[BreachExchange] The four most important things to know about data governance

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 3 21:21:12 EDT 2016


http://readwrite.com/2016/05/03/four-important-data-governance-sl2/

In the 2011 film Moneyball, Jonah Hill plays Oakland Athletics Assistant
General Manager Peter Brand. He approaches General Manager Billy Beane
(played by Brad Pitt) with an idea: the low-budget, low-talent Athletics
can compete with the top teams in the league if they harness the power of
data and apply it to player selection. To call Major League Baseball
“old-school” up to that point would be an understatement. Despite initial
resistance, Brand’s approach is eventually embraced, leading to the
Athletics’ success. The disruptive power of data changed the game of
baseball forever:  today, there are entire conferences devoted to sports
analytics.

There are other great examples of the power of data. On the consumer side,
there’s Nest – a company that understood how something as simple as
temperature control could become a technological hub for the home.

Or how about the recently announced Juicero – a $700 Wi-Fi enabled juice
press that lets you know when juice expiration dates are approaching. And
the list goes on: Wi-Fi enabled children’s toys, driverless cars, or the
wildly popular Nike+ with its millions of connected athletes.

This connectivity also extends to our work lives and what we’re calling the
‘digital workplace’ – ironically still not paperless, but connected through
the Internet of Things (IoT). The premise is simple: the amount of data,
created by both human (unstructured data) and machines (structured data)
has exploded. Today, all companies are data-driven companies. Organizations
need to prepare for this flood of information with data governance plans.

Data is being collected from more sources than ever and decentralized
between cloud and on-premise storage. There’s a lot on the line:
organizations who don’t understand how to make use of their internal and
external data can impede productivity, put their corporate reputation at
risk, miss business opportunities, and suffer data loss and breaches.

When defining and implementing a data governance plan there are several
considerations for companies, including how and what to monitor, who has
access to information, where it is stored and what they can do with it.

As these things typically go, the first step is admitting you should
address this problem even if complex and intimidating. It’s an interesting
dilemma: the explosion of data is an issue created by technology that will
only be solved by technology. And it requires companies to get smart about
their content.

Industry is embracing IoT

The construction industry is a great example. This industry centers their
business around the phrase “time is money.” Construction firms operate on
razor thin margins and know that project delays lead to cost overruns which
cut into profits for a given project.

This is also an industry that hasn’t exactly lived on the cutting edge; an
industry that up until recently functioned on paper. It functioned on a lot
of paper: architectural files, contracts, and change requests generated an
enormous amount of physical files exacerbate by the physical silos between
remote job sites and head offices.

Today, the market leaders in this industry are brilliant examples of how
businesses should move with the times. They have embraced file-sharing
solutions in an effort to collaborate in real-time. While some industries
have been slow to embrace the cloud, the construction industry understands
its promise: real-time access from anywhere and a single instance of the
truth when it comes to the mission critical documents.


Construction equipment manufacturers are also embracing IoT. There are
obvious technologies in play: GPS, fuel consumption and idle time tracking
all add to the bottom line in terms of fuel savings. A large construction
company also experimented with Google glass in an effort to look at
blueprints through the glasses and work hands-free.

When the cloud collides with your data

One of the less talked about areas is what happens when all of this data
hits the cloud. Whether it’s human-generated or machine-generated, it all
gets stored somewhere – these days it’s likely in the cloud even if there
are still a lot of legacy data on-premises. There are four key pillars in
securing data that revolve around who can access it, how it’s secured,
where it’s stored and how long it’s kept.

Access control is about ensuring the right group of people has access to
the right information at the right time. Organizations should consider the
“least privilege access” security model that grant access to the strict
minimum set of users that really require it. Access control also enables
organizations to flag content open to all and limit its exposure to prevent
data leakage.

Encryption is at the center of conversations that have moved from the
server room to the boardroom. Beyond blanket encryption of documents,
consider “selective” encryption that enables extra protection through
encryption for a sub-set of content (e.g. sensitive data containing
personal information) to ensure privacy. This content will stay encrypted
no matter how, when and with whom it is shared, and requires a different
decryption key only owned by the individual owner to access.

Data residency is an important consideration for organizations. We’re in an
era of the need for data sovereignty. All data, whether generated by
machines or people, is subject to local regulations. Government requests
for access and privacy shield regulations are forcing companies to ensure
data residency within certain geographical boundaries.

Data retention is an important bookend to an overall content governance
strategy, not the afterthought it’s thought to be. It’s about ensuring
compliance in areas like legal hold, financial record keeping or
requirements to destroy or delete documents at the conclusion of a project.

As we move more towards a truly digital economy, the amount of data being
generated by machine to machine interactions and by people will continue to
increase. Companies who harness the power of this data and consider how to
safeguard it will thrive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160503/7bf85769/attachment.html>


More information about the BreachExchange mailing list