Data governance in a cloud-native world

Who governs your data? How do you know your 'customers' data is protected? And can those questions help grow your career?

Data governance, according to the Data Management Association (DAMA), is the collection of practices and processes that manage data. The last two years are responsible for 90% of the 'world's data. Every minute, users upload 500 hours of video to Youtube. And with increased adoption of 5G, the Internet of Things, and many other technical advances, data continues to grow exponentially. Who does an organisation like Youtube, or your organisation, trust with its data management practices and processes?

One answer is to delegate some data governance responsibilities to a cloud service provider. By migrating their data to the cloud, organisations embrace a shared responsibility model. For example, many customers store their data (which includes their 'customers' data) in AWS S3 buckets, as objects. When they do so, AWS will handle the security of the underlying storage nodes, making sure that the storage nodes themselves are patched, updated, and locked down. As your cloud provider, AWS ensures that the environment containing your data is secure.

But, don't assume that storing your data on a managed cloud also means that every aspect of your security and access will be 'managed'.

For example, determining who has access to the data is your responsibility. If you choose to configure your S3 bucket to allow for public sharing, you will also need to determine who has access to your content. Do they have read-only permissions? Delete permissions? Not having a strategy around access and controls leads to breaches and compromised data -- unwanted distractions for any organisation.

The AWS Shared Responsibility Model

That's why you should understand not only AWS's shared responsibility model but also assemble a Cloud Center of Excellence (CCOE), a team of experts who focus on cloud migration and data governance throughout the entire organisation. Amazon published an in-depth article on how Dow Jones and its flagship publication, The Wall Street Journal created their CCOE.

What are leaders saying about data governance?

Advancing Women in Product, a global 501(c)(3) NGO dedicated to empowering women and minorities to advance their careers in tech, held an Ambassador's roundtable on' Privacy by Design 'in August. Engineering, venture capital, and product leaders gathered at this roundtable to share their perspectives on the changing landscape of data governance.

Wayne Duso, a Vice President of File, Edge, and Data Services for Amazon Web Services said,' We need to have strict training and policies to determine who has access to which dataset, in the form of a systematic stage gate. In this day and age, only a few companies can get away with being careless about their user data privacy because there are no other alternatives. However, that is not a sustainable strategy'.

David Temkin, a Director of Product Management for Google's Ads Privacy & User Trust, noticed,' Consumers are getting less comfortable with sharing their data, and we can see this by the fact that consumers are more choosy when it comes to which services they want and how much personal information they are willing to give away'.

Jake Saper, an investment partner at Emergence Ventures (an early-stage venture capital fund based in the Silicon Valley), remarked,' Many of the companies look at OAuth via Google or Facebook, which means that users have to first authorise that particular application with access to their Google or Facebook information, before being able to access that application.'

Rohini Pandhi, a Product Lead at Square, shared best practices employed:' We have a centralised InfoSec team that will work with each product team to review the 'gotchas' before new application updates for the Square platform are released'.

Chaitra Vedullapalli, the co-founder and CMO for Meylah (a cloud solution provider) and the founder of Women in Cloud (a community of female founders building cloud SaaS products), recommended,' Bring data governance as a core piece of the conversation as you build the product. Don't have it as an afterthought. Once you see how the data governance piece works in the overall context of product development, the conversation gets easier'

And to intersperse the perspective of someone who works in data privacy day in and day out, Barkha Saxena, the Chief Data Officer for Poshmark, summed it up,' Regulations like GDPR and the CCPA (California Consumer Privacy Act) provide users the ability to opt-out rather than to opt-in. However, the gap that exists today is a comprehensive report of how organisations and products enable users to opt-in, which suggests that the majority of the industry is still evolving in this direction'.

Who are heroes of data governance?

A decade ago, it might have been sufficient to call one person' Chief Data Steward', have her type up some policies, put them in a binder, and leave it at that. Now, it takes a diverse team, including but not limited to these archetypes:

1. The CIO or engineer who creates, updates, and takes offline the systems that collect and store your data.
2. The Chief Data Officer or data scientist who queries your data and derives business value.
3. The Chief Information Security Officer, analyst, or investigator who is responsible for cybersecurity, breach investigation, and digital forensics.
4. The General Counsel or in-house attorney who monitors changes to laws like the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), or Health Insurance Portability and Accountability Act (HIPAA).
5. The Solutions Architect. This archetype helps all of the above instantiate their policies and procedures in the cloud. If you're looking for a great AWS Solutions Architect, message me on LinkedIn, and I'll find one who will help you achieve your goals.
6. The Privacy Program Managers, Data Custodians, and Auditors. These individuals, both in-house and external, make certain that your policies and procedures are followed day-to-day and triage issues.

There are possibly more archetypes, such as a representative from each organisation's department to help make sense of the data, sometimes called' Data Owners'.

Is data governance a level playing field for women?

Another professional group, the International Association of Privacy Professionals (IAPP), found in 2015 that many of the roles above were gender-balanced, with' a 50-50 split in raw numbers between women and men'.

More recently, one of my colleagues attended the Privacy+Security Forum at George Washington University and found that there were slightly more women than men in attendance.

While many occupations are characterised by gender imbalance, such as neonatal nursing (98% female) and vehicle mechanics (99% male), data governance is a field where both genders are well represented.

Would you like to learn more?

In addition to reading materials from the organisations cited above, which will be familiar to many data governance professionals, you can expand your impact by developing a holistic view of the tech industry from me and 20 other leaders in my non-profit AWIP's Coursera Specialization, The Real-World Product Management Specialization, sponsored by AWS, today!

Nancy Wang, CEO, Advancing Women in Product & Silicon Valley Tech Expert

Nancy is currently the Head of Data Protection Services (AWS Backup) for Amazon Web Services, where she leads product, engineering, and design teams. Previously, Nancy also led the development of the first SaaS product for Rubrik, the fastest-growing enterprise software unicorn. With a history of building and launching large-scale enterprise systems in storage, data management, and networking, she built platform products at Google (Fiber) and for the U.S. Intelligence Community in Washington, D.C.

Nancy is passionate about advancing more women into product & engineering roles, which led me to found Advancing Women in Product (AWIP), a global 501c3 non-profit with 16,000 members and seven international chapters over three continents. AWIP has worked with some of the biggest names in tech, including Amazon Web Services, Google, VMware, and the Wharton School of Busi-ness to deliver award-winning workshops that enable women to attain the right skills and executive mentorship to succeed.

Nancy is a passionate product builder and inventor (with three patents pending and one on file with the USPTO) and graduated from the University of Pennsylvania School of Engineering and Applied Sciences.