The Emerging Gap Between Data and Governance
Data is a company’s greatest asset. It can also be its greatest risk. Every year, enterprises face devastating financial, reputational, operational, and legal consequences as a direct result of data leakage. Security teams invest a meaningful amount of time, capital, and human resources to ensure that proprietary data stays proprietary. One of the primary way enterprises protect their data is through data governance – the creation and enforcement of policies that determine who can access what data and when. Sounds simple, right?
Consider the following example: A customer support representative needs to access customer data to provide support. Unfortunately, giving all support reps permanent access to customer data is risky. Ideally, you want reps to access data for only a specific customer, and only when a corresponding support ticket is active, and perhaps only for certain types of customer data, and perhaps only for a subset of your reps, and perhaps there are certain regulatory rules that need to be obeyed given the customer’s location. Then you realize this customer data sits in four different data warehouses. On top of that, you need a mechanism to automatically turn this access off when the support ticket is resolved. The amount of complexity associated can be enormous…and this is just for a single policy.
Today, enterprises use a variety of home-grown and tool-assisted solutions to provide data governance. Unfortunately, these solutions can’t keep up and enterprises are forced to take shortcuts, often exposing their data in the process. In parallel, the modern data estate is evolving, and data governance is becoming increasingly hard due to the following macro trends:
- Growing number of data stores: It’s not just data that is growing, the places where data is stored are growing too. For the modern enterprise, data exists across multiple databases, data warehouses, and a long tail of applications. An optimal data estate is often one that is expansive, but data governance, by definition, needs to be unified.
- Growing adoption of AI: AI, specifically GenAI and LLM’s, introduce a new medium through which data is supplied, queried, and retrieved. The architecture of these AI models and tools makes it incredibly difficult for enterprises to set and track policies and permissions. And this is just the tip of the iceberg. Agents will eventually be able to access data and take action, and security teams will need a way to govern this emerging wave of tools.
- Growing regulation: Regulation, for better or worse, is here to stay and will increase over time. Top-down data privacy and protection regulations are further accelerating the importance of granular governance within the enterprise.
While data governance is not a new problem, the pain points around modern data governance are new and increasingly frustrating. A next generation platform is needed to address the needs of the modern enterprise.