Data governance as a framework? Pretty easy. Data governance in practice? Not so much.
We get it, because we’ve seen it firsthand. Even the most successful enterprises struggle to get data governance initiatives off the ground. In fact, Gartner has reported that up to 80% of data governance initiatives fail.
For anyone who’s responsible for implementing a data governance strategy – or getting executive buy-in to develop one – this may seem bleak. And with good reason. As the majority of governance initiatives are failing, nearly two-thirds of data professionals also see it as a bottleneck.
The good news? When done correctly, data governance can lift revenue by 62%. And the fix might be right in front of you.
In this blog, we’ll help pinpoint the weaknesses in your data governance strategy and provide an action plan to address them, so governance stops being a blocker and starts being an enabler.
Data governance may have been a nice-to-have in the past, or something that could be easily handled by IT. But the new normal for governance teams now makes it a necessity.
That’s because the volume of data – and the users demanding it – are growing at an unprecedented rate. Organizations need a way to control the chaos, or risk putting their operations and their reputation on the line.
It’s not just that more analysts and business users are requesting access to more data.
Data stewards, engineers, and governance managers are wasting hours on operational overhead while becoming the bottleneck to the very thing their organizations are trying to accelerate: safe, scalable, AI-ready data access. More than half of data professionals say these types of challenges have made their workload more difficult than it was a year ago, and 45% report feeling burnt out and ready to look for another job. This type of disengagement is not only bad for morale, but it could lead to mistakes, apathy, and other issues that increase the company’s risk exposure.
But this is not just an efficiency problem. It’s a structural failure that limits innovation, increases risk exposure, and undermines trust in the governance function itself.
If these challenges ring true – or if you can spot them on the horizon – it’s time to step back and ask: Why is your data governance strategy failing — and what can you do to fix it?
Despite dramatic advances in cloud data platforms and AI tooling, 53% of data governance teams are still relying on manual processes like ticketing systems, spreadsheets, and workflows to manage policies and approvals. These processes were barely manageable five years ago. Today, they’re a bottleneck and a liability.
Legacy governance techniques weren’t designed to support the speed, scale, and complexity of modern data environments. When every new dataset, access request, or policy update requires human intervention, it’s no wonder governance is perceived as slow, bureaucratic, and outdated.
An increase in data literacy across business units means that now, anyone can be a data consumer. It’s no longer just limited to data scientists and analysts. In fact, it’s no longer limited to humans either. Non-human identities (NHIs) like AI agents are outpacing human users at a rate of 45:1, requesting access to data at a speed and scale that ticketing systems are not equipped to handle.
This puts immense pressure on governance teams to review, approve, and monitor requests in real time, while maintaining compliance. Without scalable, automated provisioning in place, these requests either get delayed (hurting productivity) or rushed (increasing risk). Either way, the people responsible for provisioning data are stuck in an unsustainable loop.
Metadata is the foundation for strong data governance. If you don’t know what’s in your data — specifically, whether or not it contains sensitive information — you can’t govern it effectively.
Yet, many organizations still rely on static, manual classification. This approach quickly becomes outdated and creates dangerous blind spots: Either data is over-provisioned, which increases risk, or under-provisioned, which delays access and insights.
Data engineering owns the pipeline. Security owns the controls. Governance owns the framework. The C-suite wants results. And business users just want access.
When these groups don’t speak the same language or operate from the same playbook, policy enforcement becomes inconsistent or worse: absent. So it may come as no surprise that 45% of data professionals say silos and fragmentation are top drivers of data governance challenges.
Add to that the technical sprawl of governing data across Snowflake, Databricks, AWS, and dozens of BI tools, and you end up with duplicative logic, conflicting permissions, and frustrated users. Without unified governance across teams and platforms, every stakeholder operates with a different definition of “secure and compliant.”
As with most “hindsight is 20/20” moments, many governance efforts start only after something goes wrong: a failed audit, a privacy incident, or an unanswerable compliance question that stops leaders in their tracks. This reactive approach leads to rushed policy creation, disparate enforcement, and fragile workflows that can’t scale.
Instead of building governance into the foundation of data operations, it becomes a side project — something to deal with later, when things calm down (spoiler: they never do). The result? Short-term fixes and long-term problems.
Governance teams often struggle to prove their value because they’re not measuring the right things — or anything at all. Without clear KPIs like time-to-data, enterprise-wide data usage, policy coverage, or risk reduction, there’s no way to quantify progress.
A lack of success metrics makes it nearly impossible to secure a budget, headcount, or platform investment to support data governance initiatives. Executives don’t want to hear about frameworks or workflows — they want to see business outcomes. If governance can’t show ROI, it gets deprioritized.
If you lack clear KPIs, you’re unlikely to get executive buy-in. But if you have no business case or visibility at all, you’ll definitely never get there.
Executives call the shots: they can kickstart or kill an initiative in a single email. So when leadership sees governance as a regulatory checkbox instead of a strategic enabler, it will be underfunded, under-resourced, and under-leveraged.
Without an exec sponsor who can champion governance at the C-level, the initiative never gets the visibility or priority it needs. The result is a governance initiative that constantly gets steamrolled by other programs perceived as higher value, and therefore higher priority.
The rise of generative AI, autonomous agents, and context-aware copilots is radically reshaping how organizations use data — and how it needs to be governed. Traditional governance frameworks weren’t designed for systems that request, process, and act on data in seconds, often without human oversight.
This isn’t a future problem to solve – it’s already here. According to 700+ data professionals, 55% of data governance strategies are failing to keep pace with AI, and 46% of organizations are experiencing difficulties integrating AI into existing workflows. Without a governance framework that can incorporate and control for AI, you risk shadow AI use, uncontrolled data sprawl, and regulatory risk exposure.
Once you’ve pinpointed the root causes of why your data governance strategy is failing, you can take targeted steps to address them. But it’s worth noting from the outset that this is often not a one-person job. Rally your colleagues who are involved in data governance and provisioning so that your voices can be heard loud and clear to the top rungs of the leadership ladder.
Here’s how leading organizations have taken the leap – and turned governance from a blocker to an enabler.
If you take away one piece of advice from this blog, it’s this:
Incorporating automation into your data governance and provisioning strategy will have an immediate positive impact on your workflows and your workload.
If you’re drowning in access request tickets, worried about sensitive data slipping through the cracks, or constantly trying to keep up with changes to policies, schemas, or access statuses, automation can make a world of difference.
Skeptical? Consider global news and information leader Thomson Reuters. The company needed to modernize its data governance and management processes, and manual approaches were simply not feasible. Immuta’s automated policy enforcement and fine-grained controls, allowed them to eliminate bottlenecks and bridge the security-utility gap that plagues many organizations. Now, Thomson Reuters governs 10,000 tables and 200 data sources with a single global subscription policy, and data usage increased 60x as a result of faster data access.
Because we don’t have to worry about the problems Immuta is solving, we move a lot faster in trying to solve the problems that are inherent to large mountains of data sitting in one place."
Carter Cousineau, VP of Data and Model (AI/ML) Governance and Ethics
Amid the surge of data access requests from human and machine users, centralized governance teams will quickly reach maximum capacity – and become a bottleneck. Decentralizing data ownership may seem counterintuitive to the security side of governance, but in practice it allows governance teams to breathe and stay in control.
This federated governance model empowers domain-based data owners – in other words, the people who know the data best – to manage and monitor that data. Plain-language policy authoring and automated enforcement make it easy for non-technical stakeholders to manage data, while governance teams still maintain oversight within a centrally governed framework. This also enhances data literacy and understanding of governance principles across the organization, making buy-in even more powerful.
The result? Governance that’s embedded into workflows, faster data provisioning, and shared trust across business units.
Metadata is an essential resource for data classification, discovery, and policy enforcement. Maintaining a metadata registry allows you to synthesize metadata about your data, users, and platforms for easy downstream policy enforcement – even as data changes. No more static approaches that require constant updating.
Getting metadata in order and syncing it with governance processes will allow you to automate data discovery and classification, ensuring that tags keep pace with schema changes, new data sources, and evolving sensitivity levels – and most importantly, that no data is slipping through the cracks.
Your governance strategy needs to be wherever your data is. Governance should know no boundaries, whether they be artificial (across teams) or more concrete (across platforms). Unifying governance across platforms will help break down silos, eliminate policy fragmentation, and ensure consistency across your entire data environment.
Integrating a specialized governance platform that abstracts policies from individual platforms not only gives you full coverage, but also avoids the tedious process of replicating controls in various locations for various users. It’s like emailing a large group using an email alias, instead of having to email each person in that group individually. You get more time back, with the peace of mind that consistent governance delivers.
Don’t wait until a security or compliance incident occurs to implement your data governance strategy. The time is now. When you shift your mindset from seeing governance as a compliance box to check, to seeing it as an enabler of faster data provisioning, your excuses for putting it off (and your bosses’) will be a thing of the past.
With that in mind, future-proof your data governance approach with dynamic controls. Opt for attribute-based access control (ABAC), which provisions data access based on metadata about users, data, context, and other factors. Unlike RBAC (role-based access control), which relies solely on user roles and is inherently static, ABAC frees you from the burden of manual management and the role bloat that comes with it.
No more pushing governance aside, hoping for the best, and scrambling when something goes wrong. Just proactive, scalable, and trustworthy controls.
Not sure where you stand? Take our data governance maturity assessment.
If you can’t prove governance is working, you won’t get funding for it. So begins a vicious cycle. That’s why you need to lay out clear, outcome-oriented KPIs – not just activity reporting – that help measure success and identify opportunities.
Benchmark yourself today by measuring indicators such as:
Revisit these metrics periodically as you implement your governance strategy. Over time, you will likely be able to expand this list, but don’t try to boil the ocean at the outset. Ultimately, positive momentum is what you need to demonstrate to leadership.
Showing progress toward your KPIs is crucial for your next governance strategy fix: gaining executive buy-in. Without C-level support, data governance efforts are at serious risk of falling by the wayside.
To get your leadership on board:
It’s also important to stress that progress may take time, and change is unlikely to happen overnight. However, the opportunity costs of doing nothing – delayed innovation, inability to adopt new technologies, losing out to competitors, etc. – far outweigh the investment you’re asking them to make.
AI isn’t waiting for your governance strategy. Three-quarters of data leaders say implementing AI/ML apps in the next year is a high priority, and agents and copilots are already becoming increasingly ubiquitous in workflows – requesting data, processing it, and making recommendations based on its analysis.
Your governance processes must be equipped to handle the scale and complexity that these new “users” will introduce. For instance, the ability to distinguish between human and AI users, access patterns, and activity will be critical for ensuring that access is transparent and compliant.
On the flip side, incorporating AI into your governance workflows will help alleviate many of the root causes highlighted in the previous section. AI-driven data governance and provisioning tools can intelligently streamline mundane tasks and take lower-stakes access decisions off your plate, freeing you up to focus on higher impact needs.
Immuta Copilot, for example, transforms a plain-text prompt into a comprehensive policy, while Review Assist references past access decisions when suggesting whether to grant, deny, or temporarily provision access to data, along with an AI-generated justification for the recommendation. Adopting these and other emerging technologies will help make AI your competitive advantage in data governance.
You can’t govern today’s data with yesterday’s approach. In a world where data and AI are moving fast, you need a governance strategy that moves faster – always staying two steps ahead. The governance teams that are able to do so will:
Retooling your governance strategy with these pointers in mind will take your governance strategy from an obscure idea to a business imperative that drives data use across your organization. Assess where you currently stand, and use this article to start a conversation with your team – and your manager – about how to optimize your data governance strategy for short- and long-term success.
Want more support? Get more insights on data governance in the AI era from DBTA.
Read more about data governance strategy.
