Cloud data integration is very common, as evidenced by the rapid growth of well-known cloud data warehouses such as Redshift and Snowflake. Of course, the fulcrum supporting the remote work environment in the past year has accelerated this trend. Cloud migration brings valuable cloud data. According to Forrester’s Jennifer Belissent, this resource is a medium priority for 61% of organizations and a critical or high priority for 25%. The need for cloud data insights not only magnifies the role of the chief data officer (CDO), but also makes it vital that the CDO and the chief information security officer (CISO) work together to ensure that data remains secure through the analysis pipeline. Everyone has many responsibilities, and the success of an organization lies in the balance between the two.
On the one hand, the CDO is excited about the influx of new data and the insights that the company can gain from it, and must ensure that these newly mined assets do not become a source of risk. The CISO has an unfortunate task of saying, “Not that fast. Needs What is clear is that both views are legitimate. Companies can gain keen insights by analyzing and sharing the massive amounts of cloud data they create, but doing so without proper protection exposes the company to higher data Leakage risk and related regulatory fines.
So the question is, how can organizations extract the most significant return on investment (ROI) from data while maintaining top-notch protection standards?
Looking for CDO-CISO “Happy Media”
The key to satisfying both CDO and CISO is to build data-centric security controls in the analysis pipeline to protect data during creation, transmission, storage, and processing. Doing so allows the organization to take full advantage of the data, while ensuring that it is protected when shared internally and outside the organization. Here are five ways to maximize the use of data while protecting it, regardless of usage.
Identify data values
Every piece of data that enters the cloud environment should be considered when it is created and given its value. Doing so helps to prioritize its importance to the organization and guides data management methods. Customer purchase insights, intellectual property, and proprietary information are examples of data that should be prioritized, such as office-wide policy memos or annual holiday schedules.
Assign risk score
Sometimes data does not provide critical insights, but it is very sensitive—for example, customer social security numbers, credit card numbers, and other personally identifiable information (PII). A risk score should be assigned to all data to determine the degree of protection. It is important to remember that determining the level of risk is not always at the discretion of the organization-privacy regulations, such as GDPR, CPRA, and HIPAA, outline which data sets should be considered the most sensitive.
Implement appropriate protection methods
Data protection is not a one-size-fits-all claim-many factors determine the method of protection. The value of data and risk score are two key determinants, but how and where the data is used must also be considered. As we discussed, unstructured data that enters the data analysis pipeline (such as raw transaction logs, images, and text documents) requires less protection than refined and structured data that exits the pipeline. When participating in data sharing activities, protection methods are more important. In these activities, data values can be analyzed without revealing data-related PII.
Determine the access control strategy
Many organizations adopt a zero-trust security approach, which, as the name suggests, means not trusting anyone inside or outside the network. A key element of this method is to require an access control policy to specify who can and cannot access specific data in a specific format, and to adopt a fail-safe policy where the default state is to deny access. Strict access control can greatly reduce exposure risks, especially when data becomes more valuable through analysis pipelines and data sharing activities.
Monitor data throughout the life cycle
Any form of data represents risk. Organizations that vigilantly monitor data can detect anomalies early and proactively adopt mitigation strategies to completely prevent data leakage, or at least limit damage.
CDO will tell you that the prospects of cloud computing seem to be unlimited, but CISO will refute and remind you that the risks of data exposure are also unlimited. In today’s data-driven business environment, CDO-CISO dynamics are the key to leveraging the value of data. By implementing data analysis techniques that include best-in-class protection methods, organizations can satisfy both parties in the aisle.
Ameesh Divatia is the co-founder and CEO of Baffle, Inc., a company that provides encryption as a service.He has a good track record in turning difficult-to-build technologies into successful businesses, and sold three companies for more than $425 million in services… View full bio