In part one of this series, we talked about how 2020’s massive increase in the use of cloud data platforms lead to organizations rushing to get to the fastest “time to data and insights”. This meant they were left with no option but to consider data governance and security last, which is massively problematic not only for regulatory reasons but for financial reasons as well. So part one was more about the problem; this article will address the solution.
Step one: data discovery and classification
A multi-cloud data governance and security architecture starts with the data generated and where that data is stored. Data sources can span between OLTP databases to large data sets used for data science. These databases exist across multiple cloud data platforms (Snowflake, AWS Redshift, Google BigQuery) as "fit for purpose" databases for analytics, operations, or data science. Data observability, governance, and security is applied from the ingestion point and ends in the exfiltration of data by various data consumer types such as business intelligence solutions.
The discovery and classification of data across multiple cloud data platforms and data sources is paramount. Once data is discovered and classified, you may introduce automation to apply governance and security policies based on security and compliance requirements specific to the business. Sensitive information is stored in a tokenized format and replaced with keyless and map-less reference tokens.
Step two: observe and control data access in real-time
Data consumption and analytics components of the architecture may observe data access in real time and provide intelligence for stopping both credentialed breaches and erroneous access to data from applications and services used by data consumers such as data scientists, analysts, and developers. Any anomalous behavior should be blocked, slowed down, or reported to the security operations center and initiate a workflow in a company's security orchestration, automation, and response (SOAR) services.
The architecture's data governance and security components must support different business goals such as data monetization, revenue generation, operational reporting, security, and compliance while promoting data access performance and "time to data." In other words, the best multi-cloud data governance and security architecture are invisible but very active when it needs to be.
2021 is the year
As we proceed into 2021, there is no sign of slowing down data generation, storage, and consumption. Think about IoT data generation, storage, and protection. This shift into the edge is going to be massive! An Andreessen Horowitz article calls for the “The End of Cloud Computing” , and with good reason. Peter Levine (Andreessen Horowitz) rightly says, “Data Drives the Change, Real World, Real Time”. With this massive change in structured, unstructured, and edge device data, Business leaders should positively incentivize organizations to establish multi-cloud data governance and security architectures now. 2021 is the year.
A properly designed and implemented multi-cloud data governance and security architecture will significantly reduce costs and introduce automation around data discovery, classification, and security. With this architecture, you will know how much data risk exists. Once you know the risks, you can Implement governance and security policy once and apply it everywhere. Marrying this with automation into your security operations center (SOC, SOAR) will be very important to ensure you can respond to real data security threats in near real-time.
So that’s why we’re here! We’d love to show you firsthand how ALTR’s Data Security as a Service can help your organization reduce costs and introduce automation around data discovery, classification, and security.