What is Data Access Governance?
Data access governance is the means by which organizations manage access to their data. It includes the processes and policies that govern:
- Who has access to data
- What data they have access to
- How they access the data
- Where and when they can access the data
Data access governance components:
Who has access to the data
- Is thWhat is Data Access Governance?e user a human being or an application?
- What business department is the user a part of?
- What is the user’s level of data responsibility (e.g. data creator, manager, consumer)?
What data do they have access to
- Does the user need this data in order to perform a task within their responsibilities?
- Is the data sensitive, personal or private?
- Does the data present a risk to the business if misused?
How are they accessing the data
- Is the user allowed to create, modify or only read data?
- What login and password requirements are in place?
- Is API access permitted?
Where and when they can access the data
- Is remote access available?
- Should access permission have an expiration date?
Why is data access governance important?
Data access governance is important because the power of data relies on the right people being able to access it exactly when they need it, but the wrong people NOT being able to access it (at any time!).
Which users can access data, when, and at which level of access has a direct impact on the organization’s level of data integrity. Too many hands stirring the pot of data can make data corrupted and unreliable. Too-heavily guarded data may prevent the organization’s ability to leverage it.
Data governance controls, processes and policies therefore need to:
- Be user- and asset-specific
- Have a smooth mechanism of implementation (preferably automated)
- Take privacy, security and compliance regulations into account
What are examples of data access controls?
Data access controls include:
- Assigning defined roles to every user
- Creating policies that relate to user roles
- Assigning specific policies to data assets
The “Principle of Least Privilege” is a data access governance concept that states that an entity should have the lowest data access possible in order to complete the task for they are responsible. Using the Principle of Least Privilege as part of your data access protection means, for example, that a user or an application will not have admin access to a data asset unless that level of access is critical for them to do their job.