Dr. Adi Hod. Co-Founder & CEO at Velotix. Driven by a passion for data and cybernetic AI. Entrepreneur, professor, leader & innovator.
getty
The volume of data in 250 billion DVDs is around 1 zettabyte. Multiply that by 180, and you get the amount of data projected to be created by 2025.
This expansion of data is reflected in the way many countries are widening data protection legislation. This is happening fast—in just a couple of years’ time (2024), three-quarters of the global population’s personal data is forecast to be covered by privacy regulations. At the same time, more and more enterprises are going cloud-native: 94% in the U.S. are now using at least one cloud deployment.
When such change is the only constant, a new approach to data governance and access is needed.
Data Access Governance: Protecting Your Sensitive Assets
Consider the impact of the trends highlighted above within a highly regulated workplace, such as a financial services institution. Where employees have access to “nearly 11 million files the day they walk in the door.” In “large organizations, the number is double: 20 million files open to all employees.”
If we look at this from a data democratization perspective, we see all those files—and potential insights—at people’s fingertips. From a data security perspective, we see a lot of potentially sensitive data exposure and a growing attack surface. In this new reality, data is no longer just “the new oil.” It’s also “the new water,” able to run free into streams and lakes if not stored correctly.
That’s why it’s time to look beyond rigid, pre-defined roles for data governance.
Establishing A Data Protection Policy
The question—and priority—for CDOs and CISOs is this: How can you transmit data to consumers while mitigating evolving risks and staying compliant?
There are internal data management rules to comply with, alongside external legislation and regulations. There are also policies that define how, when, where and why data is being transferred, accessed and applied. This complex blend of policy and protection requires something similarly complex—a data protection policy (DPP) where consumers have maximum access at minimum risk and where organizations can be data-driven while ensuring data privacy.
The DPP impacts the associated complex data access workflows and requires careful consideration and application of the necessary standards, best practices, protocols and policies.
A New Approach For A New Data Access Lifecycle
Implemented correctly, the DPP also acts as a foundation for data to drive innovation, efficiency and business success. This can be measured financially, such as when a leading global bank simplified its data environment and architecture, reducing costs by $400 million.
It’s about putting in place rules, regulations and best practices for data policy protection—while also ensuring that data can be accessed and shared in real time to remove potential bottlenecks arising from lengthy approval processes.
This means looking beyond role-based or attribute-based authorization approaches. ABAC and RBAC are no longer suitable for such volumes of sensitive data, where it’s hard to avoid over-permissioning and over-restrictions. These also require extensive resources to scale and maintain.
Aligning Data Access And Governance
Instead, modern data access governance requires an interactive mix. Automated processes—and compliance managerial expertise.
This aligned ecosystem should be founded on the drive for data democratization. Where requests to access, use or share data are managed using self-service processes and decisions. For data governance teams, the goal is to identify how to orchestrate all this with an up-to-date and accurate DPP—at scale.
The answer is to be found with AI. We’re already seeing a large increase in AI investment for governance, up 24.2% during 2020 and 2021.
An AI-Driven Opportunity To Enter The Future
For data access management, an AI engine brings interactivity between data catalogs and compliance managers, from access requests and policy creation to enforcement and approval processes. Below are some crucial components and where they fit into the data lifecycle:
• Data Discoverability: Tagging and cataloging to improve the data fabric layer, so consumers understand what data is available.
• Consumer Access Requests: Self-service that democratizes data access to the right people at the right time.
• Access Workflow Execution: Supporting many use cases. depending on the type of data, users and industries.
• Relevant Restrictions And Actions: The AI-engine can make recommendations when applying DPP.
• Policy Enforcement: Approve and deny requests are based on suggestions and feedback from relevant stakeholders.
• Tracking And Monitoring: Ensuring end-to-end visibility and transparency of data lineage, with anonymization and obfuscation techniques.
The Role Of AI In Data Access Governance
Here are some reasons why an AI-based governance system is essential:
• Application And Enforcement: Approval requests can be automatically routed to the right people. The AI learns and improves from previous decisions, making recommendations based on user attributes.
• Single Source Catalog: Even when rules or requirements change, AI-generated metadata from multiple catalogs can be surfaced centrally.
• Pattern Recognition: The AI can be used to detect anomalies and unusual patterns that indicate malware.
• Automated Policy Management: Organizations no longer have to manually discover, catalog and classify data, freeing governance teams for more strategic activities.
Meet The Human In The Loop
Of course, an AI engine must contain certain features, including the ability to provide transparent explanations to data managers regarding processes and the capability to receive data manager feedback for learning and improving the DPP. It must also boost efficiency and accuracy when automating and improving how policies are built, maintained and enforced. Then, over time, these policy applications become more accurate, flexible and intelligently automated.
An AI engine also requires vast data sets for training. However, it’s possible to reduce the time required by applying the “human in the loop concept,” where data managers educate the AI.
Through this process, the AI engine learns faster and makes better decisions and suggestions. Policies can then be maintained and updated, improving the DPP and supporting organizations to quickly and automatically decide on sharing processes that are safe, secure and compliant.
This is the ideal convergence of human expertise and AI technology. And it’s the future of data access governance and lifecycle management. Is your business ready to take advantage?
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
