SureCloud logo
Talk to sales Get a demo
Toggle Menu
Close Widget
Home > Data is the New Oil: The Benefits of Data Governance in the Cloud

The Benefits of Data Governance in the Cloud

Published on 9th July 2020

By Alex Hollis, VP of GRC Services at SureCloud

 

Worldwide, data has become the most valuable commodity and is now generated and consumed at unprecedented rates. Before moving any data outside their organisation, organisations must first consider the issues surrounding data access, security governance, risk and compliance management. This process involves evaluating the entire lifecycle of data throughout the organisation, through intake and ingestion, cataloguing, persistence, retention, storage, sharing, archiving, backup, recovery, disposition, to removal and deletion.

 

The value of the cloud 

The cloud has become the most popular option for off-premise data storage. In 2015, just 30% of corporate data was stored on the cloud; by 2022, this percentage had doubled to 60%. As many as 89% of those businesses using cloud solutions have invested in multi-cloud solutions. 

 

The increasing popularity of the cloud can be explained by the fact that it allows for economies of scale, and grants access to gigantic storage, vast processing, advanced analytics and AI for any company building new applications and services.

Mitigating risk with compliance

As the most valuable commodity, there is a danger that organisations will opt for risky data storage practices or shortcut their obligations to consumers, putting them at risk in the name of profit. 

 

Regulators must step in and legislate to ensure that companies cannot operate in a way that makes them liable for that risk. The EU GDPR, introduced in May 2018, set out to do this by holding companies accountable internationally for protecting the data of EU citizens by introducing heavy fines for non-compliance. The California Consumer Privacy Act (CCPA) has followed suit, bringing into law additional protections for the consumer. There are many commentaries about whether these legislative changes have been successful; however, there is undeniable and increasing regulatory pressure on data governance.

Taking ownership of data governance 

Organisations, both buyers and sellers, are finding that they now need to ask themselves who is responsible for data governance and what they need to do to ensure adherence.

 

There are arguments for whether this task belongs to compliance, legal, IT, or even finance teams; however, the oversight isn’t as important as the implementation. It is critical to identify data owners (custodians) who understand the data’s nature and the processes surrounding it. Companies should look to nominate the person with the best skills and position to oversee data governance and ensure that this is supported and pushed down onto those in the business closer to the problem.

Expert advice- 5 top tips 

The smartest approach to mitigating your compliance risks is through the following steps: 

 

  1. Understand and document the data you have
  2. Classify that data – understand the nature of it and which compliance regulations it relates to
  3. Define ownership of that data within the organisation and understand access control
  4. Implement the necessary people, process and technology controls to ensure that the data is protected
  5. Prepare to do this on an ongoing basis as part of ‘business as usual.’ Data governance fails when it is treated as a one-off exercise.

 

Find out more about SureCloud’s cloud-based Governance Risk and Compliance (GRC) software solutions.

About Alex Hollis

Alex has two decades of experience in information technology, spanning medical informatics and mobile workforce automation, and for ten years, focused on governance risk and compliance (GRC). His GRC domain experience spans IT and Operational Risk, Corporate Compliance, Third-Party Risk Management, and Business Continuity. Alex has received several awards for work around risk bow-tie modeling, Solvency 2, and Basel 3, also being regularly invited to speak at industry events. Alex has worked with over 150 GRC technology projects in some of the world’s largest companies and most complex environments. His industry experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance.

About SureCloud

SureCloud provides cloud-based, Governance Risk and Compliance Management products, and Cybersecurity & Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions, enabling you to make better decisions and achieve your desired business outcomes. SureCloud utilizes a highly configurable technology platform, which is simple, intuitive, and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation, meaning you get immediate and sustained value from the outset.

How can we help?