Data democratization allows more people in organizations to access data with minimal bottlenecks and gatekeepers. Allowing more people to use data can bring great value to organizations.

Ben Herzberg, Chief Scientist, Satori
Ben will be speaking at the Virtual Enterprise Data & Business Intelligence and Analytics Conference Europe 15-17 November 2021 on the subject, ‘The Rise of DataSecOps‘.
The conference is co-located with the virtual Data Governance Conference & Master Data Management Summit

It can result in faster time-to-value for data-driven projects by reducing dependency on specific people or teams for accessing or analyzing the data (or processing it in other ways). For example, when a customer success team wants to learn more about customer churn causes, they no longer need to plead to other teams to give them information, but rather they can drill into the organizational data themselves.

In addition, data democratization leads to novel ways of using data, as it lowers the barrier of entry for data analytics. Because more users can access the data, they bring to the table different approaches and angles and brainstorm new ways to create value of data that may otherwise be undiscovered.

Is DataOps Enough to Enable Data Democratization?

In the world of more data consumers and producers, there are many changes in the way data looks, who is accessing it, the types of data being stored, and how data is processed. Thus, data handling cannot be static when the data itself is so agile. Failing to update DataOps methods would create delays in the value harnessed from data democratization.

What Is DataOps?

There are several definitions of DataOps, but I like the concise definition Gartner offers:

DataOps is a collaborative data management practice focused on improving the communication, integration, and automation of data flows between data managers and data consumers across an organization. The goal of DataOps is to deliver value faster by creating predictable delivery and change management of data, data models, and related artifacts. DataOps uses technology to automate the design, deployment, and management of data delivery with appropriate levels of governance, and it uses metadata to improve the usability and value of data in a dynamic environment.

As defined above, DataOps enables organizations to deliver data-driven value faster, and having the agile ability to handle data flows in the organization is an important aspect of data democratization. However, DataOps alone is not enough, and, in reality, organizations require a DataSecOps mindset if they truly want to enjoy the fruits of data democratization.

DataSecOps: A Secure DataOps Foundation

DataSecOps is a new definition of a mindset and methodology that prioritizes security in DataOps processes. In the same way that the operational enablement of data must be agile and collaborative enough to support the increase in data users and use cases, security must be intertwined with this entire process and must also be agile enough not to interfere with data democratization.

When organizations only rely on operational enablement of data democratization, they may either encounter unplanned delays or endure security or compliance risks that will either damage or further delay the project.

Example One: Why Security Needs to Be Involved from Design to Monitoring

As an example of why security is an essential addition to DataOps, let’s consider a certain project that requires teams to access customer interaction data. If security is not involved in the design and throughout the entire project, we can reach a situation where the project is finalized before we discover major security issues. Such security issues can include the presence of unnecessary sensitive data which are not stored or processed in a way that accounts for data exposure risks. Afterproject is already finalized, fixing those security issues can be very costly and may require changes that will delay the project or require additional resources from application teams, data engineering, and more.

If, on the other hand, security is properly involved in the design and throughout the project’s implementation through collaboration between data producers, data consumers, data engineering, security teams, and other relevant teams, the project can be designed to avoid such costly errors. Problems such as discovering sensitive data can be resolved relatively quickly, as all of the teams are on the same page. This is an important reason why DataSecOps enables data democratization.

Example Two: Continuous Security & Governance

Another example of how DataSecOps allows for data democratization is the prioritization of continuous and agile processes over ad-hoc projects. In the world of data democratization, where data changes constantly and is consumed by many different users, flexibility and agility are crucial. If, for example, you only do “housekeeping” projects such as analysis of users who have access to sensitive data in an annual audit, you will accumulate risk throughout the year.

Since there are many more changes to the data itself (e.g. new sensitive data being added) than there were when there were fewer data users, such ad-hoc projects are no longer effective, and organizations must be agile and utilize continuous processes to reduce risks (e.g. data access analysis, sensitive data discovery, and more).

Conclusion

If your organization undertakes data democratization processes, it is important to establish a strong DataSecOps framework and have security ingrained in the data operations processes. Handling only the operational aspects of enabling data access “to the masses” and ignoring security can have a variety of negative impacts on your organization (such as data exposure risks, noncompliance, or unplanned delays).

Ben is an experienced hacker & developer, with years of experience in endpoint security, behavioural analytics, application security, and data security. Ben filled roles such as the CTO of Cynet, as well as leading the threat research group at Imperva. Ben is now the Chief Scientist for Satori, streamlining data access and security with DataSecOps.