Successful data platform teams and championship sports teams have a handful of things in common – strong baseline skill sets, effective coaching and training, and good communication skills. But as people come and go, what’s the secret of those that remain on the top over years or even decades?
I asked myself this question when I started coaching competitive youth soccer after years of playing and watching it. How can I take this group of individual players and achieve success as a team? Over several seasons, I realized that the foundation of championship teams is the proactive planning and preparation that happens before the soccer season even begins. As it turns out, the same can be said for data teams.
Organizations are seeing increased demand for data use, but are often unable to satisfy business expectations while remaining ethical or legal (even if unintentionally). In order to balance speed and regulatory compliance, data teams must be proactive about protecting their sensitive data.
Tools like the Immuta Data Security Platform can help organizations manage and automate access to sensitive data in the same way a coach plans for the season – setting teams up with the structure, rules, and collaboration they need to succeed. In this blog, we’ll walk through my “training plan,” five steps modern data teams can use to take charge of their cloud data protection.
The Cloud Data Protection Training Plan: How It’s Built
Having interviewed many customers and prospects, I’ve been fortunate to better learn how they’re using data, their key requirements, and the biggest and most common challenges they face. When it comes to business data, most organizations rely on two key stakeholders: the data owner and the data platform owner. The data owner is responsible for ensuring the proper use of data and compliance with regulations, including internal use requirements. The data owner collaborates with the data platform owner to automate data access for all data consumers in order to harness the data’s full potential.
In my conversations with customers, I discovered several challenges that prevent organizations from both implementing proper cloud data protection and ensuring that data consumers are able to access all the data they need to access. These challenges include organizational gaps between the data owners and the platform owners, a lack of trusted data security and access control measures, and limited resources and expertise.
Implementing and automating data access control and security measures requires a modern and innovative approach that can support both current and future business needs, while closing any gaps that may already exist. The approach should be based on experiences and best practices and must support all stakeholders, deliver a repeatable process, and leverage the top technologies to manage holistic cloud data protection.
Based on my experiences and conversations, my coaching plan for organizations looking to boost their cloud data protection consists of five critical tasks:
- Engaging and aligning the various stakeholders
- Assessing and documenting the access control and auditing requirements
- Designing a custom solution to fit the existing environment
- Deploying a modern and scalable data security solution
- Auditing and maintenance of data access policies
Let’s walk through your training plan.
Step 1: Facilitate Stakeholder Alignment
This is the most important step, but it is also the most challenging. That’s because it aims to bridge the gaps between the data owner, the technical data platform owner, and other internal stakeholders.
The data owner is responsible for identifying all relevant business data and the policies required to ensure compliant data use without unnecessary restrictions. The data platform owner is responsible for managing the data and ensuring that policies are enforced and data is delivered to all data consumers with proper access control and security, so they only access the data they are authorized to use.
In speaking with customers, some of the key challenges I observed include:
- Difficulty for inexperienced data owners to define the data use policies so they can be translated to technical access control policies.
- Lack of awareness by the data owner that they are responsible for defining the data policies, or an unwillingness to take that responsibility.
- Unawareness or lack of understanding about the most up-to-date critical regulations or internal use agreements.
- Lack of auditing capabilities, which makes it difficult for the platform owner to prove effective policy enforcement and compliant data use.
Just as an offense and defense must adapt and communicate as game conditions change, both the data owner and data platform owner must be aligned from the start and continue to work together as data access requirements evolve so they can maintain current data policies. The validation of their efforts is auditing reports that prove effective policy enforcement and compliance.
To help facilitate transparent communication between stakeholders, Immuta takes an innovative approach to authoring and managing data policies with a plain English policy definition tool, automatic data policy enforcement, and on-demand auditing. The plain English policies make it easier for technical and non-technical users to collaborate on policy definition, and detailed auditing with version control help prove compliance and reduce risk.
At the conclusion of this step, the data owner and the platform owner should be aligned, with a clear delineation of responsibilities – the data owner defines the roles, policies, and onboarding of new users, and the platform owner provides the provisioning process and the platform to enforce policies with auditing.
Read More: The Data Platform Owner’s Guide to Automated Data Access with Snowflake & Immuta
Step 2: Assess Cloud Data Protection Requirements
Now that the stakeholders are aligned with a common goal, the next step is to focus on sensitive data discovery and the development of data policies to comply with regulations such as GDPR, CCPA, HIPAA, and data use and data sharing agreements.
The data owner plays a key role in this step, as they are most familiar with the data and the related regulations and access restrictions. They must clearly articulate the roles and data policies so that the data platform owner can implement the proper cloud data protection policies, just as a coach would tell a team how to play the corner kick.
Read More: A Guide to Data Compliance Regulations
Immuta empowers data teams to truly leverage the power of cloud computing by providing a unified platform for those who write policy, those who enforce it, and those who audit it.
Eliminating the need to manually define the policies in each individual data platform helps ensure that the policies are automatically and consistently enforced across a data ecosystem, with auditing and reporting.
At the conclusion of this step, user roles and access control requirements should be well defined and implemented as data policies. This includes:
- What sensitive data needs to be protected
- When to protect the data – always or time-based
- Who are the data consumers – everyone or specific groups
Step 3: Design the Data Access Solution
The data platform owner is responsible for designing a modern and scalable platform to deliver competitive business analytics. But data sets are often scattered across a variety of data platforms, creating silos that are barriers to decision-making, transparency, and employees’ ability to share data. Therefore, the data platform owner must deliver a proven and dynamic data management framework to ensure that all current and future business needs are met and that the organization is not locked-in to one platform.
Traditionally, the data platform owner has relied on manual coding to implement data access controls inside the data platform, often using SQL or a programming language such as Python. This approach depends heavily on built-in capabilities, which are often limited, lack automation, and are unable to scale to meet growing business demands. Simply put, manually enforcing access control across all data sources is cumbersome and leads to inconsistent cloud data protection policies – it would be like training each team member individually but never having a tactical game plan.
Immuta offers a modern approach to defining and enforcing data policies. By allowing the data owner to write the policies in plain language, the data platform owner is enabled to separate the policy definition from the data platform. This provides a centralized approach to cloud data protection through decentralized policy management, ensuring all platforms work in tandem without compromising performance or scalability.
At the conclusion of this step, the data platform owner should have a clear plan for how to protect sensitive data. The plan should include the following:
- Deployment architecture for access control – a complete set of data policies, integration with a data catalog, and integration with Identity and access management (IAM)
- Where the sensitive data is hosted – a list of all the data sources
- How the data should be protected – techniques such as obfuscation, data masking, encryption, etc.
Step 4: Deploy Automated Data Policies
Modern data platforms are designed for growth and scale. Growth allows them to accommodate new data sources, and scale means they can meet the increasing number of analytics consumers, use cases, and business needs.
The data owner requires automated data access controls to ensure the universal enforcement of data policies at a growing scale. The platform owner implements a data security solution to facilitate the centralization of policy management and enable all stakeholders to create policies in a central location. This is akin to how a coach creates and trains players on specific tactical plays, such as a free-kick with a scoring opportunity, so the players can execute them when appropriate in games.
Immuta seamlessly integrates with the leading cloud data platforms to automate and enforce data policies at scale, so that users get access to the right data at the right time. With this approach, Immuta makes it possible to decentralize data policy management so the data owner can focus on their own policies, while the data platform owner ensures independent policy enforcement. Immuta also makes it more efficient to build data pipelines with policy-as-code, so data teams can fully automate and scale sensitive data management into their build pipelines.
Immuta helps organizations get started with a proven methodology, including foundational engineering principles and walkthroughs of specific features aligned to the management and delivery of trustworthy data at scale.
At the conclusion of this step, the data platform owner has automated the data policies so all the data consumers can perform analytics without any delays. The automation also includes self-service provisioning of data while complying with global and regulatory data policies.
Read More: The Guide to Enforcing Access Control Policies with Your Data Catalog’s Metadata
Step 5: Audit and Maintain
Data compliance regulations and data localization laws continue to evolve as more states and regions adopt existing regulations or create new ones. Organizations must plan for ongoing data auditing and maintenance of the policies to reduce risk and ensure compliance.
In the same way that soccer practice, conditioning, and injury prevention must be done regularly, ensuring cloud data protection is not a one-time activity. Data teams need to be proactive about maintaining the data policies and not wait until they incur data access violations or regulatory fines. Immuta makes it easier for data-driven organizations around the world to speed time-to-value, safely share more data with more users, and mitigate the risk of data leaks and breaches. Immuta also provides the data use, data policy, and data ethics techniques to guide organizations on how to get started with automating access control.
Implementing the 5 Steps for Cloud Data Protection
Cloud data protection is not always easy, but it’s also not impossible. Taking a proactive approach to data security and access controls while working with a trusted partner like Immuta helps organizations to speed the deployment of competitive analytics and enable data consumers to reach value faster with confidence and trust in their data.
I often tell my players that a game like soccer looks easy but it is very complicated, with many moving parts. With proper coaching and training, however, any player should be able to help the team when their time comes to make a play or support the player with the ball. With both soccer and data security, proactive planning and action are the most effective way to achieve success.
Now that you have a training plan for modernizing data access and protection, you’re ready to see how it works in action. Learn more about cloud data protection by reading Data Security for Dummies, or by scheduling some time with our team.
