The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

What is a Data Governance Model?

by Chris Brook on Tuesday December 29, 2020

Contact Us
Free Demo
Chat

Learn about data governance and data governance models, the key elements usually covered by policies, benefits, risks, and best practices.

Data governance is the process of identifying an organization’s crucial data and ensuring data quality and data security. It also involves extracting value from company data to improve business performance.

According to Experian, “Data governance is a process to ensure data meets precise standards and business rules as it is entered into a system. Data governance enables businesses to exert control over the management of data assets. This process encompasses the people, process, and technology that is required to ensure that data is fit for its intended purpose.”

According to a November 2018 report from IDC, the “global datasphere” – including all the data captured, created, or replicated around the world – reached 33 ZB (zettabytes) in 2018. IDC predicts that the total data around the world will continue to grow exponentially, reaching 175 ZB by 2025. In 2020, an estimated 1.7 MB of data is created for every person in the world, every second. With such a vast amount of data, organizations need to manage their data in a more structured and secure way. This raises the need for data governance.

What is a Data Governance Model?

A data governance model is a framework that outlines processes and systems for data creation, data storage and maintenance, and data disposal. Rather than a single data governance model used by every organization, there are several types of data governance models. Models vary based on who is creating and using the data. NTT DATA outlines four common data governance models, including:

  • De-Centralized Data Governance Model with Single Business Units - A de-centralized data governance model with single business units typically consists of individual business users who create, manage, and use their own data.
  • De-Centralized Data Governance Model with Multiple Business Units - In a de-centralized data governance model with multiple business units, various business units may be sharing customers, vendors, and other interests, and as such they share a set of master data.
  • Centralized Data Governance Model - In centralized data governance models, there may be single or multiple business units with centralized maintenance of the master data. The business units, or consumers of the data, make requests, and a central organization is tasked with managing the master data.
  • Centralized Data Governance Model with De-Centralized Execution - In a centralized data governance model with decentralized execution, there’s a centralized data governance entity responsible for defining the data governance framework and policies, and individual business units are responsible for creating and maintaining their portion of the master data. 

A data governance model defines the basic structure of responsibility for master data management, while data governance policies define the people, processes, and technologies for managing data.

Key Elements in a Data Governance Policy

A data governance policy outlines how the data of an organization is managed and controlled. Here are some common areas generally covered by data governance policies:

  • Data availability: This ensures that important data is available to the business functions that need it.
  • Data quality: This ensures that the data is accurate, complete, consistent, and up-to-date.
  • Data integrity: This ensures that the data holds its essential qualities as it is stored and transferred from one platform to another.
  • Data usability: This ensures that the data is rightly structured and labeled, making it easy to retrieve.
  • Data security: This ensures that sensitive data is properly safeguarded so the chances of data loss are minimized.

Benefits of an Effective Data Governance Model

As discussed earlier, the volume of data is increasing at unprecedented rates, and companies must manage their data effectively to keep it secure. With a data governance model, the systems and processes for collecting, storing, using, and deposing of data are defined, and the roles of decision makers are made clear.

There is transparency in the system, providing visibility into where the data is stored and whether it’s flowing correctly from one platform to another. This transparency helps in putting privacy checks in place, making the data more secure.

An organization needs to have an understanding of its data before it can adequately protect it. You cannot protect something if you do not know what it is, where it exists, and how important it is. Data governance helps you understand what data you have, where it is stored, how to use it, and who can access it. It ensures that there is a process in place to delete the data safely when it’s no longer required.

Since the parameters of data are now extended to suppliers, partners, cloud vendors, and other parties, businesses can no longer have perimeter protections. It’s important to manage data in a responsible and structured way so that your security team can implement the right safeguards and controls to ensure data security.

Risks of Poor Data Governance

While many companies have in-house IT teams, the responsibilities for enterprise data are generally unclear. When there are no clear rules and policies that define who is responsible for what type of data, it creates security loopholes and reduced data quality. With poor data quality, business processes become inefficient, and companies may risk non-compliance with industry regulations. Ineffective data governance processes could cause problems for companies that are required to comply with data privacy laws, such as the California Consumer Privacy Act (CCPA) and GDPR.

With a data governance model in place, a business has clearly defined roles and responsibilities for data management, as well as detailed policies that specify the appropriate processes for collecting, using, storing, and disposing of data in accordance with applicable regulations.

Data Governance Best Practices

A data governance initiative should begin with management support and stakeholder support. It’s best to start with a pilot project and test it on a set of data. A pilot project is a useful way to demonstrate the effect of data governance on key business objectives, such as compliance and ROI, to stakeholders.

Companies should carefully evaluate software and other technology tools for managing enterprise data. Choose solutions that can accommodate your vital business data without introducing unnecessary security vulnerabilities and risks.

In a Gartner report published in 2019, analyst Saul Judah explained the foundations for effectively governing data and applications:

  • The focus should be on organizational value and business outcomes.
  • There should be an agreement on decision rights and data accountability.
  • It should be a trust-based data governance model.
  • The decision making process should be transparent.
  • Risk mitigation and data security should be a core governance component.
  • Regular education and training to increase effectiveness.
  • Collaborative culture that encourages extensive participation.

There’s no single data governance model that’s suitable for every organization. Seeking input from all business units and stakeholders and taking the time to develop a customized data governance model that meets your company’s needs will provide a robust framework that allows you to get the most value from your data while maintaining data security.

Tags: Data Protection 101

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.