Balancing Collaboration and Compliance with Data Marketplaces

Although we are living in an age of unprecedented data generation, none of it matters if we can’t make that data available for analysis in a secure and timely manner. In order for users to analyze and derive insights from data, it must be discoverable and accessible.

Streamlining accessibility has been a priority of data professionals for decades. In fact, the most immediate task for any modern Chief Data Officer (CDO) is to see how efficiently they can help their business derive value from accessible data. The growth of enhanced data sharing methods – including data marketplaces and exchanges – are enabling this mission for today’s data-driven teams.

Sharing data amongst your team’s users fosters collaboration, innovation, and improved decision-making. However, it can also present significant challenges if not implemented correctly, particularly when securing sensitive data and ensuring compliance with ever-evolving regulations.

This blog explores the importance of how you structure internal data sharing, the complexities of securing sensitive information, and the growing role of data marketplaces in achieving a balance between business-driving collaboration and regulatory controls and compliance.

Leveraging Data Marketplaces for Internal Sharing

A data marketplace is a virtual storefront where data is exchanged by various parties. While they can be used for monetized external data sharing, they are increasingly being leveraged as a means for internal data sharing and collaboration.

Internal data marketplaces connect data producers, who create specific data products, with data consumers who can leverage them for their own goals and projects. This makes collaboration and sharing a self-service transaction, where users can discover and use new data products without having to go through timely access requests and governance bottlenecks.

This approach is key for teams that want to enhance data democratization and decentralize data use. Roche Diagnostics, a global leader in pharmaceuticals, implemented a marketplace within its data mesh architecture to enhance analysts’ ability to innovate. Not only did this streamline Roche’s data use, it also drove the creation of 200+ new data products and the realization of over $50M in benefits. Said Data Platform Product Line Lead Pierre Alexandre Fischer, “Our digital transformation strategy supports our wider business objectives of building transformative, innovative cross functional data products and data sharing solutions across the company value chain, and to deliver on our commitments to our people, partners, stakeholders and, most importantly, the patients we serve.”

Our digital transformation strategy supports our wider business objectives of building transformative, innovative cross functional data products and data sharing solutions across the company value chain, and to deliver on our commitments to our people, partners, stakeholders and, most importantly, the patients we serve.”

Pierre Alexandre Fischer Data Platform Product Line Lead, Roche Diagnostics

[Learn More] How Roche Unlocks the Power of Data Through the Data Mesh

The Benefits of Using Internal Data Marketplaces

Beyond self-service collaboration, internal data marketplaces provide a range of other benefits. Some key advantages include:

1. Enhancing Data Discovery: Marketplaces make data more visible, helping your users to discover valuable data sets and data products that may have been difficult to access otherwise.
2. Improving Data Quality: Marketplaces offer curation and quality checks on data sets, giving users higher confidence in the quality of the data they are using.
3. Gaining Deeper Insights: By combining data sets from multiple sources, your users can uncover hidden patterns and correlations, leading to improved cross-functional decision-making.
4. Driving Innovation: Collaboration through data sharing fuels innovation by fostering new ideas and approaches to complex problems.
5. Optimizing Processes: Sharing data identifies inefficiencies and streamlines processes across business units, separate teams, and other groups who engage in collaborative data use.
6. Enhancing the Customer Experience: By sharing data about customer behavior and preferences, organizations deliver personalized services and products, leading to higher customer satisfaction.

The Risks of Using Insecure Data Marketplaces

While marketplaces make it easier for your data users to find and leverage valuable data, they still present significant security and compliance concerns.

Without the proper controls, data marketplaces are at risk of leaks, breaches, and unauthorized access of sensitive information such as personally identifiable information (PII), financial data, intellectual property, and trade secrets. These kinds of security incidents have lasting financial, legal, and reputational consequences for the organizations, teams, or users responsible for them.

Read More: The Top 5 Barriers to Data Sharing and How to Overcome Them

This is why various compliance laws and regulations set standards for data sharing. For example, the EU Data Act, which came into force on January 11, 2024, specifies rules on sharing EU data subjects’ information. This act gives data subjects additional legal controls over how their data is shared, and imposes strict penalties for noncompliance:

“Fines to be imposed for infringements of data-sharing obligations may reach the amount of EUR 20 million or 4% of the total worldwide turnover of an entity for the preceding financial year, whichever is higher.”

To avoid fines, data marketplaces should be built with an emphasis on security, privacy, and compliance.

Making Internal Data Marketplaces Practical

Any data marketplace implementation must maintain necessary data security and privacy standards. Data producers and users alike play a key role in this effort. However, data producers have the added responsibility of ensuring that data is prepared in a manner that protects sensitive information, and that any data use is consistent with compliance and security requirements.

To keep your internal data marketplace secure, your team should incorporate:

Data Discovery & Classification

Before you can begin sharing, you need to know what data you have. By leveraging sensitive data discovery and classification, you enable your data marketplace with both context and consistency.

Discovering and tagging sensitive data like PII and PHI provides critical information about your most vulnerable data, which informs how you protect and share it. A standardized classification taxonomy ensures that data is tagged consistently throughout your ecosystem, making it easier for the implementation of global controls and comprehensible data use.

Data Access Controls

Data access controls are a critical component of securing sensitive data, ensuring that only authorized individuals have access to the marketplace’s shared data for legitimate purposes.

While role-based access control (RBAC) can be used to assign access rights based on each user’s role in the project or marketplace, attribute-based access control (ABAC) enables more dynamic controls for a growing self-service marketplace model. ABAC grants access based on a combination of user, data, and environmental attributes, providing more granular control and enhanced adaptability for different user types and purposes.

These access controls should integrate with your organization’s overall data governance, data catalog, and identity and access management (IAM) solutions. When applied globally, this provides top-down control over which data is available across data products and users.

Data Monitoring & Detection

Another critical aspect of data marketplaces is the ability to apply data monitoring and audit data use. By maintaining logs of data access attempts and monitoring for unusual or risky user behavior, you can oversee activity and identify potential security breaches when they occur.

These capabilities also help ensure compliance with regulations like the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA), which provide standards for governing the collection, storage, transfer, and sale or use of personal data. Monitoring keeps a consistent watch over compliant use, while audit logs are used to prove compliance to regulatory bodies.

Using Data Marketplaces to Secure Sensitive Data

While marketplaces must be secure to be used to their fullest potential, they also help strengthen sensitive data protection efforts. The exponential growth of data being generated – both structured and unstructured – provides more resources for teams to fuel data-driven initiatives. However, structured and unstructured data often reside in different locations, making it challenging to implement consistent security measures across both.

Data marketplaces help secure data by following these best practices:

• Data Minimization: Data producers should only share the minimum amount of data necessary for the intended purpose.
• Data Anonymization and Pseudonymization: Techniques like anonymization and pseudonymization, which alter sensitive data, can be used to reduce the risk of identifying individuals in shared data sets.
• Encryption: Data should be encrypted both at rest and in transit to protect it from unauthorized access.
• Data Loss Prevention (DLP): DLP solutions help prevent accidental or intentional data leaks.

Conclusion

In this blog, we demonstrated the game-changing benefits of internal data marketplaces for data-driven businesses. Marketplaces not only foster enhanced collaboration between data stakeholders, but are also engines of sustainable growth. However, to take advantage of their full potential, we must recognize security risks and take steps to bridge any gaps.

By combining the practical steps mentioned in this blog with the discovery, security, and monitoring capabilities of a dynamic data security platform like Immuta, you can de-risk your data to drive simplified, scalable, and secure data use for your organization. Said Walid Mehanna, Head of Data & Analytics at the Mercedes-Benz Group,  “Immuta is the go-to technology to implement our vision of an internal ‘Data & Analytics Marketplace,’ enabling full transparency on the relevant data assets with secure and compliant data access.”

Immuta is the go-to technology to implement our vision of an internal ‘Data & Analytics Marketplace,’ enabling full transparency on the relevant data assets with secure and compliant data access.”

Walid Mehanna Head of Data & Analytics, Mercedes-Benz Group

To learn more about secure data sharing, check out our De-Risk Your Data Sharing content bundle.