Technology Insights HOME | Perspectives on Technology Trends

Technology Insights HOME

Perspectives on Technology Trends

Search

ARTICLE

3 mins to read

Managing Data Governance in a Cloud-Focused World

Views
Larger Font
3 minutes to read

The rate at which companies are amassing data is staggering. More than half of organizations today (57%) have production workloads running in the cloud, and with the number of new devices being introduced that create and consume data and transmit it to the cloud, it has become critical to have some type of cloud governance program in place.

However, one of the most challenging elements of such a program is how to manage an organization’s sensitive data. This data could encompass anything from bank account and credit card numbers to HR payroll data. Misuse or negligent handling of this information could cost companies tens of thousands of dollars per record lost in a potential data breach. Besides monetary consequences, we’ve also seen how disastrous a data breach can be to customer confidence. Cloud governance is nothing to scoff at!

When the stakes are this high, it is understandable that companies are reluctant to trust the cloud. Gartner predicts that “through 2020, 95 percent of cloud security failures will be the customer’s fault.” However, cloud providers have made significant improvements to their security offerings over the last five years. This means that with proper planning and preparation, you can still reap the benefits of cloud efficiency and agility while maintaining appropriate levels of security.

Cloud Classifications

The types of cloud services on the market today can be classified into two categories: enterprise and consumer. An enterprise cloud service is one that meets current standards for security, application management and level of integration. Microsoft leads the field, delivering five of the top 20 most-used enterprise cloud services, with products such as OneDrive, Exchange Online, SharePoint Online and Skype for Business. Consumer cloud services include popular social media sites such as Facebook, LinkedIn and YouTube.

These services rely heavily on cloud infrastructure to deliver massive amounts of content on a global scale, a characteristic organizations may not consider when sharing their sensitive data. What’s important to note from a governance perspective is that compared to enterprise cloud services, consumer cloud security is lacking, with only five percent of the top 20 services offering enterprise-grade security.

As organizations prepare to create new governance policies, it is helpful to understand which types of cloud services are being used across the company. A log-analysis tool such as Splunk Enterprise Security identifies commonly used services and uses those statistics to create meaningful policies and procedures. According to Skyhigh Networks’ 2016 Cloud Adoption and Risk Report, the most commonly used services in the market today can be grouped into three categories:

  1. Approved services (5.4 percent of services) – services fully sanctioned by IT for having enterprise-grade security and functionality and often purchased and deployed at companies.
  2. Permitted services (63.3 percent of services) – services that offer significant business value but may require some risk-mitigation strategies such as data loss prevention measures, activity monitoring and access control.
  3. Not-allowed services (31.3 percent) – services deemed too risky for corporate use. Examples might include online PDF converters and consumer-grade cloud-storage providers.

Organizations just beginning to use cloud solutions are often surprised to learn it is still possible to handle data governance like a traditional computing system. Tried-and-true elements of classical data governance such as a company charter, RACI matrix and data-steward structure can be integrated and enhanced to incorporate the nuances of cloud workflows. However, because of how the cloud can change the way a business operates, it is strongly encouraged that organizations review existing policies to determine whether an existing policy can be enhanced or whether a new policy should be created in its stead.

In a pre-cloud world, a company would likely be separated into three main functional areas: business, operations and IT. Now, cloud-management responsibilities can span all three areas, which can essentially make it easier for lines of business to procure their own solutions and might necessitate the creation of a cloud-management department and a restructuring of responsibilities:

  • Because cloud infrastructure is a pay-for-service model, usage can be billed directly to a department. This will require IT to function as the broker, rather than provider, of services.
  • Addressing the skill gap will require either training initiatives for existing employees or hiring of cloud architects to facilitate adoption, development and maintenance.
  • Directors and managers of the organization will be involved in assessing the risk of migrating a particular system to the cloud. They will also be responsible for communicating with other departments and overseeing the adoption of new governance policies and workflows.
  • Network and application security models must be enhanced to handle both on-premise and cloud infrastructure.

Integrating the cloud movement into an existing governance program is a crucial step in securing an organization’s data and optimizing new business processes. These considerations should help a data-management organization plan ahead as it begins to adopt new and powerful cloud environments.

To learn more about Protiviti’s cloud capabilities, contact us

Was this article helpful to you?

Thanks for your feedback!

Subscribe to the Tech Insights Blog

Stay on top of the latest technology trends to keep your business ahead of the pack.

In this Article

Find a similar article by topics

Authors

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

This is the second in a two-part series around controlling cloud cost challenges in FinOps. Part 1 can be found...

Article

What is it about

According to the Flexera 2024 State of the Cloud report, 84 percent of organizations cite cost optimization as their top...

Article

What is it about

In today’s fast-paced digital landscape, DevOps practices have revolutionized software development and deployment, allowing organizations to achieve greater efficiency and...