Cybersecurity as a Business Enabler

Why Effective Data Governance Relies on CDO-CISO Collaboration

Chris HughesBy Updated:4 Mins Read
data governance
Acceleration Economy Cybersecurity

As we have discussed in previous analyses, data is the modern digital organization’s lifeblood. Data governance ensures that data is consistent, trustworthy, and properly managed.

There are several different leaders within an organization who play a part in data governance. One is the Chief Data Officer (CDO), who serves as the senior-most individual responsible for the organization’s strategic use of data. Another is the Chief Information Security Officer (CISO), the top individual responsible for securing the organization’s data and empowering fellow business leaders to make risk-informed decisions.

In this analysis, we’ll discuss how these two CXOs, in particular, can collaborate when it comes to an organization’s data governance efforts.

The Two Roles

The CDO is looking to empower the business to make better use of data to drive business outcomes. Organizations are overwhelmed with data, but the data needs to be transformed to make it actionable to the business and enable business outcomes.

The CISO is looking to ensure that data is secured throughout its lifecycle while still being available to the business when and how it’s needed. This requires a paradigm shift from the “office of no” to the office of “yes, and here’s how.” This means being an enabler for the business to drive outcomes using data securely.

Traditionally, these two roles would often work in silos and separately, but given the need to have data transformed into information, and to do so securely, a new operating model is required, uniting the two roles and increasing collaboration between these two C-suite leaders.

Breaking Down Data Silos

A core data governance challenge is breaking down data silos to ensure proper access control measures are included as silos come down. This includes understanding how the organization collects, creates, classifies, uses, and retains data across the organization. The CDO can use this information to improve the organization’s management and governance of data, while the CISO can use it to ensure appropriate security controls and measures are in place.

See the Cybersecurity Top 10 shortlist

One area where this collaboration can start is by having the CDO engage the CISO: informing them where the data resides, who needs it, and under what circumstances. This empowers the CISO to implement zero-trust access control models with least-permissive access control while not impeding the business and its required activities.

Improved Data Quality

Another key activity from the CDO’s perspective involves improving data quality. Many organizations have been cited as having poor data quality, which hinders business activities around operations and analytics needed to make timely business decisions. CISOs help ensure data quality through proper access control but also by ensuring data integrity isn’t compromised, either inadvertently or through intentional malicious activity.

Ensuring Compliance

On the compliance front, organizations are facing a slew of regulatory requirements for their data, especially if they’re dealing with financial, health, or governmental data. By ensuring that the CDO and CISO are on the same page with their respective data oversight responsibilities, the organization is better positioned to mitigate any regulatory and compliance concerns for their organizations, which are becoming costly as consumer privacy and regulatory oversight increases.

An area the CISO can help the CDO is helping the latter understand various regulatory requirements the organization has to align with and ensure the CDO keeps these in mind as they go about handling the organization’s collection, storage, and use of data.

Final Thoughts

The strategic use of data as a business asset, and its associated security, are inextricably linked. Corrupt and manipulated data can lead to costly and consequential business decisions. By ensuring data governance strategy prioritizes security, and by bringing both the expertise of the CDO and CISO to the task, organizations will have better business outcomes that are driven by data, all while keeping that same data secure and maintaining its integrity throughout its lifecycle.

Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner-analysts.

Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:

Acceleration Economy Cybersecurity

Share.
Analystuser

Chris Hughes

CISO & Co-Founder
Aquia

Areas of Expertise
  • Cybersecurity

Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.

  Contact Chris Hughes ...

Related Posts

Add A Comment

Comments are closed.