March 15, 2023
Data governance has become the driving force behind enterprise data management strategy. It is a complex discipline, requiring sophisticated tooling to help you perform the multitude of different tasks involved in meeting your data governance objectives.
You’ll need a data governance platform that will help you manage data in line with data protection regulations and standards. You'll need it to help protect your data from compromise by malicious actors. You'll need a way to optimize storage to make efficient use of IT infrastructure. And you may even need the tools to migrate your data to a new location and a way to map and identify all of those assets.
Those may seem like four random tasks, but these undertakings aren't separate and distinct from another. They are highly interrelated. In other words, they're very much part of a single data governance problem that your data governance platform will need to solve.
This post explains exactly how migration, security, compliance, and storage optimization are interconnected challenges and why you need to address each of them in tandem. Read on below or use these links to jump down to each section:
- What Is Data Governance?
- A Unified Approach to Data Governance
What Is Data Governance?
Data governance is an approach to data management designed to help ensure that your data is fully within your control, including how available, accessible, usable, and secure it is. It comprises a series of internal data policies and standards, and benefits the modern enterprise in numerous different ways.
Data governance is key to improving data quality and the accuracy of business intelligence, helping to drive better decision making. It helps reduce data inconsistencies across an organization, so different systems work in greater harmony with one another. It helps you meet your security and compliance goals. And it encourages more efficient use of data, thereby helping to keep costs down.
It’s these four aspects—compliance, security, storage optimization, and migration—that form a single, interrelated challenge we call the data governance quartet. In the next section we’ll take a look at how these problems are related and what solutions data governance platforms should provide to address them.
Dissecting the Data Governance Quartet
With compliance, it’s especially clear to see how parts of the quartet form a single data governance problem. The relationship between compliance and security is widely recognized, as most data protection regulations and standards put a strong emphasis on the security of personal data. But there are more relationships to optimization and migration to also consider.
The reason for the confusion between security and compliance is because regulatory requirements for security tend to be broad in nature, merely stating you're required to implement appropriate technical and organizational measures to protect personal data. And this makes sense, as the specific course of action any organization needs to protect its information assets will always be as individual as the organization itself.
By contrast, where compliance relates to other aspects of data governance, the requirements are often far more specific. These include common privacy principles:
- Data minimization means only attaining data that your business operations actually require.
- Storage limitation means storing data only for as long as it is in use, unless otherwise required.
- Right of access gives individuals the ability to access to any of data pertaining to them that is being stored
- Right to erasure gives those same individuals a way to have any of their personal data erased
Each of these points is closely tied up with storage optimization. For example, data minimization and storage limitation both help streamline the amount of data you store while good storage optimization practice makes the task of meeting right-of-access and right-to-erasure requests much more straightforward.
Finding and appropriately labeling and storing any data that adheres to specific compliance requirements is also similar to taking steps to migrate data.
In addition, many data protection regulations have rules governing where in the world you can and cannot process personal data. This is an important consideration if you're planning to migrate data to an alternative location—all the more so if you'll be using a public cloud vendor, which offers a choice of different data center regions across the globe.
One of the most basic principles of cybersecurity is that you cannot protect what you don't know you have. But much the same applies to compliance, storage optimization, and migration.
You need to know what data you have in order to store and process it in compliance with regulations and standards. You also need the same visibility to ensure you're optimizing data storage. And the more you know about your data, the greater the chances your migration project will be a success.
In other words, compliance, security, storage optimization, and migration are all tied together by the same fundamental requirement for visibility into your deployments. But the overlap doesn't end there.
Security can often be a storage optimization issue. For example, cyberattacks such as SQL injections can ramp up the load on your database servers. And, if these are hosted in the cloud, an attack could send your costs through the roof.
Backups are another area in which security and storage optimization are heavily interdependent. They play a key role in data security by providing a method of recovery in the event of an attack. But, by the same token, they're a popular target for the hackers and therefore need appropriate levels of protection. At the same time, backups are a storage optimization issue. For example, you should look to keep costs down by strategically using low-cost storage tiers for backup and archival data.
You should also be aware that not all data is equal. Important information will require several backup copies, whereas other data may not need as much protection. Backups are also subject to other storage optimization issues.
And, finally, some organizations may decide to strengthen their defenses by moving or copying data to an alternate location, as is recommended by the 3-2-1 backup strategy. This highlights the link between migration and security.
Enterprises are processing and storing increasing amounts of data. And much of this is hosted in the cloud, which operates on a pay-as-you-go (PAYGO) billing model. This therefore makes storage optimization more important than ever.
One way to optimize storage costs would be to remove the junk data from your systems: duplicate, stale, and unnecessary data. Similarly, you should remove unattached persistent volumes and any associated backups you no longer need.
Such out-of-date information may have stopped being useful to your organization, but it's invaluable to hackers. Taking steps to organize and delete such data not only reduces costs, but also helps reduce the attack surface. What's more, they ensure better data quality for data migration and compliance reporting.
As part of your storage optimization routine, you also need to make choices about encryption and file permissions based upon the compliance and security requirements for each type of data you store. In addition, you need to rotate data to low-cost storage tiers and set retention policies, both of which have implications for security and compliance.
You can optimize storage by taking advantage of more flexible and cost-effective storage options. Since the cloud is the obvious cost-optimization choice for on-prem deployments, storage optimization is frequently synonymous with migration. That holds whether moving data from on-premises servers to the cloud or between different locations within a multicloud environment.
Migration projects such as these require due considerations for security. For example, static on-premises infrastructure has long used traditional security tools and methods based on perimeter-based protection. By contrast, the cloud is dynamic infrastructure, made up of lots of moving parts. This necessitates a different approach to security—with more emphasis on intrusion prevention at individual workload level.
If you're switching to new on-premises servers, you'll be transferring your data to a new environment with different configurations and security challenges. But if you're migrating to the cloud, you'll be moving to a much more flexible and complex environment with a huge range of configuration options. Of course, with more options come even more potential security loopholes.
In both cases, you'll need to ensure you neither migrate existing security issues nor create new ones. For example, a migration could compromise security if file permissions are copied over incorrectly.
Migration should also be the opportunity to optimize your data and ensure it is in good shape before you transfer it to its new environment. That way, you'll avoid replicating any data inconsistencies and data integrity issues. Through good storage optimization practices, you'll also reduce the amount of data you need to migrate. This will speed up the migration process and reduce the scope for issues to arise during the data transfer.
What's more, as part of your migration planning, you'll need to estimate projected storage capacity requirements for your data in its new environment. And, once you've completed the migration, you'll need to be sure you haven't provisioned unnecessary storage to avoid racking up unnecessary costs.
And, finally, migration has implications for compliance. For example, you'll need to keep track of data in its new location in order to correctly serve right-of-access and right-to-erasure requests.
Data Governance Platforms: A Unified Approach to Data Governance
A huge variety of compliance, security, storage optimization, and migration solutions are available on the market to meet your data governance needs. And many of these are highly specialized, highly capable, and highly sophisticated.
But these challenges are heavily interconnected and therefore demand tooling that offers a unified approach to data governance. This should provide strong data discovery capabilities, a deep understanding into the nature of your data, and a complete view across your entire multi-cloud data estate. That way, you'll know what to protect, migrate, and optimize, and what data is subject to compliance requirements.
It should also allow you to easily drill down to specific types of data and validate ownership so you can take appropriate governance measures quickly and efficiently.
In other words, it should be designed for the everyday practicalities of data governance rather than a set of discrete tools that treats each of these individual tasks in isolation.
And that's exactly what NetApp Cloud Data Sense sets out to do. Data Sense is NetApp’s data governance platform, giving users a wide array of features that enable you to address the data governance quartet’s challenges:
- Maintain compliance: Drill down into metadata with automatic and AI-driven data mapping to identify sensitive data that needs to comply with regulations.
- Strengthen security: Manage security permissions and locate data across your entire data estate, both on-prem and in the cloud.
- Optimize storage usage: Identify data that’s not necessary to keep, such as stale or irrelevant data, so you can optimize storage.
- Accelerate migration: Create clean data copies to migrate that are cost-effective and free of error.
See why GigaOm gave Data Sense high marks in two recent reports.