Data security and data governance
New Gold
Data has a central function in the digital economy. It is collected in gigantic quantities so that automated or autonomous decisions can be made on the basis of data analysis. In this context, data security is achieved by technologies such as encryption, access protection, and tools that prevent attacks (e.g., SQL injection) on information. In contrast, data governance involves tools that encourage correct handling of data (e.g., managing personal and other sensitive information) and that implement the associated risk management with the use of, for example, metrics and control instruments.
The Basis: Data Overview
To implement data security, not just as a local solution for certain databases but to secure all or at least a large amount of relevant information, you first need to establish the basis. Data management informs you of the information you have, which is important because you can't use or protect what you don't know about.
And a positive side effect is that this knowledge is needed not only for data security, but also for the efficient use of data and for data governance. More specifically, it's about metadata management and data catalogs. Metadata management is the functional approach in data catalogs that acts as a repository of information across the various data storage systems. This helps you identify data worthy of protection, as well as the best data sources for the efficient and targeted use of information.
Data catalogs and metadata management have grown in importance, especially in the wake of the European Union General Data Protection Regulation (GDPR), with its stricter requirements for handling personal data. Some of the vendors in this market started with products for privacy management and then implemented data catalogs and metadata management as core components to serve requirements other than "simple" data protection.
The cost of data usage can be reduced if users access the most suitable sources in a targeted way. The potential added value increases to match. On the other hand, better data governance and data security give a boost to security or help mitigate security risks and avoid potential compliance violations.
In an age of looking not only at increasing volumes of data on increasing numbers of systems but also at an increasingly larger number of physical systems for data storage and management, consolidation tools (more specifically, metadata management and data catalogs) and integration systems are required to keep track of information. The days when IT managers primarily thought of relational databases and SQL when it came to data are long gone. Massively growing volumes of data add complexity to information handling and raise the bar for a comprehensive data architecture.
Data Fabric
Data security and governance are central components in a comprehensive data architecture, or data fabric (Figure 1). Data architecture in this context explicitly refers to managing and using systems and their architecture and interaction, not to the information itself and its structures. Whereas data architecture at the information level is conceivable for isolated use cases, organization-wide approaches in the sense of an enterprise data model failed more than a decade ago.
A model for data management builds on the various sources ranging from traditional databases to business applications and their data storage systems to analytic applications. All of these sources often generate information themselves, which, in turn, can serve as a source for other usage scenarios.
The first integrating layer is metadata management and the resulting data catalogs, which provide an overview of what data (and of what quality) can be found where. However, state-of-the-art tools also provide more detailed information on the data lineage (e.g., the origin of the data) and enable evaluation and collaboration for the information.
A level above is data integration and quality. Data integration products such as extract, transform, load (ETL) and extract, load, transform (ELT) support the integration of information from different sources and the implementation of data formats.
Data quality tools check the quality of information to supplement or correct the data as needed. External sources such as address databases are often accessed for this purpose. Master data management (MDM) builds on this foundation and delivers function- and industry-specific applications for handling information such as product data.
Another level above are the analytical applications and functions for data usage (e.g., for serving up user-specific content in digital services or for decision support).
Specific Data Protection
The functions of data governance act as an overall theme across the layers of a data fabric. One central topic in this context is data security, which in recent years has developed beyond individual technical solutions for security of classic, relational databases.
Database security continues to be an important subarea in this context, protecting databases against breaches of integrity, confidentiality of information, and availability. Security primarily involves functions for the information itself stored and processed on database systems, as well as the underlying server and network infrastructure and access to the information.
However, as infrastructures and technologies for processing and storing data change – especially given cloud-native tools and the resulting hybrid infrastructures of modern and legacy approaches – the requirements change. The core functions of modern data security products include the following functional areas:
- Vulnerability assessment: identifying potential points of attack, configuration errors, and other dangers.
- Data discovery and classification: knowledge of the data and classification of the data in terms of sensitivity (e.g., personal information); tools ideally build on existing infrastructures for metadata management and data catalogs.
- Data protection: encryption, tagging, and other technologies for both storage and data transfer.
- Monitoring and analysis: continuous monitoring of access to and the use of data, and analysis to detect and respond to anomalies, including integration with security information and event management (SIEM) tools.
- Threat prevention: guarding against targeted attacks such as SQL injection.
- Access management: targeted protection of privileged user accounts and dynamic, policy-driven access control; often handled by specialized applications.
- Audit and compliance reporting: automatically generated and ad hoc reports and dashboards for an overview of the current security status.
These tools are fundamental building blocks of a modern, secure data fabric and must be designed to support complex hybrid environments and multicloud platforms.
Buy this article as PDF
(incl. VAT)