DataOps in Data Protection, Privacy, and Governance

With data breach incidents regularly making the news and increasing pressure from regulatory bodies and consumers alike, organizations must protect sensitive data across the enterprise. DataOps helps establish consistent governance policies and controls to enable data to flow freely.

The Challenge

Traditional data security approaches rely heavily on network-oriented perimeter defenses, but do nothing to protect the interior— the data itself. This risk is magnified as data flows across privacy domains, such as from production to non-production systems or from in-house to outsourced teams. Supplementing these technologies are manual controls and checks, measures that are plagued with opportunities for failure and strained by the increased rate and volume of data requests.

Without appropriate DataOps practices in place to govern the dissemination of data within and across enterprises, businesses can quickly fail to protect sensitive data, along with customer trust, market share and revenue. All too often, businesses are forced to choose between locking down data for security purposes, or making that data easily available to the data consumers who are trying to innovate and grow the business.

DataOps Success Patterns

People

  1. Include security when launching new projects: Security professionals should not merely be consulted periodically or brought in as an afterthought; they must be a part of the team from the beginning. This applies to all projects including software development, data analytics, and cloud migrations.
  2. Acknowledge potential friction points: Security professionals must understand the broader team’s mission and where security measures might create complexity or delays. Likewise, project teams must understands where potential data vulnerabilities lie as well as their significance.

Process

  1. Introduce automated controls: Instead of trying to protect data with a spreadsheet, encourage security experts to strengthen your security posture with automated controls that drive accuracy and consistency.
  2. Establish a feedback loop: Security professionals must be able to voice observations and concerns directly to project teams. An open line of communication drives project success even when external requirements change.

Technology

  1. Start with existing technologies: Initial solutions should feature easy integration into existing technologies to provide demonstrable “quick wins” to build upon.
  2. Embrace platform: At the same time, scalable, extensible solutions will satisfy security requirements across data types and sources as they change over time.

Data Operators and Consumers

Data friction exists between two groups of people: Data Operators and Data Consumers. Here are some examples of both for Data Protection, Privacy, and Governance

Data Operators

  • Database Team
  • Storage Team
  • Server Team
  • Information Security

Data Consumers

  • Information Security
  • Security Auditors
  • Government
  • Regulators
  • CSO
  • Project Teams (Analytics, Machine Learning, Software Development, etc.)