How to Make Data More Accessible at All Levels With Access Controls and Strong Governance

BrandPost By Joan Goodchild
Dec 03, 2018
Data Center

Supporting a Data-Driven Business Begins with Understanding Where Data Sits and Who Has Access

istock 919564302
Credit: istock

What tools, process, and training should organizations put in place to make data more accessible at all levels of business while keeping in place governance of that data?

Data is the driving force for virtually all of today’s business decisions, and tools and processes must ensure that access to that data is available on demand. In order to maximize productivity and make decisions, users need to be able to aggregate and correlate data without having to navigate through complex security controls.

Decisions about people, processes, and technology are influenced by innovation, compliance and risk, but these drivers can often be in conflict. The right tools supported by effective policies can enable business users to make better data-driven decisions and result in a positive impact on the bottom line. To understand what organizations need to make data more accessible while maintaining data governance and reducing security risks, we reached out to industry experts.

Change your relationship with Big Data

 “A shortage of data is not a problem for most organizations, but a lack of resources or discipline to manage this crucial information continues to plague most companies. Many companies fear Big Data as a never-ending collection task whose revenue potential can never be fully realized so much of that data simply ends up archived and forgotten,” says Scott N. Schober (@ScottBVS), President/CEO Berkeley Varitronics Systems, Inc.

“Implement specific data management functions within their organizations and assign a Chief Data Officer (CDO) to oversee them. When staff is properly trained on how to analyze, monetize and ultimately secure their data, they can effectively establish their organization to compete in the future of Big Data.”

For Kevin L. Jackson (@Kevin_Jackson), Founder of the GovCloud Network, changing the relationship to data starts with cataloging and classifying. “Effective data classification is paramount! This also requires explicit governance around data ownership and implementation of data centric security technologies.”

Isaac Sacolick (@nyike), President of StarCIO and author of “Driving Digital,” says business leaders should be supporting a data-driven organization by encouraging employees to ask questions and analyze data. “To accomplish this, technology leaders should look to democratize data by establishing data catalogs and dictionaries along with policies and procedures to gain access.”

Supporting a data-driven business starts with understanding what data you have and who should have access to it, but organizations also need a clear process for granting and denying access.

Establish roles and privileges to reduce risk

“It is very easy to give access to data but it can be meaningless and misused if ungoverned,” says Tristan Bailey (@tristanbailey), Head of Development at Holdingbay. “Security and reducing the amount of non-governed data is very important.”

Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology, shares a similar perspective. What’s needed is an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”

Relying on innovative technologies like cloud computing platforms, to artificial intelligence, and machine learning will help to mitigate the risk of compliance fatigue, experts say.

The right tools and environments enable success

As technology becomes more intuitive and user-friendly, the right tools can grant access to data at all levels without requiring extensive user training.

“When laying out a roadmap for any data-oriented initiative, understand that governance, policies, and regulatory issues are the first step in defining the boundaries, or guardrails. Think of it as what we must do (policies) vs what we can do (technology), recognizing that technology should enable process and agility, not define them,” Fred McClimans (@fredmcclimans), Futurum Research + Analysis.

Cybersecurity journalist David Geer (@geercom) would agree, recommending “tools that enable business users to ask natural-language questions of the data make data more accessible to everyone. This approach should minimize the need for training. Secure those tools with mature IAM controls that you can easily audit to maintain data governance,” Geer says.

“A data-driven organization is made up of people that are using data, information, and skills to make more informed decisions. Cloud computing  applications and platforms are great tools to make this  happen since they are environments of collaboration and data integration where people can analyze and use information like never before,” says Roberto Messina (@RoeMessi), Sales Leader at Oracle.

Rachel Tracy (@rachelbtracy), Owner of Rachel Tracy Communications says,First and foremost, companies need user-friendly tools with custom dashboards that make it easy for people at all levels to see the data that’s relevant to their role, with administrative controls at the site and organization level to protect access and editing privileges. If it’s data you want people to monitor on a regular basis, the software should require minimal training. You shouldn’t have to be a data scientist to create and share a report.”

Understand where the data sits and how it moves

In addition to knowing who has access to data, it’s also important to define policies that ensure compliance with regulatory requirements throughout the data lifecycle.

“Increasing accessibility to data first requires an understanding of where data moves within applications,” says Tim Mackey (@TimInTech), Senior Technology Evangelist with Synopsys.  “While sysadmins and operations teams are more aware of requirements placed on their organizations from regulations like HIPPA or GDPR, they likely don’t have awareness of how applications use data. To solve this, organizations should look to tools which analyze applications for API usage and data transferred to third parties.”

The bottom line

To become a data-driven enterprise, you need to spend as much time on data quality and enabling broad, but carefully governed access as you do on data collection. Having intuitive tools and dedicated processes are essential to gaining a clear picture of what data exists, who should be allowed to access it, will not only help with security and compliance but also result in a far higher level of trust in the data being used to drive decisions.

To learn more how you can gain greater visibility into your data pipelines and enable broader, governed self-service access, visit Talend.