Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Security and accessibility are not mutually exclusive in the modern data stack

By Ben Herzberg
data-abstract-freepik1170x658.jpg
January 31, 2022

Insights from data analytics have become necessary for effective business decision-making. This has led to a growing call for data democratization. That said, given the catastrophic data breaches and data mishandling grabbing headlines practically every other day, businesses are understandably preoccupied with securing their data.   


As a result, many businesses are facing a seemingly impossible choice. Do they relax data access rules for the sake of democratized access and risk exposing organizational security? Or do they preserve strict security guardrails at the expense of collaboration and innovation? This choice is even more complex given the vast amounts of customer and company data that is stored in the cloud.


Business leaders and security executives do not have to choose — security and accessibility are not mutually exclusive. Data access and data governance need to work in harmony. So why haven’t most organizations figured this out yet? Because the modern data stack has severe friction points. There’s a lack of consistent, enterprise-wide visibility into where sensitive data is, who is accessing it and whether it’s compliant. Data must be democratized and governance centralized. 


It’s time to re-evaluate the modern data stack to relieve friction points and ensure both accessibility and compliance. By automating security workflows and controls across data stores and integrating into self-service access, productivity and innovation will thrive. 



The Modern Data Stack & Its Move to the Cloud


There’s no shortage of tools that companies can use as they build out their data stack. In fact, the global enterprise data management market size is expected to grow by nearly 14% to reach $208.87 billion by 2028. 


Just as the number and variety of data management tools increase, so do the number and variety of storage architectures. First came data warehouses, then data lakes, and more recently, data lakehouses that combine the best of both. And a newer approach to data management known as data mesh is now gaining traction. 


Whatever architecture is being used, data-driven organizations look at their data as an engine for insight, growth and competitive advantage. To become even more agile and competitive, companies are modernizing their data infrastructure and operations by moving data to the cloud, democratizing it along the way. Gartner has estimated that 75% of all databases will be deployed or migrated to a cloud platform by this year, with only five percent ever being considered for a return to on-premises infrastructure.


A modern, cloud-native data stack allows companies to access, store and query expansive datasets quickly and cost-effectively, but it comes with challenges. The top concerns for organizations operating in the cloud include data loss or leakage (44%), staying compliant with relevant regulations (26%) and managing user roles and permissions (26%). And, almost three-quarters of organizations hosting data or workloads in the public cloud experienced a security incident in 2020. 


So how does a company enjoy the benefits of democratized data, and still remain secure and compliant? A data governance strategy has to be part of the modern data stack. By “invisibly” embedding security and governance into data operations (a relatively new concept known as DataSecOps), leaders will enable data democratization and reduce risks. This needs to be a collaborative framework between security, GRC (governance, risk and compliance), data engineering and other teams.



Cloud Data Governance 


Consumers have been living their life “in the cloud” for a while now, but the pandemic really shifted the operations of the enterprise to the cloud. The public cloud market is expected to reach $482 billion by the end of 2022. Professionals are reliant on services like Zoom, G-Suite and other cloud-native apps. Accessibility, storage, scalability, affordability, connectivity, collaboration — these are all benefits of running businesses in the cloud. That said, there are risks that come with these benefits; the core challenge is managing all this data in a secure, efficient and compliant way.


As enterprise data continues its mass migration from on-prem environments to the cloud, the demand for streamlined, secure and accessible operations is growing. This acceleration in cloud adoption brings the promise of increased data accessibility. However, enterprises are also more acutely aware of certain concerns that come with storing all this data in the cloud:


●      Will the data be secure? Storing data in the public cloud has inherent risk. Assurance that it will be kept private and protected against theft or exposure is critical.

●      Will the data be compliant? Companies need to feel assured that cloud providers will adhere to regulations including GDPR, CCPA and others.

●      Are there built-in controls? Data assessment tools and security tools are key components to look for in a cloud provider.

●      Will the data be truly accessible? Proper, automated controls and permissions must be in place to monitor who is accessing the data, while still allowing access to the data on-demand.


Data is a business’s biggest asset — don’t let it become a liability. In today’s regulatory environment, democratized data can become a severe liability without proper data governance. Not only can businesses incur significant regulatory penalties, but they can experience irrevocable harm to their reputation. With data’s shift to the cloud, it’s critical that companies have a solid cloud data governance strategy in place to address these concerns. According to Google, “Data governance is everything you do to ensure data is secure, private, accurate, available and usable. It includes the actions people must take, the processes they must follow, and the technology that supports them throughout the data life cycle.”


Application security and cloud security services make sure data is safe and private. But, data governance is needed to ensure the data is accessible and controlled. Access controls and security are most often implemented manually, with ad-hoc solutions per data store, preventing data teams from taking full advantage of the cloud and modern data architectures. This one-database-at-a-time approach is too time-consuming, risky and, frankly, not scalable. A centralized, “invisible” approach to data governance will enable enterprises to ensure that proper permissions and data security are built into the foundation of data operations, without interrupting accessibility.


With a comprehensive data governance strategy, companies will make more informed decisions, enhance regulatory compliance, better manage risk, manage resources more effectively and keep data highly accessible. Companies can finally achieve security and compliance goals faster, and spend less time developing and maintaining ad-hoc access and security controls.



The Rise of DataSecOps


History repeats itself. The transition of applications to the cloud and the development of software in a more agile way brought about DevOps, which — a few years and several data breaches later — sparked the realization that security needs to be embedded in the DevOps process. Thus, DevSecOps was born. It took a while for data to follow suit and move to the cloud, but a DataOps mindset is now emerging. 


With data ingestion, preparation, processing and consumption now happening in a more agile way, the teams handling data need to have more skills in scripting, automation, testing, integration and production deployment. And so, just as DevOps brought about DevSecOps, so too has DataOps created the need for DataSecOps. 


DataSecOps is an evolution in the way organizations treat security as part of their data operations. It is an understanding that security should be a continuous, automatic part of the DataOps processes and not something that is added as an afterthought. If security considerations are not inherent in the entire process, from design to monitoring, it can lead to adverse effects like project delays (when security issues are finally revealed), or worse, compliance and security risks.


DataSecOps ensures complete visibility and control over data flows from the security and access management perspective, and provides a seamless experience for gaining access to data. In fact, DataSecOps is the enabler of data democratization. Successful enterprises automate the integration of security at every phase of the data lifecycle and centralize data governance across all data sets, both on-premise and in the cloud. The more people who have access to data, the higher the risk level for the organization. Security should be a shared responsibility that is embedded into the DataOps process to keep data safe, private and compliant — and accessible to the right people.



Enjoy That Cake


In the past two years, companies have moved their data en masse to the cloud to enable collaboration amid remote and hybrid work models. This distributed approach allows for accessibility and insights like never before. Democratizing data and removing gateway bottlenecks has many benefits. But unless the data is being centrally managed and governed, it remains vulnerable and puts the company, employees, customers and reputation at risk.


A modern data stack includes centralized data governance. Having this “DataSecOps mindset” streamlines enterprise-wide data access across data stores, and secures sensitive data in the cloud. Because small teams handle large amounts of data operations, manual work means bottlenecks and increased risks. Automation and testing are largely what separates a successful and secure data operation from a failing one. 


Data can only be valuable when it is used and managed properly and given the respect it deserves. DataSecOps asserts that good and agile data governance is part of a healthy and secure data operation. By adopting centralized governance practices like universal data classification, access controls, audits and policies, companies can have their cake and eat it too.

KEYWORDS: automation compliance cyber security data management governance risk

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ben

Ben Herzberg is the Chief Scientist at Satori Cyber, where he leads research in the world of DataSecOps. Herzberg is an experienced leader in research and development, with experience as a CTO, VP R&D, developer, hacker and technical manager.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • hospital room

    3 healthcare data vulnerabilities to be mindful of in 2023

    See More
  • data-freepik1170x658v493863656.jpg

    Rising to the challenge of modern data security and growing privacy regulations

    See More
  • data-room-freepik1170x658.jpg

    Brands are trying on data clean rooms, but they’re not one size fits all

    See More

Related Products

See More Products
  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!