At the risk of stating the obvious, 2020 threw quite a few curveballs that affected every individual, organization, and industry in some substantial way. For data security in cloud-based analytics, the shift to a majority-remote workforce had major implications for data sharing and data use.
As we enter the final weeks of 2020, we’re reflecting on how this year has changed data access governance as well as what organizations should expect in 2021 and beyond.
A Brief Look at 2020
We know most people are more than ready for 2020 to be over — and have been since March — but we’d be remiss if we didn’t mention the fundamental impacts this year has had on data use.
As employees across all industries navigated how to make their homes both an office and a classroom, organizations grappled with sustaining efficiency and keeping business moving forward outside of the traditional office environment. For most, this introduced an urgent need to enhance data sharing and data use capabilities. Organizations that had cloud migration on a “future” roadmap reprioritized, and the already-growing movement to the cloud accelerated. According to the Flexera 2020 State of the Cloud Report, 57% of organizations reported “slightly” or “significantly” higher cloud usage than planned due to COVID-19.
But cloud data platforms are only marginally useful if they’re not accompanied by a sound data access governance strategy. Whether organizations adopted their first cloud platform this year or their fifth, most reported data security as the biggest obstacle in the process. This year also saw the first enforcement of 23 NYCRR 500 and an amendment to the two-year-old CCPA, so if protecting data and avoiding regulatory, contractual, or industry penalties weren’t top of mind for organizations migrating sensitive data to the cloud, 2020 likely changed that.
Immuta’s 2021 Predictions
The changes 2020 swept in will have long-lasting implications — some more immediate than others. Here are our top three predictions for data security in 2021:
1. The future is in the cloud data ecosystems.
A broad movement to the cloud was already underway, but most analysts projected that organizations would not be fully transitioned to the cloud for at least four years. According to Immuta’s Data Engineering Survey: 2021 Impact Report, however, that shift is happening faster than predicted. Three-quarters of respondents in the survey expected to be “entirely” or “primarily” cloud-based within the next 24 months. And it’s not just one cloud platform they’re leveraging — 52% plan to adopt two or more platforms within the same timeframe.
Why might this be? If 2020 was about accelerating automation, 2021 will be about ramping up the use of platforms that drive automation with AI and ML — and most of those platforms are cloud-based. In addition to providing the right tooling and being more cost efficient, the cloud enables organizations to extract data’s value at scale by leveraging various frameworks that perform every function from building algorithms to managing operating expenses. With today’s world moving toward automated and personalized experiences in everything from retail to healthcare, organizations will need a well-rounded ecosystem of cloud data platforms to develop the insights that create these experiences.
As these transitions to multiple cloud data platforms take place, organizations that leverage an automated data access governance solution will maintain a critical competitive edge over those that take an ad-hoc approach. The latter is time- and labor-intensive for data teams, not to mention risky from a compliance and security standpoint. On the other hand, a tool that can automate cloud data access control and management across multiple platforms can increase data engineers’ and architects’ efficiency, increase time to data access and business-driving analytics, and help reduce the risk of data leaks and breaches.
2. Sensitive data — and its security — will be imperative to analysis.
The availability and use of sensitive data have increased at staggering rates in recent years and show no signs of slowing down. According to Immuta’s Data Engineering Survey, 75% of organizations say sensitive data is important to analysis and about half are actively leveraging it.
Sensitive data provides highly valuable insights that help improve customer experience and satisfaction, generate higher revenues, inform lifesaving public health and safety decisions, and more — but it carries substantial risk. If and when sensitive data falls into the wrong hands, data subjects and the organizations leveraging their information may face substantial harm to their finances, reputations, or any number of other factors. Yet, data teams report the most challenging aspect of data pipeline management is masking and anonymizing sensitive information.
Sensitive data will continue to proliferate and be essential to analytics in 2021 and beyond. To maintain pace with competitors and maximize data’s value, organizations need a strategy in place for protecting it. Data governance tools that enable flexible data access controls and dynamic data masking, including privacy enhancing technologies (PETs), will be vital for simplifying data engineers’ and architects’ responsibility to mask and anonymize sensitive data, particularly as their numbers of cloud data platforms, data sources, and data consumers continue to grow.
3. Rules and regulations will continue to increase and evolve.
The CCPA (soon to be CPRA) and 23 NYCRR 500 made headlines in 2020, but they barely scratch the surface of data rules and regulations with which organizations must comply. Immuta’s Data Engineering Survey found that 92% of respondents’ data is subject to one or more rules or regulations. From internal, company-specific policies and contractual agreements to employment laws and major regulations like the GDPR, data use is highly regulated and compliance standards are constantly changing.
As consumers become more aware of how their data is being used and concerned with its privacy, rules and regulations will be increasingly specific and enforceable. Algorithmic bias, for example, has been well-documented in recent years — often to the detriment of the organizations that don’t account for it and the consternation of those affected by it. Data subjects have taken notice and regulatory legislation has responded accordingly. The GDPR’s right to be forgotten spells out the scenarios in which data subjects can have their personal data erased and HIPAA requires data access to be permitted for specific, approved purposes.
Technological advances and use cases will also prompt new regulations and evolutions to existing ones. For data teams tasked with preparing data for regulatory compliance, the persistent change is hard to manage. This is particularly true for the majority of organizations that leverage role-based or all-or-nothing access controls and must manually update all pertinent policies to comply with rules and regulations.
Fine-grained access controls will be increasingly critical for enforcing policies that are compliant with various rules and regulations. Automated data access governance tools that streamline regulatory compliance through no-code starter policies will reduce the time spent deciphering rules and regulations, and increase transparency with legal and compliance teams who are able to easily understand how policies are written. Additionally, having on-demand reporting and data audit trails will continue to be essential for proving compliance and avoiding regulatory penalties.
Immuta’s sensitive data discovery, fine-grained access controls, dynamic data masking, and data auditing capabilities provide data teams with end-to-end automated data access governance. Data engineers and architects will be prepared to maximize data’s value across multiple cloud platforms by leveraging Immuta’s active data catalog and implementing access controls through a centralized plane.
Don’t let 2021 catch you off guard — download the Immuta Data Engineering Survey: 2021 Impact Report to learn what data teams say are their biggest challenges and needs to maximize data’s security and privacy across cloud platforms.