Building a Single Source of Truth Across Privacy, Security and Governance
As data becomes the essential fuel for the modern digital enterprise, business functions including privacy, security, marketing, sales, and finance require confidence in the data they use to inform their decisions and actions.
Bad data can lead to bad decisions.
Today, however, most groups inside an organization rely on their own view of data truth. They use different tools to survey their data landscape – resulting in inconsistencies from technology to technology, and from method to method.
Different Data Goals With Different Data Truths
Historically, privacy functions have relied on interviews and email surveys for building an “inventory” of personal information. Data recollections, not data records were used to identify where sensitive personal information was collected and why (or how) it was processed. However, memory is fallible at the best of times, and lacking in both accuracy and recall when it comes to digital things like data. In fact, knowing “what” data, and “whose” data goes into what data source is not suited for surveys: it’s better served by scans. But all too often, scans are absent in privacy: resulting in error-prone reporting, decisions and actions. Identifying digital identity in data requires digital methods.
Security, meanwhile, has developed its own approach to uncovering sensitive or crown jewel data. Security practitioners have long relied on scanning technology built on “classification” to determine what sensitive data resided where. Unfortunately, the pattern-based “classification” technologies used by security professionals were largely developed in the mid-2000s to identify data in data stores that prevailed at the time: relational databases, file shares, and on-prem mail.
The world has evolved, and so has data.
Today the variety of data stores (whether on-prem or cloud) has exploded with a new generation of data stores: including data lakes, NoSQL, messaging, data pipelines, applications, and more. Security pros now need to find tools that can cover their modern data landscape for finding all types of data – while still showing compatibility with what privacy pros need.
But security and privacy are not the only constituents inside the enterprise that need data insights. Data Governance professionals require authoritative data truth to affect decisions and actions on data lifecycles.
Unlike their brethren in privacy and security, Data Governance professionals rely on a totally different method and technology for establishing data knowledge: metadata capture or “cataloging” to identify what data resides where. Traditional catalog tools read ‘data about the data’ – like a data table column name – to establish what data is contained in the data source. Most of the tools that accomplish this, however, provide limited views into the structured data inside the enterprise – leaving a sizable blind-spot around everything else. Moreover, they’re prone to human error: they depend exclusively on human judgment and memory, relying on manual (human) descriptions of the underlying data.
Equally problematic? Data governance discovery technology is fundamentally incompatible with discovery in privacy or security. They look at different things in totally different ways.
The traditional approaches of data discovery for privacy, security and data governance cannot possibly give consistent views of the underlying data:
- They each look at totally different artifacts.
- They each cover different data sources.
- They each define different methods with different dependencies on manual entry, recollection or interpretation.
- They each also lack any native method of verification making confirmation of data impossible.
As a consequence, none of the three methods are reliable – nor do any of the three technologies provide a compatible or consistent source of data truth.
A Single Source of Data Truth with BigID
Given the importance of data truth in informing decisions and actions in privacy, security, and data governance, it’s incomprehensible that each discipline should have its own inconsistent version of the data. Protecting data should not be based on a different interpretation of data facts from governing data. After all – companies can’t run their business financially with different and incompatible sets of books: they rely on one financial accounting system that informs every operational part of the business. This should be true for data accounting too. Data truth cannot be relative.
BigID introduced its Discovery-in-Depth technology specifically to remove the interpretation and relativism to understanding data truth. With Discovery-in-Depth, organizations benefit from three lenses working in concert: a privacy-centric ‘Correlation’ method of data discovery, married to a security-focused ‘Classification’ system and coupled with a data governance-oriented ‘Catalog’ metadata view.
Each of these three lenses is based on scans, not surveys – ensuring they rely on found data records as opposed to data recollections. With BigID, all three methods run concurrently, validating the findings of the other two, to provide a deeper and more authoritative view of the underlying data. They work together to reveal and validate different qualities and artifacts in the underlying data. And they do so while providing a view appropriate to each of the three stakeholders – so that every practitioner gets the view they are most comfortable with, while establishing a single source of data truth across privacy, security, and governance.
With BigID, privacy, security, and data governance can benefit from one source of data truth for the first time: ensuring consistent and compatible decisions. Each stakeholder can still benefit from their own lens into the data, but there’s no duplication of effort or cost. Data truth shouldn’t depend on the eye of the beholder: with BigID, data truth can be universal across the business.