The cloud has become one of the most popular hosting destinations for businesses, thanks to the decentralized provision of modern, cost-effective computing resources. In particular, there has been a sharp rise in cloud-based data warehousing, due to the abundant storage capacity and easy scalability of these server instances.
Despite these benefits, there is still a requirement for comprehensive data governance in the cloud. Effective data governance requires you to have a thorough understanding of the interactions made between employees/customers and your existing datasets. This includes how your current policies and processes may affect compliance, and constant re-analysis of said policies as laws and regulations change over time.
Let’s discuss some best practices for your cloud data governance policy.
Prioritize Data Discovery and Classification
Proper analysis and categorization of information can significantly reduce the risks associated with the storage of sensitive data. This process involves understanding the relationships between your datasets and modeling them in a way that improves your ability to extract insight. As a minimum, you should ascertain key qualitative attributes such as:
Both the owner and creator of the data
The creation date
The size of the data asset
How sensitive the asset is
Understanding this information will allow you to improve the relevance of query results, and determine the best place for storage of these datasets on your network. When categorizing the asset by sensitivity, you can also restrict access to specific employees, reducing the risk of information being mishandled internally.
With GDPR and CCPA, knowing the owner and storage location can significantly improve your response times to freedom of information requests. This also simplifies adherence to data deletion requests, as you can quickly pinpoint where the information is and who owns it.
Pay Attention To Data Quality
Consumers pay less attention to the accuracy of data during input when compared to internal staff. This could be as simple as using the upper-case on names, but regularly includes incorrect address formatting and the omission of area codes on phone numbers.
Proper data quality governance can help you maintain accurate and useful records against customers. This will require you to create specific validation controls aligned with your industry demands.
You should pay close attention to:
Accuracy – Is the data current? Does the customer still have this phone number, address, etc?
Consistency – Is there a discrepancy between differing stored datasets? Does Jane Doe live at X address in both your customer service and finance department databases?
Conclusive – Are you fully populating all relevant data fields on this person, to maximize insight?
Compare – How does your data quality compare when measured against pre-established standards like ISO 9000:2015?
Validation – Does the address contain a zip code, state? Does your phone number contain letters? Be sure to validate your datasets to maximize their potential, and avoid errors.
Multi-Faceted Data Protection
Hiding access to sensitive information behind a specific user account is not enough in the current IT landscape. There are many ways in which data can be compromised online, and you need to take a multi-faceted approach to cybersecurity when dealing with sensitive information.
Encryption At Rest – This is typically aimed at archived storage, and requires that proper security protections are in place to protect dormant datasets. The best way to achieve this is full disk-based encryption, so even in the event of physical theft, your data is obfuscated without knowledge of the correct password.
Encryption In Transit – This is particularly important during financial transactions or transmission of identity documents like passports. In the past, it has been possible to intercept network traffic containing sensitive information, resulting in a data breach. Using standards like Transport Layer Security (TLS), Secure Socket Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS) will encrypt all information going in and out of your network, protecting you and your customers from attackers. Do note: Google has been penalizing websites that don’t use HTTPS since 2017, displaying a security warning before you can access the site—a considerable deterrent for potential customers!
Become a Master of Data Governance with Trianz
Trianz is a leading IT consultancy firm specialized in Data Governance management. We have decades of experience working with clients to create security-focused IT strategies, both on-premises and in the cloud.
The stakes have never been higher when it comes to data protection. Your finances, reputation, and customers are on the line. That’s why we work with you to identify and implement industry-leading solutions that guarantee adherence to regulations like GDPR, CCPA, HIPAA, and PCI-DSS.
Get in touch with our consulting team, and find out how you can secure your Data Governance strategy today!
