Secure data governance

Written By:
Published:
Content Copyright © 2023 Bloor. All Rights Reserved.
Also posted on: Bloor blogs

Secure data governance banner

Data governance is the process of managing data through its lifecycle, from collection through to archiving and disposal. Many vendors have offerings that support this to one degree or another, and some specialise in it, for example with products that have an enterprise data catalogue in which metadata can be collected, business policies defined and a standard business glossary of terms can be held. Some products go further and have data quality functionality, from data profiling, merge/matching, data de-duplication and cleansing and data enrichment.

Some vendors have general-purpose offerings that cover the whole data governance process for an enterprise, such as Collibra and Alation and many more. However, some vendors plough a narrower and more specialist path, in particular when it comes to data security. Such vendors focus on controlling access to data and the identity of those who have access, classifying certain data as particularly sensitive, enforcing business policies around security and highlighting unusual or suspicious behaviour and issuing alerts if needed. Such products usually sit one layer above the underlying security controls of databases and file systems, offering an overview of security for an enterprise. Vendors in this space include Varonis, Sailpoint, Immuta, Adaptive Shield, Omada, Saviynt and Aim Ltd.

There is clearly some overlap between these data security specialists and general-purpose data governance tools. However, at this time there is sufficient distinction in functionality for the data governance security products to be treated effectively as a separate market. It would be quite possible for a general data governance vendor like Collibra to coexist in a large customer corporation with a specialist data security governance vendor, and indeed in some cases, there are pre-built links and partnerships between some of the vendors in the two distinct spaces. As the markets mature this distinction may become blurry, as the general-purpose data governance vendors seek to expand their scope, or indeed if some of the security-oriented data governance vendors decide to branch out into more general data governance functionality.

In general, enterprise software markets tend to broaden as they mature. For example, a decade or so ago the data quality market had specialist products that only did data profiling, or just data matching, or purely customer name and address validation, or only data enrichment. These days most data quality vendors offer a suite that covers all those elements and more. Indeed, some data governance vendors have started to venture into the data quality world, with Collibra launching a data quality product. It can go the other way too: data quality vendor Experian acquired data governance vendor IntoZetta in September 2023. It is likely that, over time, the lines between general data governance tools and security data governance tools will similarly start to overlap, but for now they are reasonably distinct markets.