I’ve asserted in the past that there’s no silver bullet for establishing data governance policies in multi-cloud environments. Here, I’ll offer some insight on why that’s the case, along with some guidelines for how IT leaders with multi-cloud environments can think about data governance.
Data governance is a bit like fitness: more than a destination, it’s an ongoing process — a lifestyle, even. Just as you can’t get in shape over the course of six months and then be in shape indefinitely without further work, you can’t implement data governance policies and then ignore them and expect them to provide any benefit.
To realize the benefits of data governance, you must treat it as an ongoing process. This can be tricky because it means you must get executive buy-in not only for the initial gap analysis and policy development but also for the ongoing assessments and adjustments as your organization changes its technology or adds new cloud environments and applications.
While these basic principles of data governance are true anywhere, they’re even more important in organizations that rely on multiple cloud environments. This is largely because no two cloud providers have the same security capabilities or features.
The diversity of cloud provider capabilities is also why it’s important to think of data governance for multi-cloud from a policy standpoint rather than a tactical standpoint. Because of the constantly growing set of tools, changing philosophies, and varied monitoring capabilities available from cloud providers, it is important to ensure governance policies account for this and are updated frequently.
To make sure your multi-cloud data governance policy stays up to date, be sure to include provisions for the following:
- How often you will review and update your policy. This should be at least quarterly, but more frequently if there is a significant change in the business or cloud providers.
- When and how the introduction of a new technology, product, or service will trigger a policy review.
- When and how policies will be tested.
- When to evaluate alternative cloud providers vs. update your governance policy.
Data governance shouldn’t be overly simplified
Given the complexity that’s created when you treat data governance as a process, it’s natural to try to simplify that process by applying uniform data governance rules across an organization.
Unfortunately, that strategy doesn’t work.
Trying to have a data governance policy that treats all data types the same would be a bit like having a single cooking strategy for every type of food you bring home from the grocery store. You may want to grill your hotdogs, but that’s not going to go well for your oatmeal or your coffee.
This reality becomes unavoidable when working with multiple cloud providers. To determine when and how you might use the services of each, you must first know whether their data governance tools and procedures meet the requirements of your data — not just hotdog and grill, but also the temperature each grill can reach and whether the people eating the hotdog keep kosher or vegan or gluten-free.
To use an example that involves data: imagine you plan to leverage multi-cloud to improve vendor resiliency.
If one cloud environment experiences a DDoS attack, you could shift affected services to another cloud. While the premise is simple enough, the execution gets complicated when you take data governance into consideration.
Each cloud environment has unique toolsets and monitoring capabilities. To ensure that your data is adequately managed from one cloud to the next, you’ll have to have a plan for how to uphold governance protocol in both cloud environments — for every type of affected data.
That’s not an easy task, but it’s much easier when you have those governance protocols clearly laid out ahead of time.
As you consider how multi-cloud data governance applies to various parts of your organization, you’ll probably discover that it makes sense to consider governance issues during the environment or application design phase, when it’s possible to adjust to streamline future practices as much as possible.
For simpler solutions, rethink your infrastructure
I’ve just said that it’s unwise to oversimplify data governance policies for multi-cloud environments; however, I do tend to think the simplest solutions are the best.
As you consider cloud providers, look for those with functionalities that make data governance easier, including SAML integration and APIs that extend your role-based access. Look for tools that allow for automated data tagging and archiving to streamline your data lifecycle requirements.
Finally, ensure that the cloud provider maintains a rich set of tools to allow for visibility into how you may be complying with organizational policies. Steering clear of providers that don’t offer these capabilities will make your life a lot easier.
To further simplify your data governance, you may want to rethink your approach to the cloud altogether. A multi-cloud setup will require more complex data governance rules than a setup that involves two or fewer cloud providers. You may be able to achieve similar functionality by blending your virtualized environments — say, VMware — with a public cloud, or by combining in-house bare-metal servers with a private cloud environment.
Data governance is a balancing act
Like most things in the world of data, establishing and maintaining governance policies in a multi-cloud environment requires constant compromise and negotiation. As you establish and adjust policies at your organization, be sure to keep the big picture in mind.