Risks of Democratizing Data
Data is being democratized across organizations using data mesh and data fabric techniques. Data lacks a clear owner, leading to challenges in utilizing it across functional groups and third-party products.
Additionally, data is often stored redundantly in isolated and expensive environments, hindering quick access and integration for users within an organization, like data scientists seeking data for analytics models.
According to Database Trends and Applications this poses 3 primary risks:
Security: increases the risk of data breaches due to greater data access, potentially exposing sensitive information to attackers or accidental employee mishandling. Mitigation strategies include strict governance, security protocols, access controls, user authentication, and employee training to protect data.
Privacy: requires addressing privacy concerns and complying with data use regulations, such as GDPR and HIPAA. Training employees in handling personally identifiable information (PII) and implementing measures like data anonymization, encryption, and access restrictions are crucial to prevent unauthorized disclosure and unethical data use.
Ethical: automation through AI and ML introduces the risk of biased decision-making in data analysis. Companies should establish clear guidelines for data use and ensure employees understand and adhere to ethical standards to prevent AI-driven decisions that conflict with company values.
Historically security and privacy were viewed as siloed compliance issues, “driven by nascent regulatory data-protection mandates and consumers beginning to realize how much of their information is collected and used”. This disconnected approach during a period of democratization, where data siloes get created, has led to insufficient or monolithic, rather than tailored and user-specific, data security and privacy protections.
A recent 2023 survey of more than 1,000 IT risk, compliance, and security professionals found a correlation between data silos and breaches: namely, that companies operating with their risk management and compliance operations data in silos experienced a higher frequency of breaches.
In fact, one in two companies managing risk ad hoc or in siloed departments experienced a breach in 2022. Parsing this number further, we saw that 61% of companies that characterized their risk management approach as "ad hoc" experienced a breach, and 46% of those managing risk in siloed departments experienced a breach.
Compliance will have to continue moving closer to the people managing and interfacing with the data including engineering, marketing, and analytics teams.
