The Cloud Data Management Framework (CDMC) establishes a set of best practices and capabilities for data management challenges in the cloud.
This framework establishes a comprehensive set of standards to help organizations manage and protect their cloud data, migrate securely to the cloud, and incorporate automation and technology for better data management.
“It started out kinda humbly and turned into quite a massive activity,” EDM Council President John Bottega told BigID CEO Dimitri Sirota.
Cloud Data Management Challenges and Use Cases
According to the EDM Council, the goal of the CDMC is to “allow companies across all industries to more effectively pursue and implement multi-jurisdictional cloud adoption strategies and best practices.”
To help companies migrate to the cloud and gain more visibility of data in the cloud, the CDMC Framework consists of 6 components, 14 capabilities, and 37 sub-capabilities that provide in-depth guidance on how to protect sensitive data in a cloud/hybrid cloud environment.
The 6 components and 14 capabilities of the CDMC encompass:
1. Data Governance and Accountability
- Data Ownership
- Data Sourcing and Authorities
- Data Sovereignty
Catalog, Manage, and Assign Ownership: Catalog, tag, and maintain data ownership roles for source data and newly generated cloud data; empower data stewards to validate and curate data; and find duplicate data for automated labeling, governance, and consolidation across all data sources and cloud targets.
2. Data Cataloging and Classification
- Data Cataloging
- Data Classification
Discover and Classify All Sensitive Data at the Identity Level: Use advanced ML to find, tag, and catalog data and map sensitive data to a specific person. Catalog data and metadata can be exchanged with other data catalogs and across multi- and hybrid-cloud environments.
3. Data Accessibility and Usage
- Data Entitlements and Access Tracking
- Data Ethical Use and Purpose Tracking
Account for All Cloud Data with RoPA: Automatically track data with a record of processing activities (RoPA) capabilities so you can accurately account for all data processed across the enterprise, identify the risk associated with third-party sharing, and take the actions necessary to protect consumer data and manage compliance.
4. Data Protection and Privacy
- Securing Data
- Data Privacy
Reduce Risk, Protect Customer Data, and Maintain Compliance: Automate data-driven privacy compliance for new and emerging privacy and protection regulations, and secure personal, sensitive, and regulated data in the cloud. Transform data security with ML-based classification, file analysis, and apps to reduce risk.
5. Data Lifecycle Management
- Data Profiling and Quality
- Data Lifecycle Management Plan
Ensure Data Quality and Define Retention Policies and Workflows: Analyze and improve the quality of cloud data, improve efficiency, leverage dynamic profiling across all data for relevant data quality scores — migrate data to the cloud with confidence. Manage and enforce data retention policies across all your data, define policies to retain or discard data in the cloud, automate and scale workflows, and comply with regulations.
6. Data and Technical Architecture
- Data Provenance / Lineage
- Technical Design Principles
Trace Lineage Flows: Identify all instances of data stored in different data silos — and traverse through your data sources to trace the lineage flow. Validate data flows inside the catalog to confirm the lineage, and mark the authoritative source of the data set.
Who Needs to Adhere to the CDMC Framework?
Organizations that handle sensitive, personal, or regulated data in cloud, multi‐cloud, and hybrid‐cloud environments should pay particular attention to the CDMC Framework. Originally focused on financial services organizations, this is designed to help manage an organization’s most. This data includes — but is in no way limited to:
- personal information (PI) or sensitive personal data
- personally identifiable information (PII)
- client identifiable information
- nonpublic information (NPI) and material nonpublic information (MNPI)
- protected health information (PHI) and electronic protected health information (ePHI)
- “highly restricted,” “confidential,” or other information with specific sensitivity classifications
- critical data used for important business processes (including regulatory reporting)
- licensed data
Organizations can obtain CDMC accreditation following training — or certification after passing the CDMC exam.
Differences Between Cloud Data Management and Traditional Data Management
Organizations familiar with the EDM’s DCAM model may wonder, what’s the difference between DCAM and the new CDMC Framework?
DCAM — the Data Management Capabilities Assessment Model (DCAM) — established by the EDM Council in 2015 — is an industry-standard assessment framework for data and analytics management. Organizations would use DCAM for data and analytics management.
The CDMC, on the other hand, is a certification framework for data management — particularly that of sensitive, personal, regulated, and critical data — in cloud, multi-cloud, and hybrid-cloud environments. Developed by EDM Council’s CDMC Workgroup, with participation from leading financial industry firms, consultancies and technology companies, including Amazon Web Services (AWS), Google Cloud, IBM and Microsoft, London Stock Exchange Group (LSEG), and BigID – it’s designed to help organizations manage their cloud data more effectively, responsibly, and consistently.
Learn how to map to the CDMC capabilities and align to the CDMC framework — get a 1:1 demo with our cloud data management experts to get started.