1. Solution Value
This GigaOm CxO Decision Brief was commissioned by Privacera.
Data security and access governance has surged as a primary concern for all organizations, regardless of industry or focus. Data privacy regulations—and the demand for consumer rights—are increasing at the international, national, and local levels. The rate and severity of data breaches are also growing, along with the number of valued data sources external to the enterprise. Additional pressures include business demands for faster time to insight for analytics, which are often unmet because of privacy and security concerns that delay or prohibit users from accessing necessary data.
Data security and access governance alleviate these issues by providing timely, secure data access that complies with regulations, enhances internal security, and fulfills business needs. By providing a single pane of glass for governing distributed data sources and enforcing access policies within source systems, Privacera excels at solving these challenges. The solution automates vital aspects of discovering, classifying, and tagging sensitive data while providing obfuscation methods to protect data with features for monitoring, alerting, auditing, and issuing reports for data access.
2. Urgency and Risk
Failure to account for data security and access governance can result in steep regulatory compliance penalties, litigation, loss of reputation, and customer churn. It also makes valuable data sources inaccessible to the business, translating directly into lost revenue, higher costs, greater inefficiencies, and a failure to meet business objectives. Not long ago, granular access-based security was considered nice to have. Today, it’s a mandatory concern for C-level executives across industries.
Risk
While solution’s like Privacera’s drastically enhance an organization’s data security and access governance posture, deployment scope and focus creep remain dangers. The platform’s endless possibilities can tempt management into taking on more than it can handle, resulting in missed timelines, delayed implementations, and a lower ROI.
3. Benefits
The primary benefit of credible data security and access governance is that organizations can get the right data to users in a timely fashion, while avoiding data privacy and regulatory compliance woes. When going with Privacera, mastering this aspect of data-driven processes means:
- Improved accessibility and time-to-value: Faster, secure access to data means enhanced value and productivity. Data scientists, for example, can quickly build better models to meet business goals, and marketing and sales personnel can get the data to effectively microsegment their customer base and improve revenue with targeted offers.
- Streamlined data access policy management: Organizations become more proficient at writing, implementing, and organizing secure data access policies. Privacera enables companies to write policies once and deploy them within various sources. Other approaches require constantly writing and maintaining policies for each data source in silos.
- Improved data privacy and regulatory compliance: Users are empowered to meet the mounting demands of data privacy and regulatory compliance, enabling them to avoid missteps like Amazon’s nearly $900 million GDPR fine.
4. Best Practices
The key to maximizing the ROI of a data security and access governance platform is to avoid overfitting by starting with small, high-value use cases. Obtaining support from requisite governance and security personnel throughout the organization is also important. Specific measures include:
- Obtain stakeholder buy-in: Success greatly depends on compiling business and technical requirements from all stakeholders, including CDOs, data governance councils, security personnel, analytics users, the business, and IT teams.
- Target easy wins: Avoid trying to secure the entire data ecosystem immediately when using Privacera’s solution. It’s far better to take a system-by-system approach, prioritizing use cases that show immediate, tangible business value.
- Leverage data stewards: The involvement of data stewards is crucial to reinforcing data security and access governance, which allows them to manage policies so that those familiar with business requirements oversee who is using data and how.
5. Organizational Impact
Adopting Privacera’s data security and access governance approach allows organizations to become much more data-centric in achieving their core mission objectives. The shorter time to value for data access, and newfound ease of policy creation and implementation, allow companies to expand the number of data sources used for business processes.
This means that organizations can use more of their data than previously, heightening the valuation of data while the nascent data culture in the business matures. End users will trust data more, while security and IT teams become more confident that access is compliant and consistent.
Data stewardship then takes on renewed significance for data governance. With their business knowledge of what data requests are for, data stewards and owners become responsible for directly facilitating access. A modest amount of training is required to get stewards versed in granting access requests with the new system. Similarly, IT and governance personnel must learn to configure the UI to encompass all sources within a single pane of glass.
People Impact
Privacera’s unified platform allows IT, data owners, data stewards, and the business to establish a federated governance model where data owners approve access via automated policy creation—while retaining centralized visibility and guardrails. Proper implementation lets users concentrate on what they do best. The impact will be most profound on IT teams tasked with securing data sources according to data governance requirements. These users will benefit from the reduced time writing policies based on user and data attributes, shifting focus toward monitoring and auditing data access.
The automated, repeatable measures for discovering, tagging, and classifying sensitive data gives users more comprehensive protection of data resources—enabling them to do their jobs better. IT is no longer the bottleneck because data stewards with knowledge of the business requirements for data grant access, speeding time to access for end users. Data stewards become more active in data governance implementation, shifting from after-the-fact auditing to enabling business users. Expenditures on non-compliance, data discovery, and policy writing decreases while the business optimizes returns on data with informed decision-making and action.
Investment Outlook
Pricing hinges on the number of connected sources and active users on the data platform. The number of active users relates to the number of analysts accessing the data source, which correlates to the amount of active analyst requests the platform is securing. These are stipulated in the contract with Privacera. This information is applied to one of two deployment options—a SaaS solution or a self-managed model for users that have strict data residency and control requirements. Applying these options to the number of data sources and users results in value-based pricing that correlates to how extensively the solution is used throughout the company. In either instance, pricing risk is minimized because organizations get what they pay for in terms of the platform’s management model, user base, and source amounts.
6. Solution Timeline
As each organization’s business requirements for data are unique, so too are its data security and access governance requirements. Depending on the number of sources, users, and regulations organizations account for—and the complexity of the deployment—implementation typically takes two to three months.
Plan, Test, Deploy
To deploy within three months, organizations should have a general idea of Privacera’s capabilities and the order they are to be implemented. Companies must first locate and identify sensitive information and then map it to specific security and governance requirements dictated by regulations and organizational needs. The data is then obfuscated according to access policies inside of source systems. There are also capabilities for monitoring and auditing data access.
Plan: Companies create their project plan and determine data sources and systems to be integrated. It’s also necessary to specify milestones for the implementation plan and set up the developer environment for the solution.
Test: Next, users configure and integrate the respective data sources and systems, then test them to ensure that they are working properly. Implicit to this step is setting up the testing and production environments, onboarding users, training them in the system, and configuring the Privacera install with Privacera manager.
Deploy: Deployment involves rolling the platform out in a staged manner, going from system to system or group to group. This typically involves additional onboarding and user training before full implementation.
Future Considerations
As data privacy regulations continue to escalate, users can anticipate Privacera employing broader artificial intelligence and machine learning capabilities for data discovery, management, and analytics. As data governance gets more federated into self-service models, the paradigm shifts from managing policies as code per physical data source, to managing policies by intent based on logical data objects, like data domains, that might correlate with a business function like marketing or sales. The solution will also expand the diversity of sources and security frameworks it supports, while enhancing its ease of use and delegation of authority for policy management.
7. Analyst’s Take
The demand for data security and access governance is horizontally applicable to all organizations and their customers, driving the need to protect data with secure access control mechanisms. The true challenge involves implementing enterprise-scale access control fast enough to meet business needs while accounting for the assortment of source systems and deployment environments. Privacera meets all of these needs with its ability to write policies once and deploy them in any source while providing a central console to manage all data security and access governance activities.
8. Report Methodology
The GigaOm CxO Decision Brief
This GigaOm CxO Decision Brief analyzes a specific technology and related solution to provide executive decision-makers with the information they need to drive successful IT strategies that align with the business. The report is focused on large impact zones that are often overlooked in technical research, yielding enhanced insight and mitigating risk. We work closely with vendors to identify the value and benefits of specific solutions, and to lay out best practices that enable organizations to drive a successful decision process.
9. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
10. Copyright
© Knowingly, Inc. 2023 "CxO Decision Brief: Data Governance" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.