return on Security
- Category Report: Data Access Governance
Category Report: Data Access Governance
Data is the currency of business, and as trends in privacy and cybersecurity grow, it becomes increasingly important to govern access to that data.
Why It Matters
Data without Data Access Governance is the Wild Wild West. Data Access Governance protects who can see and use sensitive information so companies can stay compliant with evolving privacy laws and maintain consumer trust.
Terms You Might Also Hear
Many companies were built to collect data, but not necessarily to store or provide risk-based access to that data.
Cloud architectures do not always make access provisioning more clear. Data is still fragmented and siloed in separate systems with limited visibility, context, and security controls, making appropriate access difficult.
Enter the Data Access Governance platform market space.
Data governance ensures the integrity, availability, and usability of data at every stage of the data lifecycle. Data Access Governance is a critical piece of this governance process.
Ensure the right people have access to the right information at the right time. Regulatory and compliance requirements can make this even more critical.
Data Governance platforms have the capability of supporting complete policies on data management, providing distributed stewardship, providing centralized auditing and report generation, and helping provide fine-grained controls on data access at a massive scale.
Data privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) call for a unified approach to managing data assets throughout the organization. Data access governance is at the heart of successful programs.
Players in the Space
This issue focused specifically on players in the structured and customer data space.
There will be further fracturing and segmenting of the data technology landscape and open source contenders. The data world loves tools, and it loves open source.
Data engineers: webdev has too much tool churn how do you get anything done
Also data engs: Hadoop Hbase Hive Hudi Kudu Impala Presto Arrow MapR BigQuery Redshift Snowflake Snowplow Snowball Superset Spark Firebolt Looker Airflow Oozie Azkabhan Dagster Dremel Druid dbt Airbyte
— swyx (@swyx)
Jun 20, 2022
Rebranding. Many players already doing data classification, data discovery, and data scanning at the endpoint and network layers will rebrand themselves as Data Access Governance specialists.
Data Privacy Architecture will emerge as a sub-specialty. The person who can help companies meet at the intersection of designing systems to support cybersecurity, big data analytics, legal, and compliance requirements will win the day.
Continued separation of worlds. Some players will attempt to bridge the gap between the structured and unstructured data world and won't be good at either. You're selling to two different kinds of buyers.
Data Access Governance is to data as Zero Trust is to identity.
Offer Simplicity. The field of data is immensely complex and can involve more technologies as compared to other disciplines.
Move upstream. Be the mechanism that enables handling the Data Subject Request (DSR) process to support data privacy laws.
Let AI/ML help with context on the data access requests. It’s impossible to understand the risk or value of data assets without context, and applying AI/ML can uncover unique behaviors and patterns.
Onboarding for data scientists is slow. Data scientists spend more time getting access to usable data and setting up their environments than extracting value and insights. Limitations on how to consistently and securely provision access to this data are often the culprits, and there’s an opportunity here to increase productivity AND security.
Hello [Blockchain], my old friend. Data lineage and access rights, a la distributed ledger technology, can track the data as it moves and changes across your environment.
Plug data access governance platforms into productivity platforms like O365. See where your data goes after it leaves the structured data platforms and uses that to decide on remediation and future access decisions.
As the volume and velocity of available data continue to increase, providing the appropriate data access becomes more challenging.
Data access governance platforms can and should be a solid complement to a Data Loss Prevention program and implementation.
Data Access Governance platforms can help with upstream data privacy requests. Optimizing your data access governance can improve your overall data privacy strategy.
Unstructured data gets lost in the “data exhaust.” 95% of business happens at the unstructured data level, so what happens to this data after it gets released past these data access governance platforms?
And never the two shall meet. The divide between enterprise data organizations and cybersecurity teams is great, yet both parties need this kind of solution. The product-market match is unclear in this case, where two very different audiences are being addressed.
There is a gap between where data privacy technologies, processes, and regulations belong and where they are, leading to massive amounts of "privacy debt." A data access governance platform is a step in the right direction on that problem.
What type/size/stage company should leverage these platforms?
Startups - this kind of platform shouldn’t even be on your radar.
Small and Medium-sized Businesses (SMBs) - This may start to be an edge case if you have many different products or service lines collecting data and have to deal with privacy requests very often.
Larger Companies - This should be an essential part of your enterprise data strategy.
What makes one of these platforms “good?”
Good platforms in this space are the ones that actually make cloud migrations easier to adopt and more secure and are data tool-agnostic.
Strong connections in data science and Business Intelligence tooling alike.
Out of the Players listed, who are the top to consider?
Okera and Immuta
Thanks for reading this far!
This post is not meant to be a particular endorsement for any one player or company in this product category but is instead intended to be an industry-level primer. At the time of writing this post, I have no active investments in any of the companies mentioned above.
If I missed something (or am just wrong), let me know!
If your company is looking to get in front of a highly curated, hard-to-reach, and sought-after audience, consider sponsoring Return on Security.