Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/AI Index
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Generative AI
      • Partners Ecosystem
      • Process Mining
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Summits
      • Roundtables
      • Video Moments
    • By Vendors
      • All Vendors
      • AI/Hyperautomation
      • Cloud
      • Cybersecurity
      • Data
  • Courses
    • Cloud Wars Top 10
    • Cultural Impact of GenAI
    • Cocreation in the AI Ecosystem
    • More …
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Ecosystem
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/AI Index
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Generative AI
          • Partners Ecosystem
          • Process Mining
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Summits
          • Roundtables
          • Video Moments
        • By Vendors
          • All Vendors
          • AI/Hyperautomation
          • Cloud
          • Cybersecurity
          • Data
  • Courses
    • Cloud Wars Top 10
    • Cultural Impact of GenAI
    • Cocreation in the AI Ecosystem
    • More ...
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How Implementing Role-Based Access With Zero Trust Strengthens Data Governance
Data Modernization

How Implementing Role-Based Access With Zero Trust Strengthens Data Governance

Wayne SadinBy Wayne SadinApril 10, 20235 Mins Read
Facebook Twitter LinkedIn Email
data governance zero trust
Share
Facebook Twitter LinkedIn Email

Based on in-depth analysis of zero trust and data governance conducted by the practitioner analysts of Acceleration Economy so far this year, I think we can agree on the following points:

  • Information (data + context) that allows better, faster decisions to be made is a (or the) raison d’etre for information technology (IT)
  • Protecting data — from unauthorized alteration, inappropriate disclosure, malicious destruction, improper denial of access — is vital for organizations to function
  • Zero trust security — ensuring that users (people or applications) get access only to the organizational resources (applications, data, networks) needed for their job function, and even then get only the least amount of access needed — is an effective way to provide security in today’s cloud-centric world
  • Data governance includes the policies, procedures, and tools that allow organizations to balance desires for information access against security, privacy, confidentiality, and regulatory constraints on that access

The points above can be summarized simply by saying that zero trust principles allow an organization to implement proper data governance. Now, let’s look at the details of how to put that into practice.

Which companies are the most important vendors in data? Check out the Acceleration Economy Data Modernization Top 10 Shortlist.

Why Roles Are Core to Zero Trust Implementation

When properly implementing zero trust, you start by considering the uses and users of data. The notion of roles is central to that analysis.

A role is something like a job title, only narrower and better defined. A role — for example, an accounts payable (A/P) processor — needs access to certain data elements (systems, records, and fields; or tables, rows, and columns if you prefer) to process invoices for payment. The role needs access to invoices, of course. And access to receiving documents, requisitions, vendor records, contracts, and so on.

By identifying roles and associating each role with the data that’s needed, you start building both your zero-trust rules and your data governance rules. For example, the A/P processor can’t access employee payroll records, health insurance claims, or research and development (R&D) files.

(As an aside, if you have an effective identity and access management or IAM process and associated tools, you’ve got a mechanism and a repository for managing roles. If you don’t have such an IAM mechanism, go get one!)

But you’re not done yet. Access to data for any given role is limited by what individuals in that role can do to and with the data. While our A/P processor can change the status of an invoice (“approved for payment” or “forwarded to manager for exception approval”), deleting an invoice should be forbidden. This latter rule protects the organization against a ransomware attack that deletes records after encrypting them.

How about disallowing changes to the amount due, or the pay-to account and bank information? This restriction helps thwart other fraudulent schemes in which funds are diverted.

Another data restriction would involve exfiltration: accessing data records (not invoices perhaps, but imagine other records you wouldn’t want leaked) and sending them — via email or data transfer — out of the organization for use by competitors or for corporate blackmail purposes.

The argument often expressed against the “role-based data access” part of zero trust is the work required to identify roles and enumerate every type of access for every record and field. But here’s the secret of effectively implementing zero trust:

  1. You can start with the most critical databases, records, and columns. For example, restrict every social security number (SSN) column in every database as step one. Find those columns (there’s data governance software that can help) and lock them up using data security software. Then define only those roles that need access to the SSN data and add the role: Everyone not in one of those roles has no access; in other words, zero trust is in force.
  2. Over time, extend your definition of critical data elements as well as critical data access types such as record deletion and data exfiltration. Then:
    • identify the databases, rows, and columns (with software) that need zero trust protection
    • define appropriate roles in your IAM software; this is the labor-intensive part that involves “data owners” and “data stewards” from business units
    • activate zero-trust protection so that only people with the proper roles can access those data elements and have their access restricted to what’s defined for their role
Insights into the Why and How of Data and Business Modernization featured image
Guidebook: The Why and How of Data and Business Modernization

Final Thoughts

As you can see from the foregoing, zero trust and data governance should be intertwined. IAM and data security tools work together to define roles and the associated data elements. And data governance tools plus security tools combine to allow role-based access while denying access that falls outside that which is prescribed.

I hope you can also see that modern security isn’t just the chief information security officer’s (CISO’s) job. It takes collaboration among the CISO, chief data officer (CDO), and chief information officer (CIO) to implement policies and tools that protect the organization from evildoers (and many types of accidents!) while providing appropriate data access to those who play by the rules . . . errr, I mean “roles.”


Want more insights into all things data? Visit the Data Modernization channel:

Data Modernization Channel Logo

data featured governance Ransomware zero trust
Share. Facebook Twitter LinkedIn Email
Analystuser

Wayne Sadin

CIO PriceSmart
Acceleration Economy Advisory Board Member

Areas of Expertise
  • Board Strategy
  • Cybersecurity
  • Digital Business
  • Website
  • LinkedIn

Wayne Sadin, an Acceleration Economy Analyst focused on Board Strategy, has had a 30-year IT career spanning Logistics, Financial Services, Energy, Healthcare, Manufacturing, Direct-Response Marketing, Construction, Consulting, and Technology. He’s been CIO, CTO, CDO, advisor to CEOs/Boards, Angel Investor, and Independent Director at firms ranging from start-ups to multinationals.

  Contact Wayne Sadin ...

Related Posts

The Cloud Wars CEO of the Year Is Christian Klein | Cloud Wars Live

December 5, 2023

Six Steps To Create a Simple Framework for a Complex Business Turnaround

December 5, 2023

Celosphere 2023: Astra Zeneca’s Raaj Joshi on Process Mining for Controls and Compliance

December 5, 2023

Marc Benioff Raves but Salesforce Growth Dead Last Among Major App Vendors

December 4, 2023
Add A Comment

Comments are closed.

Recent Posts
  • The Cloud Wars CEO of the Year Is Christian Klein | Cloud Wars Live
  • Celosphere 2023: Astra Zeneca’s Raaj Joshi on Process Mining for Controls and Compliance
  • Six Steps To Create a Simple Framework for a Complex Business Turnaround
  • Marc Benioff Raves but Salesforce Growth Dead Last Among Major App Vendors
  • TCS, Google Cloud Collaborate to Enable Business Transformation Initiatives

  • 2X a week
  • Analyst Videos & Articles
  • Exclusive Digital Business Guidebooks
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The Role of CASB with DLP | Unlocking Hybrid Work’s Potential Safely

November 16, 2023

Scale Cloud Native with a Forward-Looking Observability Strategy 

October 26, 2023

The Innovative Power of IBM’s Partner Ecosystem 

October 16, 2023

The Business Impact and Opportunity of Generative AI

September 29, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.