Remember back in the day of the centralized data center, how much easier it was to manage and govern data? Decision-making, security processes, control, and policy-setting were more centralized and streamlined, liked a walled garden.
The cloud has completely shattered this paradigm.
Data governance has emerged as a critical issue because of how much unstructured data is going in and out of the cloud. By its nature, the cloud is more open and decentralized – lending itself faster performance and flexibility. Relative to provisioning an application through traditional IT, it's almost too easy for business users to spin up cloud resources with a few clicks. Cloud storage is so relatively cheap and available. Petabytes of files—emails, texts, videos, documents, images—will end up in the cloud and likely never be used.
If organizations aren't paying close attention, the cloud can accelerate shadow IT growth—using apps, services, or storage without IT's explicit approval.
How are IT teams supposed to establish strong governance and control over potential shadow IT operations without negating the benefits of the cloud, such as achieving a faster time to market so that businesses can quickly adapt to changing market conditions?
Veritas' 2019 Truth in Cloud report found that nearly 50 percent of enterprises run almost half of their IT infrastructure in the public cloud. Additionally, more than 75 percent of enterprise IT executives want to run nearly all their applications on public cloud infrastructures.
Yet despite this rapid adoption of multicloud, many enterprises are struggling to define good data governance and protection best practices. The risks are enormous – outages and unplanned downtime, a ransomware attack against the end-user, and the possibility of compliance violations become terrifying unknowns that are easier to wish away and ignore.
Without proper governance controls, organizations risk collecting vast amounts of dark data in which they have no understanding of the value or risk, how it's collected, who is using it, and whether it meets compliance regulations.
Remember that there is no differentiation in your responsibility for data protection between cloud and on-premises data. Cloud service providers are explicit about sharing responsibility for data protection with their customers.
Governance blind spots
So, what are the governance blind spots for organizations once they move workloads and data to the public cloud?
Today's global organizations are diverse, with many specialized business units spread out over multiple geographies. There may be multiple teams, each coordinating cloud deployments, which inevitably leads to data silos. One department may have its own policies and procedures for managing data that are entirely distinct from another department that may have little to no policy at all, which makes it challenging to determine data governance roles and responsibilities
Data silos make it impossible to have a company-wide view of data, which in effect, destroys the inherent value of a company-sized collection of data and limits opportunities to reduce costs or introduce new products or services. It's challenging to establish a universal set of controls and policies around data storage, sharing, and usage.
Good data visibility matters
The foundation of comprehensive data governance is good data visibility. It means eliminating silos and achieving an enterprise-wide view of unstructured data. Organizations can only make effective, data-driven decisions and establish the right controls if they know their data's age, location, and ownership.
Consider these approaches:
Comprehensive data governance is about proactively managing information risk. How effectively organizations govern their cloud data will make or break their hybrid multicloud strategies. The glide path toward better cloud data governance begins with clearly understanding data through more effective and accurate classification, establishing tighter controls and policy-setting, and taking a value-focused approach to storing data in the cloud.
For more information on taking responsibility for your data, please check out the rest of our series.
Part 1: Cloud EULAs are Complex – Why You Need to Read the Fine Print
Part 2: The Top Dangers Lurking in Your CSP EULA
Part 3: Your Data is Still Your Responsibility – Even in the Cloud
Part 4: Don't Let Data Gravity Weigh Down Your Multicloud Initiatives
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.