VOX

Remember back in the day of the centralized data center, how much easier it was to manage and govern data? Decision-making, security processes, control, and policy-setting were more centralized and streamlined, liked a walled garden.

The cloud has completely shattered this paradigm.

Data governance has emerged as a critical issue because of how much unstructured data is going in and out of the cloud. By its nature, the cloud is more open and decentralized – lending itself faster performance and flexibility. Relative to provisioning an application through traditional IT, it's almost too easy for business users to spin up cloud resources with a few clicks. Cloud storage is so relatively cheap and available. Petabytes of files—emails, texts, videos, documents, images—will end up in the cloud and likely never be used.

If organizations aren't paying close attention, the cloud can accelerate shadow IT growth—using apps, services, or storage without IT's explicit approval.

How are IT teams supposed to establish strong governance and control over potential shadow IT operations without negating the benefits of the cloud, such as achieving a faster time to market so that businesses can quickly adapt to changing market conditions?

Veritas' 2019 Truth in Cloud report found that nearly 50 percent of enterprises run almost half of their IT infrastructure in the public cloud. Additionally, more than 75 percent of enterprise IT executives want to run nearly all their applications on public cloud infrastructures.

Yet despite this rapid adoption of multicloud, many enterprises are struggling to define good data governance and protection best practices. The risks are enormous – outages and unplanned downtime, a ransomware attack against the end-user, and the possibility of compliance violations become terrifying unknowns that are easier to wish away and ignore.

Without proper governance controls, organizations risk collecting vast amounts of dark data in which they have no understanding of the value or risk, how it's collected, who is using it, and whether it meets compliance regulations.

Remember that there is no differentiation in your responsibility for data protection between cloud and on-premises data. Cloud service providers are explicit about sharing responsibility for data protection with their customers.

Governance blind spots

So, what are the governance blind spots for organizations once they move workloads and data to the public cloud?

Today's global organizations are diverse, with many specialized business units spread out over multiple geographies. There may be multiple teams, each coordinating cloud deployments, which inevitably leads to data silos. One department may have its own policies and procedures for managing data that are entirely distinct from another department that may have little to no policy at all, which makes it challenging to determine data governance roles and responsibilities 

Data silos make it impossible to have a company-wide view of data, which in effect, destroys the inherent value of a company-sized collection of data and limits opportunities to reduce costs or introduce new products or services. It's challenging to establish a universal set of controls and policies around data storage, sharing, and usage.

Good data visibility matters

The foundation of comprehensive data governance is good data visibility. It means eliminating silos and achieving an enterprise-wide view of unstructured data. Organizations can only make effective, data-driven decisions and establish the right controls if they know their data's age, location, and ownership.

Consider these approaches:

• Data Outside of the Cloud: Organizations can avoid significant headaches by proactively analyzing and classifying their data while on-premises before moving it to the cloud. Use analytics to cleanse and classify data and understand how the business is using data and its value. This approach allows organizations to pinpoint sensitive information that may be riskier to store in the cloud or eliminate information that has no value, ultimately reducing their cloud storage costs.
• Data in the Cloud: For unstructured data already being stored in the cloud, organizations should take a prescriptive and proactive approach to quickly identifying areas of risk and mitigate problems before they occur. These risks could include storing customer information in a cloud server that doesn't meet GDPR regulations or valuable data that isn't adequately backed up. Automated analysis and tagging of files to determine risk dramatically reduces the amount of time required to classify cloud-based data. Tagged data will help make more informed decisions about where to store data, what data can be confidently deleted, and what security level to impose for data that should be kept. Organizations can also impose better user access controls on information and respond more quickly to a compliance audit or report a data breach under regulations like GDPR.

Comprehensive data governance is about proactively managing information risk. How effectively organizations govern their cloud data will make or break their hybrid multicloud strategies. The glide path toward better cloud data governance begins with clearly understanding data through more effective and accurate classification, establishing tighter controls and policy-setting, and taking a value-focused approach to storing data in the cloud.

For more information on taking responsibility for your data, please check out the rest of our series.

Part 1: Cloud EULAs are Complex – Why You Need to Read the Fine Print

Part 2: The Top Dangers Lurking in Your CSP EULA

Part 3: Your Data is Still Your Responsibility – Even in the Cloud

Part 4: Don't Let Data Gravity Weigh Down Your Multicloud Initiatives