Chapter 7. Data Protection
One of the key concerns of data governance is that of protecting data. Owners of data might be concerned about the potential exposure of sensitive information to individuals or applications without authorization. Leadership might be wary of security breaches or even of known personnel accessing data for the wrong reasons (e.g., to check on the purchase history of a celebrity). Users of the data might be concerned about how the data they rely on has been processed, or whether it has been tampered with.
Data protection has to be carried out at multiple levels to provide defense in depth. It is necessary to protect the physical data centers where the data is stored and the network infrastructure over which that traffic is carried. To do this, it is necessary to plan how authorized personnel and applications will be authenticated and how that authorization will be provisioned. However, it is not enough to simply secure access to the premises and the network—there is risk involved with known personnel accessing data that they are not supposed to be accessing, and these personnel are inside the network. Additional forms of protection such as encryption are required so that even if a security breach happens, the data is obfuscated.
Data protection needs to be agile because new threats and attack vectors continue to materialize.
A key aspect of data governance is determining the level of protection that needs to be afforded to different ...