AI permeates seemingly every aspect of modern business nowadays. And chief data officers (CDOs) are at the center of that vortex. They need to help ensure that AI efforts pay off, while at the same time providing teams with access to trustworthy data and limiting exposure to risk. No easy task.
We recently discussed this and other topics in a virtual meeting with members of the Informatica CDO Executive Advisory Board (EAB). We were joined by Brett Roscoe, SVP and General Manager, Data Governance and Cloud Ops at Informatica; and Jason du Preez, VP, Product Development at Informatica and former CEO of Privitar (recently acquired by Informatica).
During the meeting, Brett and Jason led a discussion on data privacy and protection challenges, which included topics such as why data access governance is foundational for responsible data and AI democratization, and Informatica’s point of view on what’s required to address these challenges. EAB members greatly appreciated the insights from the discussion including a look into how we plan to implement Privitar technology in this context. Let’s explore highlights of our discussion.
Data Privacy and Protection Challenges
Data privacy is a critical concern as organizations balance data utility with responsible use of data. The General Data Protection Rule (GDPR)1, California Consumer Privacy Act (CCPA)2 and other privacy laws and mandates have reinforced the need to protect sensitive data, in particular personal identifiable information (PII). Making data privacy a priority helps organizations ensure responsible and efficient use of data. It also acts as a forcing function to optimize appropriate data use for today’s data-hungry applications such as AI and analytics.
In a recent survey, 44% of data leaders cite data privacy and security as a top priority in 2023. They realize that data privacy and protection are critical to maintaining a competitive advantage. Addressing these requirements can help:
- Encourage responsible use of data, which in turn can accelerate growth and respond faster to requests
- Safeguard customer data, which will help improve customer satisfaction and build greater loyalty
- Reduce the costs stemming from data misuse and abuse when handling personal and other sensitive data
- Balance risks and business needs by effectively adapting to regulatory changes and new mandates
But a number of challenges can make it difficult to achieve these goals. And the advent of generative AI has only complicated those challenges, which include:
The increasing scale of data. Silos inhibit the ability to locate, identify and manage sensitive data, creating risk exposure.
Cloud migration hurdles. It’s imperative to track the movement of sensitive data, as security and legal risks grow.
Democratized data sharing. More data sources and applications and uses cases can lead to more abuses and growing risk.
Data use accountability. It can be difficult to establish effective security and privacy practices with traceability.
Audit and compliance. Complex policies and jurisdictions require sophisticated controls and transparency.
Trust in data adoption. Policies need to control data access to ensure ethical and appropriate use.
An EAB member shared that generative AI is the greatest unknown. The use cases are compelling, but it’s difficult to know how traditional foundational capabilities apply in a structural role, they stated.
The Key Role of Automated Data Access Management
Given these challenges, data access governance is more important than ever, Jason stated.
An EAB member stated that compliance is a big driver in the financial services sector. But, they still want to do analytics and AI. And companies are often resource constrained, so it becomes a delicate balance between data information security and data engineering. Having a single point of collaboration and putting that in the hands of one team would help streamline those processes, they felt.
Another EAB member concurred, stating that they want to continue to democratize data analytics and AI across the business rather than keep it tightly centralized, as it’s seen as a key enabler. But with great freedom comes great responsibility, they noted.
On the one side you want to have governance, stated another EAB member, but on the other side you want to provide access, and enable self-service access management. The capabilities provided by a data marketplace are becoming more relevant, they opined. A different EAB member indicated that a unified approach in which data access management is integrated with data cataloging and metadata can help drive more automation and simplify workflows.
Automation makes a big difference, Brett agreed. Defining and documenting policies is not enough; you have to automate policy enforcement across the data landscape. To do that successfully, you need to decouple policy definition from enforcement — define once, and enforce across data platforms, tools, consumption patterns and even organizational boundaries. By separating policy definition from policy enforcement, you can have one central policy manager.
Data access control must be based on multiple factors like identity, location, usage context, risk scores, etc. and should be extensible to handle diverse scenarios. Having attribute-based rules, as opposed to role-based access controls, can enable you to overcome the need for approval from multiple parties to share sensitive data. You can also make fewer copies of data. If you can provision the same data product but base it on an individual’s access right, you can mask or obfuscate certain portions of the data product as needed.
We’re trying to move data access across the organization, not in data silos, an EAB member shared. When you get down to the field level, many care only about a small 5% of their data. Being able to automate 95% of access to that data leads to much more reuse of data.
This approach can result in enormous savings and greater efficiency. For example, I shared how a Japanese bank recently identified third-party data sets for which they had paid millions of dollars but that no one was using.
In summary, EAB members believe risk and compliance and data democratization for analytics and AI are top use cases for data access management. To learn more about the advantages Informatica technology brings, join the virtual edition of our Informatica World Tour. Register now.