How Can Data Security Governance Secure Data Mesh Architectures?

As first defined by Zhamak Dehghani in 2019, a ThoughtWorks consultant and the original architect of the term, a data mesh is a type of data platform architecture that embraces the ubiquity of data in the enterprise by leveraging a domain-oriented, self-serve design. In a data mesh, data is treated as a product that is created, managed, and consumed by different teams. This creates the notion of a federated data governance that is distributed across multiple domain teams in a Data Mesh. Each domain team is responsible for defining their own data governance policies and enforcing them within their domain. However, there are also overarching policies and standards that apply to all domains, such as data privacy and security regulations.

There is a rapidly growing ecosystem of cloud-based data services like Snowflake, Confluent, Tableau, MongoDB, Databricks, and the list goes on. These services store, process, and analyze operational, business, and other structured and semi-structured data.

With these growing ecosystems of cloud databases, data lakes, and data services, businesses are starting to think about data democratization and how to be data-driven, eliminating the need for data silos and helping improve customer experience and company culture.

IT, DevOps, and security teams must learn how to properly govern access within their data mesh architecture for all their employees, partners, applications, and BI tools without impacting the user experience and their ability to deliver value.

Data Mesh and the Challenges of Governance

A data mesh architecture requires significant data maturity in an organization because different teams can interact with each other and with each other’s data more freely, compared to a centralized approach to data access.

However, the fundamental challenge around data mesh is not technical, rather more cultural since this represents a shift in how organizations should work and handle data.

Trust

The organization must be able to trust the data-domain owners to be able to operate autonomously. They will be given the controls and infrastructure to operate independently within a well-defined boundary. This forces a change in mindset on how the organization operates based on trust.

Data stewardship 

When the organization establishes controls to establish trust, this allows data-domain owners to have responsibility and accountability for the data. They are essentially stewards of that data. This enforces a new way of operating for the organization in a decentralized or federated manner.

Finding the right approach

As organizations continue to evolve and adopt data mesh architectures, they need to find the right adoption balance. For example, if each and every data-domain owner operates on their own, in silos, without worrying about collaboration, it would result in poor governance. However, the centralized approach to data would also be a hindrance to the organization, stifling innovation. Organizations have to evolve and find the right framework that works for the business while allowing data-domain owners to scale their data. There will be a need to adjust the policies and processes as the organization moves to reduce friction with data access.

Data Mesh and the Importance of Data Governance

Data governance differs for every organization. However, there is an essential foundation common across each and every one of them:

• Policy: A set organizational mandate that every data-domain owner needs to follow while providing access to data. 
• Process: Guidelines on how you need to access data, how you request it, and how to approve it.
• People: Ownership of data and accountability of who has access to what data you own.

Data mesh attempts to make data more accessible and usable to data consumers to drive more intelligent and informed decisions. However, data needs to be well understood to allow data-domain owners to make informed decisions on how they grant data access to data consumers.

Data Security Governance in the Data Mesh

Data security governance refers to the set of policies, procedures, and controls an organization puts in place to protect its sensitive information from unauthorized access, use, disclosure, and destruction.

Over the last decade, we have seen a generational shift in data engineering and processing technology. There are three main reasons behind this shift:

1. More tools for data access
2. Explosion of data collection
3. Ever-evolving technologies that accelerate both data growth and its use

More organizations are collecting data to drive innovation and make data-driven decisions. 

A study by IDC predicts that over the next five years, data will grow at a compound annual growth rate (CAGR) of 21.2% to reach more than 221,000 exabytes (one exabyte equals 1,000 petabytes) by 2026.

Organizations now recognize democratizing access to data is key to digital transformation. Data democratization means everyone in your organization has access to correct, secure and usable data. It is the key to creating new opportunities, unlocking value, and engaging with customers. 

We now see a shift in organizations breaking down silos to create an ecosystem of data services that can be directly accessed by developers, data analysts, product managers, and scientists with the help of data mesh architectures. To prevent organizations from compromising security and compliance, having a built-in data security governance framework is now a necessity.

Key Considerations for Applying Data Security Governance to Data Mesh

Here are some critical considerations for applying data security governance to data mesh:

1. Define clear governance policies: To ensure consistent policy management, these policies need to be established, enforced, and validated for each data product.
2. Standardize data policies and best practices: There needs to be a standard policy and framework for the flow of data across different systems. This should cover how data is created, defined, and controlled, including how it is searched, requested for access, and used.
3. Data catalog: A catalog of data serves as a vital infrastructure to manage data in a mesh. This helps improve data discovery, data tagging, data classification, and the ability to search for data.
4. Self-service data access for consumers: Reduce the burden on IT and enable data consumers to access the data they need to drive better results for the organization.
5. Nurturing a data-driven culture: For effective data security governance, nurturing a data-driven culture within the organization is a key element to promote collaboration between various data-domain owners.

Data security governance is a key component of data mesh implementation. Organizations can manage, use, and protect data more effectively, ultimately driving business growth.

Privacera Simplifies Data Security Governance for Data Mesh Architectures

Security and governance are critical considerations in a data mesh architecture. The federated nature of the architecture can create potential vulnerabilities and challenges in ensuring data privacy, security, and compliance. Here is how Privacera helps manage security and governance in a data mesh architecture:

• Establish data ownership: Privacera helps create data domains with clear data ownership, so data owners can be held responsible for the security and privacy of their data. Owners can publish datasets that can be accessed by users and control access to those datasets.
• Implement access controls: Data Owners can ensure that only authorized users can access data and also control users’ access to that data. 
• Audit data access: Auditing data access can help detect and prevent unauthorized access or data breaches. This can include logging access attempts, analyzing access patterns, and implementing alerts for suspicious activity.
• Discovering and tagging sensitive data: The Governance team can automatically scan and tag sensitive data and use those tags to implement access controls for users to restrict access to sensitive data.
• Implementing compliance policies: The governance team can set compliance policies to adhere to data privacy regulations such as GDPR and CCPA.
• Data encryption and data masking: Enforce tokenization and masking of sensitive data for users that do not have access at query time.
• Assisting in regular security and compliance assessments: Regular security and compliance assessments help identify potential vulnerabilities and ensure data is being managed in accordance with established policies and regulations.

Overall, Privacera helps manage security and governance in a data mesh architecture and implements best practices. By implementing these practices, organizations mitigate potential risks and ensure their data is secure and compliant with applicable regulations.

Conclusion

Data security governance is a critical piece for organizations, and data mesh is a modern approach to managing data that has many benefits. While there are challenges in implementation, such as the lack of standards in data sharing, the benefits of this new approach far outweigh the challenges. With the right design framework, policies can be consistently adhered to across all data products, ensuring data accuracy, consistency, and availability.

In conclusion, data security governance in the age of data mesh offers exciting avenues to explore, but it requires thoughtful execution to realize its potential. Organizations can benefit from a safer, more secure, and more consistent approach to managing their data by addressing challenges and seizing opportunities.

Get additional expert guidance on key aspects of data security governance. Download your complimentary copy of the Gartner Hype Cycle for Data Security, 2023 today.