Closing the Governance Gap - Enabling Governed Self-Service Analytics
0 likes•137 views
The document discusses the importance of addressing the governance gap in self-service analytics by enhancing data protection and compliance with privacy regulations. It emphasizes the need for clear data policies, sensitivity assessments, and the creation of a centralized governance structure to manage access to sensitive data effectively. The role of automated tools for policy enforcement and the integration of business directives into data management practices are also highlighted as key strategies for improving data governance.
Closing the Governance Gap - Enabling Governed Self-Service Analytics
- 1. July 15, 2021 Closing the Governance Gap: Enabling Governed Self-Service Analytics David Loshin President, Knowledge Integrity Program Director, Master of Information Management, University of Maryland
- 2. Sponsor 2
- 3. DAVID LOSHIN President, Knowledge Integrity, Inc. Program Director, Master of Information Management, University of Maryland
- 4. Data Sensitivity • Growing recognition of risks of exposing individuals’ personal and private information – Emerging indignance over corporations using and selling what is believed to be personal or private information – Increasing number and volume of data breaches – Expanding interest of governmental intervention and protection • A growing inventory of global regulations address the need to secure and protect individuals’ personal and private data • Growing awareness of the general concepts of protection of “sensitive” data
- 5. On-Premises Multicloud Challenges of the Evolving Data Landscape
- 6. Variance in Definitions and Semantics “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household Name Alias Postal address Account name SSN Email address IP address Driver’s license Passport number Other personal identifiers Products or services considered Products or services purchased Products or services obtained Purchasing histories Personal property records Consuming history Biometric information Geolocation information Education information Employment information Interaction with an internet website Search history Browsing history Electronic data Audio data Visual data Thermal data Olfactory data "Sensitive data" means a category of personal data that includes: 1. Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; 2. The processing of genetic or biometric data for the purpose of uniquely identifying a natural person; 3. The personal data collected from a known child; or 4. Precise geolocation data. "Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person.
- 7. Interpreting Policies and Assessing Governance Impact GDPR’s Right to Erasure At what point do you determine that personal data are no longer necessary for the purposes for which they were collected? How does your organization “manage consent”? What does it mean to “erase” data? Is the default to erase data that are no longer necessary? How do you keep track of the controllers? How do you notify them? How do you locate all links, copies, replications within your own organization? How do you convey obligations to other controllers?
- 8. Protection of consumer sensitive data is mandated, yet is excepted in certain scenarios in which there is lawful use of the data! Legal Complexities
- 9. “Policies” and Data Policies • Laws, regulations, standards are examples of “Policies” that direct organizational behavior • “Policies” impose policies on the management and use of information via data policies • Data policies are defined to govern the use of information within the context(s) of the array of “Policies” • Data policies must provide assurance that data consumers are able to access the data they need under the appropriate circumstances and usage scenarios
- 10. Data Sensitivity Assessment & Classification • Assessment – Data discovery to determine if the asset contains potentially sensitive data • Classification – Within the context of defined policies, assign one or more sensitivity classifications to the data asset by data attribute Confidential data Controlled unclassified data Export-controlled data IT security data Government classified data Sensitive corporate data Chain of custody data Personal data
- 11. Defining Data Policies Policy: Within the context, the actor’s privilege is limited via the constraint in accessing the asset at the level of granularity during the duration. Example: Within the provider lookup process, the Fraud Analyst’s ability to view data is limited in viewing the Provider Enrollment table records when there is an active fraud investigation for two weeks after the investigation is launched Actor: the user, role, and/or group that is subject to the policy Granularity: the subset or component of the asset subject to the policy Privilege: the permissions associated with accessing or using the asset Constraint: the restriction imposed by the policy Context: the circumstances under which the constraint is effective Duration: the time frame within which the policy is in effect Asset: the data object that requires a protection policy
- 12. You know it is true… Translating, documenting, defining, implementing, ensuring compliance with, and governing data policies is hard.
- 13. Governance Gap ? “Policy” owners understand how business directives impact data policies but are unfamiliar with the data and with the tools to implement those policies Data consumers are willing to abide by data policies but are not aware of how those policies are defined or implemented IT developers manage data policy tools but are unaware of data sensitivity and how business directives are translated into data policies Due to the disparity between how policy owners interpret data policies and how they are actually implemented, no single persona has the policy knowledge, technical expertise, and data awareness to deploy data policies
- 14. Closing the Governance Gap • Employ tools that provide a simplified mechanism for granting privileges to data consumers for controlled access to the data they need • Institute processes and practices for defining data policies using a defined taxonomic categorization • Map categories to data domains and consumer personas • Use a semantic view to logically express data policies in a manageable and scalable way
- 15. Semantic Approaches for Self-Service Governed Access Data Owners Data to be shared Classifications PHI PII FINANCIAL_DATA … Roles Claims_Processor Fraud_Analyst Finance_Analyst … Assess sensitivity Define classifications Specify roles Determine privileges Define conceptual data policies Conceptual Policies Claims_Processor may access FINANCIAL_DATA Fraud_Analyst may access PII … Translate conceptual data policies to target systems 1 2 3
- 16. Automate Policy Compliance and Auditing Data Consumer Data Consumer Data Consumer Data Consumer Centralized Policy Portal Enterprise Identity Access Management Policy Proxy Policy Proxy Policy Proxy Policy Proxy Policy Proxy Policy Proxy Policy Proxy Policy Proxy Policy Proxy Row-level & column-level data protection
- 17. Considerations: Governed Self-Service Access • Centralized data governance team composed of data policy drivers, data owners, data consumers, and technicians • Logical frameworks for policy specification • Enforcement is delegated to business unit • Data policy stewards – Support the definition and translation of data policies – Monitor policy compliance through tool interface – Enforce policies according to line of business requirements • Data owners – Classify data according to categories of sensitivity – Enable access for data sharing – Register data assets in a data catalog • Data consumers – Browse data catalog – Request access – Access is automatically configured • Data policy definition can be automated using tools • Data assets can be securely shared • Automated monitoring provides an audit for compliance • Data consumers are confident in trustworthiness of the data
- 19. Governed Self-Service Analytics- A New Paradigm Rajiv Dholakia, SVP Products Date: July 2021 Enabling responsible use of data Powered by Apache Ranger
- 20. Complying With Privacy Regulations Has Slowed Down Cloud Migration And Analytics Initiatives Do we have any PII data in the cloud? How to enable fine-grained access control? How to comply with new regulations? % 70% said cloud migration and analytics have been made more complex due to compliance with privacy regulations * Survey conducted by 3rd party agency in 100 interviews with execs from Fortune 500 companies
- 21. Balancing the Dual Mandate of Regulation Compliance and Data Sharing Presents More Challenges for IT % 58% report conflict between data scientists and data security & compliance teams due to access restrictions * Survey conducted by 3rd party agency in 100 interviews with execs from Fortune 500 companies
- 22. BY 2025, EVERY BUSINESS IS GOING TO BE A DATA DRIVEN BUSINESS (OR START TO GO OUT OF BUSINESS)
- 23. WHAT IS HARD ABOUT A DATA DRIVEN BUSINESS? DATA SOURCES & STORAGE COMPUTE CONSUME
- 24. DATA SOURCES & STORAGE COMPUTE CONSUME DATA ACCESS GOVERNANCE CONTROL PLANE IDENTITY & SECURITY CONTROL PLANE BUSINESS GOVERNANCE CONTROL PLANE ACCESS GOVERNANCE PLATFORM
- 25. DATA SOURCES & STORAGE COMPUTE CONSUME DATA GOVERNANCE CONTROL PLANE IDENTITY & SECURITY CONTROL PLANE BUSINESS GOVERNANCE CONTROL PLANE UNIVERSAL DATA ACCESS GOVERNANCE PLATFORM DISCOVER ACCESS POLICY ENCRYPT & SECURE AUDIT & REPORT
- 26. The Future of Governance 2024-2026 ACCESS POLICY CREATION & AUTOMATION (Policy Sync & Governing Data Sets) 2021-2023 2018-2020 ACCESS POLICY ENFORCEMEN T (Plugins & Policy in Code, Ease of Creation) ASSISTED AUTOMATED INTELLIGENT INTELLIGENT DATA GOVERNANCE PLATFORM
- 27. A Peek at the Future… Enabling responsible use of data Powered by Apache Ranger
- 28. Teams/Roles Check and Balances Data Sets Requirement Configure Data Users Access Data Privacy and Compliance Team Requirement Monitor Governance Team Governance Team Requirement Security Team Configure Data Stewards
- 29. Data Sharing and Usage: Rethinking the Process Data Sources Data Assets IT Sales Data Customers Data Marketing Data HR Data Finance Data
- 30. Data Sharing and Usage: Putting it in Action Data Sources Data Assets Data Sharing IT Owner Sales Data Customers Data Marketing Data HR Data Finance Data Sales Team Support Team Marketing Team HR Team Finance Team
- 31. Data Sharing and Usage: Governed Data Sharing Data Sources Data Assets Data Sharing Projects IT Owner Lead Sales Data Customers Data Marketing Data HR Data Finance Data Sales Team Support Team Marketing Team HR Team Finance Team BI - Usage Dashboards (Customer Data) Data Science – Email Campaigns (Sales + Customer Data) BI - Revenue Projections (Sales + Customer + Finance Data)
- 32. Attributes of Governed Self-Service Analytics Platform •Centralized Visibility - Get visibility into all user activity and proactively address any compliance violations •Delegated Policy Administration - Central and local teams should be able to build policies, not just with a better UI but in an automated way •Native Enforcement - Enforcement of policies should be done closer to data and natively within the application
- 34. Let's stay in touch. FOLLOW US ONLINE @privacera linkedin.com/company/privacera Thank you! EMAIL [email protected] VISIT OUR WEBSITE http://www.privacera.com/solutions/governed-data- sharing
- 35. Questions and Answers David Loshin President, Knowledge Integrity, Inc [email protected] Rajiv Dholakia SVP Products, Privacera [email protected], @dholakia
- 36. Thanks to Our Sponsor 36