Data Security Ownership: Navigating Top Challenges & Key Solutions

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Ben Herzberg of Satori acts as our guide in navigating who ultimately claims data security ownership in an organization.

Data security ownership involves the rights and responsibilities related to managing data security within an organization. It entails designating a person within the organization who appreciates the value of collected data and ensures its security, accuracy, and usefulness. These individuals aid in decision-making, ensure compliance, and foster a culture of responsible data management. However, pinpointing who exactly “owns” data security within a company can be complex.

Due to the intricate nature of this responsibility, organizations may choose not to assign dedicated data security owners or might expect everyone to shoulder the role. Neither option is sustainable, and with no leader, data security becomes compromised over time, leaving it vulnerable to potential breaches and unauthorized access.

Data Security Ownership: Navigating Top Challenges & Key Solutions

Challenge #1: Navigating Data Sprawl

The larger the organization, the more data it stores and the more complicated it is to identify and assign data security ownership. Over 100 zettabytes of data will be stored in the cloud by 2025, and most companies estimate that more than half of this data is unstructured (i.e., text, video, audio, web server logs, or social media activities). Not only that, data is often spread across different departments, systems, and locations, each with distinct security protocols and practices. Shifts in organizational structures or changes in personnel also impact data security ownership, leading to confusion and potential security gaps. Given these factors, trying to get a grasp on just how much data a company has – and how much of that is regulated sensitive data – is like navigating a black hole.

The solution? Start by establishing a dynamic data inventory. A dynamic inventory of all data is essential for understanding the types of data a company possesses, its location, and how it flows within the organization. By maintaining a comprehensive data inventory, businesses have a better understanding of where sensitive data lives so they can properly assign ownership and take the right measures to protect it.

Challenge #2: Misalignment Between Data and Security Teams

Balancing data sharing, access, and security responsibilities often leads to tension between security and data teams. Data teams are responsible for controlling data access. However, data teams are already stretched, and adding data security to their lists of responsibilities takes them away from other work.

On the other hand, security teams lack visibility into what data exists and how it is being used. IANS Research highlights that while security or risk personnel can offer assistance in data protection and serve as advisors, their lack of familiarity with the data “cannot ensure the controls placed around the data will be appropriate for each business context.” They also lack control and are generally unable to directly access databases to set necessary policies, relying on engineers to implement security protocols.

The solution? Prioritize collaboration between data and security teams. The data owner needs to ensure that security policies align with the unique requirements of each business context to meet security and compliance. While security teams are responsible for meeting these requirements, they rely on data teams for implementation. To harmonize these objectives, having dedicated collaboration between data and security teams is crucial. The goal is to have teams that are willing to work together to define and enable data success. Security decisions should be clear, deterministic, and make sense to the organization as a whole.

Challenge #3: Unclear Data Sharing Expectations

Different data stakeholders have different expectations when it comes to data access and sharing. The original data creator may feel a sense of ownership and be hesitant to share access – or wants to but doesn’t know how – impeding data sharing and collaboration. Any data user with access to sensitive data also needs to be held accountable and aware of their role in protecting that data. The job of enforcing these policies and making sure the company is set up for success falls on the shoulders of the data security owner.

The solution? Set data owners up for success with clearly defined responsibilities, support from others, and access to the right tools. The data security owner oversees data protection, data availability, data quality, and adherence to retention and destruction practices. They should be involved throughout the entirety of a data project. They need the authority to make changes to workflows, practices, or infrastructure to ensure data quality.

Data security owners also need access to resources and tools to do their jobs properly. Enterprises should invest in data inventory management, data access control, data protection, and data security technologies to streamline and automate processes, monitor progress, and facilitate effective data sharing and security. Data visualization tools and self-service platforms empower data owners to explore data, derive insights, generate reports, and manage data access and security policies on their own, without relying on data engineering or security teams.

So, who is the ideal data security owner? Look to senior users – team leaders, department heads, and other executives who know the data intimately. These experts will not only ensure data security but also hold others accountable for adhering to security policies. With access to the right resources and support from others within the organization (including data governance, IT, business analysts, and legal/privacy functions), data security owners will play a pivotal role in ensuring that valuable data is both accessible and secure.