Data Governance

Data Governance has today become a fundamental consideration for every organisation.

This can take many forms but all are centred around the fundamental pillars of:

Visibility of where data is held

Protection of data from unauthorised access or loss

Trust that data will only be used for agreed and appropriate purposes.

Performance against these pillars directly impacts relationships with customers, partners, investors and regulators.

The cost implications of poor data governance and protection can be immense in terms of both mitigating or recovering from a governance violation.

As a result a majority of organisations have rapidly increased the level of information technology automation in support of data governance to better align with these pillars in a cost effective manner.

80%

of data breaches included customer personal information

$3.86M

average global cost of a data breach

35%

of data breaches due to vulnerable third party software or misconfigured cloud

The SaaS Dilemma and Data Governance

However the overwhelming shift to remotely-accessed Cloud apps (or SaaS) is rapidly undermining the gains from better Data Governance.

With SaaS, you no longer have total control over your software and place greater trust in your SaaS vendor to ensure you can govern your data effectively.

Do you really know what your users are doing with SaaS applications and your data?

Do you really know all the SaaS that is in use within your organisation?

At Ampliphae we find that the majority of organisations do not know about all the SaaS Cloud apps in use, as these have generally been pulled into the organisation by users from outside of the IT team.

This Shadow IT allows data to flow out of the organisation and into the Cloud undermining the mechanisms used to align your existing IT architecture with the Data Governance pillars.

The benefit you accrue from adopting SaaS may well be more than offset by the risk to your reputation or your ability to maintain compliance with legislation and standards.

Do you need to maintain compliance with any of the following?

SOX

NIS

GDPR

HIPPA

PCI-DSS

COBIT

NIST

ISO27001

FAIR

Automatically Understand the Scale & Size of your Data Governance Problem

Discover

Discover all your SaaS vendors – not just the ones your IT team knows about.

Collate

Discover and collate all your SaaS vendor security certifications.

Geo-residency

Understand the geo-residency for all your data as handled by SaaS vendors.

Limitations

Understand limitations in how vendors protect your data such as using inadequate encryption.

Drive your Data Governance Programme

SaaSGuard Assess

Understand risk

Understand where SaaS poses a risk to your Data Governance posture.

Understand exposure

Understand how your users are really using SaaS through detailed traffic analysis.

Act

Act to control how specific SaaS is used within your organisation, such as restricting its use in areas where inadequate data governance is a concern.